Trojan.JS.Redirector.xa

View previous topic View next topic Go down

Trojan.JS.Redirector.xa

Post by santasa on Wed 09 Jan 2013, 1:26 pm

My Kaspersky Alert went nuts last night with reporting Trojan.JS.Redirector.xa, where .xa obviously means some endemic new variant of this bug because I couldn't find anything about it, even Kaspersky SecureList have no info except that it's detected on 7.Jan.2013 around 15:48, which is couple of hours before my first Alert.
I ran scan with Kaspersky in Profile folder of my Mozila/Firefox AppData and found one .html file reported as infected with Trojan.JS.Redirector.xa, but I noticed that this .html file is on my machine for more then 6 months, which means that I picked up something else and that this particular .html is just "collateral victim".
So, I removed it with Kaspersky easily and continue to browse with my Firefox, assuming that it's a matter of time when new Alert will start popping up, and indeed that happened just a couple of minutes later.
This time I lacked idea where to look and I haven't been so lucky to find another instance of this nightmare trojan, so I decided to seek HELP !!!

Also, I ran Kaspersky TDSSKiller and found nothing with it.

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by DragonMaster Jay on Wed 09 Jan 2013, 6:01 pm

Hi there!

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Thu 10 Jan 2013, 6:29 am

Hello and thank you for your reply !
First, here log file you requested :

ComboFix 12-07-31.03 - Sandi 09.01.2013 4:16.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2812.1655 [GMT 1:00]
Running from: c:\users\Sandi\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Searchqu Toolbar
c:\programdata\874ECAFCD5.sys
c:\users\Sandi\AppData\Roaming\Local
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\The_Car__1977__DVD_rip_EN_dabing.avi.ddp
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\The_Car__1977__DVD_rip_EN_dabing.avi(2).ddr
c:\users\Sandi\AppData\Roaming\Local\Temp\DDM\Settings\The_Car__1977__DVD_rip_EN_dabing.avi.ddr
c:\users\Sandi\ia_remove.sh1650.tmp
c:\users\Sandi\ia_remove.sh3196.tmp
c:\users\Sandi\ia_remove.sh4757.tmp
c:\users\Sandi\ia_remove.sh5602.tmp
c:\users\Sandi\ia_remove.sh8716.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 03:35 . 2013-01-09 03:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 03:35 . 2013-01-09 03:35 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-01-08 09:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C306589-86BA-4C81-8139-076AAD717E73}\mpengine.dll
2012-12-22 02:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 02:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 02:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 02:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 16:17 . 2012-12-16 16:17 -------- d-----w- c:\users\Sandi\AppData\Local\Adobe_Systems_Incorporate
2012-12-13 02:07 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 00:11 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 00:09 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 00:09 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 03:10 . 2012-04-01 16:56 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 03:10 . 2011-05-14 18:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 02:13 . 2009-10-23 13:47 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-29 10:50 . 2011-04-20 13:50 637272 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-16 08:38 . 2012-11-28 05:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 05:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 05:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-06-16 03:07 . 2011-06-16 03:07 16896 ----a-w- c:\program files\wmdmhelper.dll
2011-06-16 03:07 . 2011-06-16 03:07 139264 ----a-w- c:\program files\dunzip32.dll
2011-06-16 03:07 . 2011-06-16 03:07 641024 ----a-w- c:\program files\rjbres.dll
2011-06-16 03:07 . 2011-06-16 03:07 360960 ----a-w- c:\program files\rjdlg.dll
2011-06-16 03:07 . 2011-06-16 03:07 34304 ----a-w- c:\program files\rjprog.dll
2011-06-16 03:07 . 2011-06-16 03:07 9216 ----a-w- c:\program files\fixrjb.exe
2011-06-16 03:07 . 2011-06-16 03:07 45056 ----a-w- c:\program files\ierjplug.dll
2011-06-16 03:07 . 2011-06-16 03:07 1115376 ----a-w- c:\program files\cddbmusicid.dll
2011-06-16 03:07 . 2011-06-16 03:07 943344 ----a-w- c:\program files\cddblink.dll
2011-06-16 03:07 . 2011-06-16 03:07 23552 ----a-w- c:\program files\tnetdtct.dll
2011-06-16 03:07 . 2011-06-16 03:07 2041072 ----a-w- c:\program files\cddbcontrol.dll
2011-06-16 03:07 . 2011-06-16 03:07 74240 ----a-w- c:\program files\tsasdk.dll
2011-06-16 03:07 . 2011-06-16 03:07 48640 ----a-w- c:\program files\tpasdk.dll
2011-06-16 03:07 . 2011-06-16 03:07 45056 ----a-w- c:\program files\mmcdda32.dll
2011-06-16 03:07 . 2011-06-16 03:07 67072 ----a-w- c:\program files\rpwa3260.dll
2011-06-16 03:07 . 2011-06-16 03:07 16296 ----a-w- c:\program files\realtfon.fon
2011-06-16 03:07 . 2011-06-16 03:07 45744 ----a-w- c:\program files\rpshellsearch.dll
2011-06-16 03:06 . 2011-06-16 03:06 368776 ----a-w- c:\program files\realconverter.exe
2011-06-16 03:06 . 2011-06-16 03:06 344712 ----a-w- c:\program files\convert.exe
2011-06-16 03:06 . 2011-06-16 03:06 390384 ----a-w- c:\program files\mc_enc_mp4v.dll
2011-06-16 03:06 . 2011-06-16 03:06 372864 ----a-w- c:\program files\realtrimmer.exe
2011-06-16 03:06 . 2011-06-16 03:06 120960 ----a-w- c:\program files\realshare.exe
2011-06-16 03:06 . 2011-06-16 03:06 719360 ----a-w- c:\program files\dbghelp.dll
2011-06-16 03:06 . 2011-06-16 03:06 72192 ----a-w- c:\program files\rjwmapln.dll
2011-06-16 03:06 . 2011-06-16 03:06 46592 ----a-w- c:\program files\rpau3260.dll
2011-06-16 03:05 . 2011-06-16 03:05 26768 ----a-w- c:\program files\rndevicedbbuilder.exe
2011-06-16 03:05 . 2011-06-16 03:05 88064 ----a-w- c:\program files\hxaudiodevicehook.dll
2011-06-16 03:05 . 2011-06-16 03:05 116392 ----a-w- c:\program files\rdsf3260.dll
2011-06-16 03:05 . 2011-06-16 03:05 86528 ----a-w- c:\program files\rpplugprot.dll
2011-06-16 03:05 . 2011-06-16 03:05 64672 ----a-w- c:\program files\rpshell.dll
2011-06-16 03:05 . 2011-06-16 03:05 9728 ----a-w- c:\program files\realjbox.exe
2011-06-16 03:05 . 2011-06-16 03:05 17064 ----a-w- c:\program files\rphelperapp.exe
2011-06-16 03:05 . 2011-06-16 03:05 490112 ----a-w- c:\program files\realplay.exe
2011-06-16 03:05 . 2011-06-16 03:05 415416 ----a-w- c:\program files\recordingmanager.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Eraser"="c:\program files (x86)\Eraser\Eraser.exe" [2007-12-22 916240]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3676952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-13 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"TkBellExe"="c:\program files\Update\realsched.exe" [2011-06-16 273544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-29 206448]
.
c:\users\Sandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-29 115184]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-11 834544]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2011-05-22 28032]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2011-06-06 79888]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 2075480]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 16:04]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 16:04]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974327514-3669766198-1081035601-1000Core.job
- c:\users\Sandi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 04:15]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974327514-3669766198-1081035601-1000UA.job
- c:\users\Sandi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 04:15]
.
2012-12-30 c:\windows\Tasks\HPCeeScheduleForSandi.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-17 21:38]
.
2013-01-08 c:\windows\Tasks\ReclaimerUpdateFiles_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 21:08]
.
2013-01-09 c:\windows\Tasks\ReclaimerUpdateXML_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 21:08]
.
2013-01-09 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 21:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - [You must be registered and logged in to see this link.] files (x86)\Nitro PDF\PDF Download\nitroweb.htm
IE: {{E3CB497B-E230-4445-8B34-13476822F867} - c:\program files\Tidy Favorites\OpenTFV.js
IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {70BEC6D2-977B-43CB-9A50-424099BA3897} -
TCP: DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\flnlt24w.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_\00\00\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Hard Disk Sentinel\HDSentinel.exe
.
**************************************************************************
.
Completion time: 2013-01-09 05:28:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-09 04:28
.
Pre-Run: 77.890.220.032 bytes free
Post-Run: 84.472.090.624 bytes free
.
- - End Of File - - 4237BD7FE619F23678C8F35D1B2CEEF2

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by DragonMaster Jay on Thu 10 Jan 2013, 6:37 am

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Thu 10 Jan 2013, 7:16 am

I can't attach this file, it gives me warning that file isn't valid (?!)

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Thu 10 Jan 2013, 7:19 am

20:57:01.0041 0508 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:57:01.0661 0508 ============================================================
20:57:01.0662 0508 Current date / time: 2013/01/09 20:57:01.0661
20:57:01.0662 0508 SystemInfo:
20:57:01.0662 0508
20:57:01.0662 0508 OS Version: 6.1.7601 ServicePack: 1.0
20:57:01.0662 0508 Product type: Workstation
20:57:01.0662 0508 ComputerName: SANDI-PC
20:57:01.0662 0508 UserName: Sandi
20:57:01.0662 0508 Windows directory: C:\Windows
20:57:01.0662 0508 System windows directory: C:\Windows
20:57:01.0662 0508 Running under WOW64
20:57:01.0662 0508 Processor architecture: Intel x64
20:57:01.0662 0508 Number of processors: 2
20:57:01.0662 0508 Page size: 0x1000
20:57:01.0662 0508 Boot type: Normal boot
20:57:01.0662 0508 ============================================================
20:57:04.0552 0508 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:57:04.0695 0508 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:57:04.0698 0508 ============================================================
20:57:04.0699 0508 \Device\Harddisk0\DR0:
20:57:04.0727 0508 MBR partitions:
20:57:04.0728 0508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:57:04.0728 0508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B6F4000
20:57:04.0728 0508 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B758000, BlocksNum 0x1A39800
20:57:04.0728 0508 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
20:57:04.0728 0508 \Device\Harddisk1\DR1:
20:57:04.0729 0508 MBR partitions:
20:57:04.0729 0508 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
20:57:04.0729 0508 ============================================================
20:57:05.0110 0508 C: <-> \Device\Harddisk0\DR0\Partition2
20:57:05.0294 0508 D: <-> \Device\Harddisk0\DR0\Partition3
20:57:05.0299 0508 E: <-> \Device\Harddisk1\DR1\Partition1
20:57:05.0299 0508 ============================================================
20:57:05.0299 0508 Initialize success
20:57:05.0299 0508 ============================================================
20:58:11.0633 0736 ============================================================
20:58:11.0634 0736 Scan started
20:58:11.0634 0736 Mode: Manual; SigCheck; TDLFS;
20:58:11.0634 0736 ============================================================
20:58:15.0929 0736 ================ Scan system memory ========================
20:58:15.0929 0736 System memory - ok
20:58:15.0929 0736 ================ Scan services =============================
20:58:16.0294 0736 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:58:16.0900 0736 1394ohci - ok
20:58:16.0953 0736 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:58:17.0001 0736 ACPI - ok
20:58:17.0047 0736 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:58:17.0172 0736 AcpiPmi - ok
20:58:17.0260 0736 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:58:17.0411 0736 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
20:58:17.0411 0736 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
20:58:17.0531 0736 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:58:17.0595 0736 AdobeARMservice - ok
20:58:17.0706 0736 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:58:17.0735 0736 adp94xx - ok
20:58:17.0778 0736 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:58:17.0804 0736 adpahci - ok
20:58:17.0814 0736 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:58:17.0837 0736 adpu320 - ok
20:58:17.0877 0736 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:58:18.0154 0736 AeLookupSvc - ok
20:58:18.0267 0736 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
20:58:18.0396 0736 AESTFilters - ok
20:58:18.0462 0736 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:58:18.0650 0736 AFD - ok
20:58:18.0749 0736 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
20:58:18.0809 0736 AgereModemAudio - ok
20:58:18.0850 0736 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
20:58:18.0960 0736 AgereSoftModem - ok
20:58:18.0997 0736 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:58:19.0017 0736 agp440 - ok
20:58:19.0059 0736 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:58:19.0119 0736 ALG - ok
20:58:19.0145 0736 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:58:19.0165 0736 aliide - ok
20:58:19.0242 0736 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:58:19.0425 0736 AMD External Events Utility - ok
20:58:19.0431 0736 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:58:19.0454 0736 amdide - ok
20:58:19.0505 0736 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:58:19.0765 0736 AmdK8 - ok
20:58:19.0808 0736 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:58:19.0864 0736 AmdPPM - ok
20:58:19.0904 0736 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:58:19.0927 0736 amdsata - ok
20:58:19.0940 0736 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:58:19.0963 0736 amdsbs - ok
20:58:19.0989 0736 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:58:20.0010 0736 amdxata - ok
20:58:20.0091 0736 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
20:58:20.0312 0736 AppHostSvc - ok
20:58:20.0361 0736 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:58:20.0497 0736 AppID - ok
20:58:20.0529 0736 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:58:20.0632 0736 AppIDSvc - ok
20:58:20.0686 0736 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:58:20.0747 0736 Appinfo - ok
20:58:20.0798 0736 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:58:20.0854 0736 AppMgmt - ok
20:58:20.0895 0736 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:58:20.0922 0736 arc - ok
20:58:20.0934 0736 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:58:20.0979 0736 arcsas - ok
20:58:21.0641 0736 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:58:21.0824 0736 aspnet_state - ok
20:58:21.0872 0736 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:58:21.0934 0736 AsyncMac - ok
20:58:21.0956 0736 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:58:21.0978 0736 atapi - ok
20:58:22.0196 0736 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:58:22.0437 0736 athr - ok
20:58:22.0657 0736 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:58:22.0844 0736 atikmdag - ok
20:58:22.0899 0736 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:58:23.0008 0736 AtiPcie - ok
20:58:23.0072 0736 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:58:23.0137 0736 AudioEndpointBuilder - ok
20:58:23.0149 0736 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:58:23.0211 0736 AudioSrv - ok
20:58:23.0295 0736 AVP - ok
20:58:23.0329 0736 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:58:23.0427 0736 AxInstSV - ok
20:58:23.0455 0736 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:58:23.0639 0736 b06bdrv - ok
20:58:23.0693 0736 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:58:23.0735 0736 b57nd60a - ok
20:58:23.0846 0736 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:58:23.0868 0736 BBSvc - ok
20:58:23.0929 0736 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:58:24.0239 0736 BBUpdate - ok
20:58:24.0330 0736 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:58:24.0418 0736 BDESVC - ok
20:58:24.0464 0736 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:58:24.0530 0736 Beep - ok
20:58:24.0609 0736 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:58:24.0682 0736 BFE - ok
20:58:24.0765 0736 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:58:24.0972 0736 BITS - ok
20:58:25.0014 0736 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:58:25.0047 0736 blbdrive - ok
20:58:25.0078 0736 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:58:25.0150 0736 bowser - ok
20:58:25.0192 0736 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:58:25.0389 0736 BrFiltLo - ok
20:58:25.0422 0736 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:58:25.0486 0736 BrFiltUp - ok
20:58:25.0534 0736 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:58:25.0639 0736 BridgeMP - ok
20:58:25.0667 0736 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:58:25.0743 0736 Browser - ok
20:58:25.0797 0736 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:58:25.0918 0736 Brserid - ok
20:58:25.0937 0736 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:58:26.0005 0736 BrSerWdm - ok
20:58:26.0040 0736 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:58:26.0119 0736 BrUsbMdm - ok
20:58:26.0138 0736 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:58:26.0226 0736 BrUsbSer - ok
20:58:26.0252 0736 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:58:26.0341 0736 BTHMODEM - ok
20:58:26.0368 0736 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:58:26.0422 0736 bthserv - ok
20:58:26.0459 0736 catchme - ok
20:58:26.0499 0736 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:58:26.0583 0736 cdfs - ok
20:58:26.0676 0736 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:58:26.0709 0736 cdrom - ok
20:58:26.0742 0736 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:58:26.0813 0736 CertPropSvc - ok
20:58:26.0848 0736 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:58:26.0952 0736 circlass - ok
20:58:27.0135 0736 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:58:27.0186 0736 CLFS - ok
20:58:27.0566 0736 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:58:27.0660 0736 clr_optimization_v2.0.50727_32 - ok
20:58:27.0711 0736 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:58:27.0774 0736 clr_optimization_v2.0.50727_64 - ok
20:58:27.0862 0736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:58:28.0029 0736 clr_optimization_v4.0.30319_32 - ok
20:58:28.0044 0736 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:58:28.0080 0736 clr_optimization_v4.0.30319_64 - ok
20:58:28.0114 0736 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:58:28.0218 0736 CmBatt - ok
20:58:28.0288 0736 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:58:28.0317 0736 cmdide - ok
20:58:28.0366 0736 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:58:28.0518 0736 CNG - ok
20:58:28.0594 0736 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:58:28.0622 0736 Com4QLBEx - ok
20:58:28.0655 0736 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:58:28.0676 0736 Compbatt - ok
20:58:28.0710 0736 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:58:28.0748 0736 CompositeBus - ok
20:58:28.0768 0736 COMSysApp - ok
20:58:28.0825 0736 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
20:58:28.0855 0736 cpuz135 - ok
20:58:28.0888 0736 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:58:28.0945 0736 crcdisk - ok
20:58:28.0995 0736 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:58:29.0083 0736 CryptSvc - ok
20:58:29.0135 0736 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:58:29.0258 0736 CSC - ok
20:58:29.0374 0736 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:58:29.0415 0736 CscService - ok
20:58:29.0467 0736 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:58:29.0535 0736 DcomLaunch - ok
20:58:29.0580 0736 [ 952AC62074718C8F04F053E5073EEB45 ] DefragFS C:\Windows\system32\drivers\DefragFS.sys
20:58:29.0602 0736 DefragFS - ok
20:58:29.0634 0736 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:58:29.0751 0736 defragsvc - ok
20:58:29.0787 0736 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:58:29.0875 0736 DfsC - ok
20:58:29.0921 0736 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:58:30.0003 0736 Dhcp - ok
20:58:30.0043 0736 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:58:30.0135 0736 discache - ok
20:58:30.0203 0736 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:58:30.0383 0736 Disk - ok
20:58:30.0645 0736 [ 20C394C80113D77406DF8F1ADC720B01 ] DKRtWrt C:\Windows\system32\DRIVERS\DKRtWrt.sys
20:58:30.0663 0736 DKRtWrt - ok
20:58:30.0715 0736 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:58:30.0766 0736 Dnscache - ok
20:58:30.0799 0736 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:58:30.0856 0736 dot3svc - ok
20:58:30.0884 0736 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:58:30.0972 0736 DPS - ok
20:58:31.0012 0736 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:58:31.0056 0736 drmkaud - ok
20:58:31.0115 0736 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:58:31.0157 0736 DXGKrnl - ok
20:58:31.0184 0736 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:58:31.0248 0736 EapHost - ok
20:58:31.0353 0736 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:58:31.0432 0736 ebdrv - ok
20:58:31.0466 0736 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:58:31.0534 0736 EFS - ok
20:58:31.0603 0736 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:58:31.0860 0736 ehRecvr - ok
20:58:31.0982 0736 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:58:32.0152 0736 ehSched - ok
20:58:32.0196 0736 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:58:32.0245 0736 elxstor - ok
20:58:32.0287 0736 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:58:32.0324 0736 ErrDev - ok
20:58:32.0389 0736 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:58:32.0456 0736 EventSystem - ok
20:58:32.0506 0736 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:58:32.0581 0736 exfat - ok
20:58:32.0600 0736 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:58:32.0663 0736 fastfat - ok
20:58:32.0721 0736 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:58:32.0839 0736 Fax - ok
20:58:32.0855 0736 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:58:32.0921 0736 fdc - ok
20:58:32.0954 0736 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:58:33.0010 0736 fdPHost - ok
20:58:33.0025 0736 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:58:33.0078 0736 FDResPub - ok
20:58:33.0162 0736 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:58:33.0252 0736 FileInfo - ok
20:58:33.0275 0736 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:58:33.0353 0736 Filetrace - ok
20:58:33.0392 0736 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:58:33.0477 0736 flpydisk - ok
20:58:33.0527 0736 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:58:33.0554 0736 FltMgr - ok
20:58:33.0617 0736 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:58:33.0807 0736 FontCache - ok
20:58:33.0865 0736 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:58:33.0882 0736 FontCache3.0.0.0 - ok
20:58:33.0907 0736 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:58:33.0986 0736 FsDepends - ok
20:58:34.0046 0736 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:58:34.0110 0736 fssfltr - ok
20:58:34.0220 0736 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:58:34.0340 0736 fsssvc - ok
20:58:34.0381 0736 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:58:34.0559 0736 Fs_Rec - ok
20:58:34.0624 0736 [ D225864F6FD96575A303A20BD42383ED ] ftpsvc C:\Windows\system32\inetsrv\ftpsvc.dll
20:58:34.0756 0736 ftpsvc - ok
20:58:34.0806 0736 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:58:34.0854 0736 fvevol - ok
20:58:34.0899 0736 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:58:34.0919 0736 gagp30kx - ok
20:58:34.0976 0736 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:58:34.0998 0736 GameConsoleService - ok
20:58:35.0049 0736 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:58:35.0118 0736 gpsvc - ok
20:58:35.0213 0736 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:58:35.0231 0736 gupdate - ok
20:58:35.0281 0736 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:58:35.0303 0736 gupdatem - ok
20:58:35.0342 0736 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:58:35.0450 0736 hcw85cir - ok
20:58:35.0489 0736 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:58:35.0521 0736 HdAudAddService - ok
20:58:35.0551 0736 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:58:35.0590 0736 HDAudBus - ok
20:58:35.0616 0736 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:58:35.0652 0736 HidBatt - ok
20:58:35.0689 0736 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:58:35.0809 0736 HidBth - ok
20:58:35.0830 0736 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:58:35.0870 0736 HidIr - ok
20:58:35.0893 0736 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:58:35.0958 0736 hidserv - ok
20:58:36.0004 0736 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:58:36.0061 0736 HidUsb - ok
20:58:36.0142 0736 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:58:36.0278 0736 hkmsvc - ok
20:58:36.0411 0736 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:58:36.0578 0736 HomeGroupListener - ok
20:58:36.0640 0736 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:58:36.0700 0736 HomeGroupProvider - ok
20:58:36.0730 0736 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:58:36.0781 0736 HpqKbFiltr - ok
20:58:36.0839 0736 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:58:36.0889 0736 hpqwmiex - ok
20:58:36.0947 0736 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:58:36.0968 0736 HpSAMD - ok
20:58:37.0159 0736 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:58:37.0287 0736 HTTP - ok
20:58:37.0367 0736 [ 17EFF7B20F4D110BAEC9652F126A8379 ] HWiNFO32 C:\Program Files\HWiNFO64\HWiNFO64A.SYS
20:58:37.0388 0736 HWiNFO32 - ok
20:58:37.0418 0736 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:58:37.0460 0736 hwpolicy - ok
20:58:37.0510 0736 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:58:37.0558 0736 i8042prt - ok
20:58:37.0602 0736 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:58:37.0631 0736 iaStorV - ok
20:58:37.0719 0736 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:58:37.0744 0736 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:58:37.0744 0736 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:58:37.0820 0736 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:58:37.0948 0736 idsvc - ok
20:58:38.0113 0736 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:58:38.0389 0736 igfx - ok
20:58:38.0408 0736 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:58:38.0457 0736 iirsp - ok
20:58:38.0502 0736 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
20:58:38.0612 0736 IISADMIN - ok
20:58:38.0656 0736 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:58:38.0736 0736 IKEEXT - ok
20:58:38.0747 0736 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:58:38.0788 0736 intelide - ok
20:58:38.0819 0736 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:58:38.0853 0736 intelppm - ok
20:58:38.0879 0736 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:58:38.0995 0736 IPBusEnum - ok
20:58:39.0028 0736 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:58:39.0109 0736 IpFilterDriver - ok
20:58:39.0390 0736 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:58:39.0534 0736 iphlpsvc - ok
20:58:39.0592 0736 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:58:39.0637 0736 IPMIDRV - ok
20:58:39.0722 0736 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:58:39.0820 0736 IPNAT - ok
20:58:39.0864 0736 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:58:39.0950 0736 IRENUM - ok
20:58:39.0968 0736 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:58:39.0993 0736 isapnp - ok
20:58:40.0038 0736 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:58:40.0063 0736 iScsiPrt - ok
20:58:40.0102 0736 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:58:40.0129 0736 kbdclass - ok
20:58:40.0152 0736 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:58:40.0188 0736 kbdhid - ok
20:58:40.0197 0736 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:58:40.0237 0736 KeyIso - ok
20:58:40.0285 0736 [ E656FE10D6D27794AFA08136685A69E8 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
20:58:40.0317 0736 kl1 - ok
20:58:40.0362 0736 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
20:58:40.0413 0736 kl2 - ok
20:58:40.0477 0736 [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:58:40.0514 0736 KLIF - ok
20:58:40.0552 0736 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
20:58:40.0604 0736 KLIM6 - ok
20:58:40.0641 0736 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
20:58:40.0673 0736 klmouflt - ok
20:58:40.0700 0736 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:58:40.0737 0736 KSecDD - ok
20:58:40.0745 0736 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:58:40.0835 0736 KSecPkg - ok
20:58:40.0883 0736 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:58:40.0957 0736 ksthunk - ok
20:58:41.0006 0736 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:58:41.0094 0736 KtmRm - ok
20:58:41.0145 0736 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:58:41.0236 0736 LanmanServer - ok
20:58:41.0262 0736 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:58:41.0332 0736 LanmanWorkstation - ok
20:58:41.0432 0736 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:58:41.0528 0736 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:58:41.0528 0736 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:58:41.0549 0736 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:58:41.0639 0736 lltdio - ok
20:58:41.0677 0736 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:58:41.0745 0736 lltdsvc - ok
20:58:41.0760 0736 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:58:41.0843 0736 lmhosts - ok
20:58:41.0898 0736 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:58:41.0925 0736 LSI_FC - ok
20:58:41.0939 0736 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:58:41.0962 0736 LSI_SAS - ok
20:58:41.0984 0736 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:58:42.0017 0736 LSI_SAS2 - ok
20:58:42.0045 0736 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:58:42.0214 0736 LSI_SCSI - ok
20:58:42.0304 0736 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:58:42.0484 0736 luafv - ok
20:58:42.0556 0736 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:58:42.0595 0736 Mcx2Svc - ok
20:58:42.0673 0736 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
20:58:42.0703 0736 MDM ( UnsignedFile.Multi.Generic ) - warning
20:58:42.0703 0736 MDM - detected UnsignedFile.Multi.Generic (1)
20:58:42.0736 0736 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:58:42.0759 0736 megasas - ok
20:58:42.0791 0736 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:58:42.0816 0736 MegaSR - ok
20:58:42.0861 0736 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:58:42.0922 0736 MMCSS - ok
20:58:42.0952 0736 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:58:43.0047 0736 Modem - ok
20:58:43.0063 0736 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:58:43.0100 0736 monitor - ok
20:58:43.0136 0736 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:58:43.0163 0736 mouclass - ok
20:58:43.0176 0736 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:58:43.0207 0736 mouhid - ok
20:58:43.0227 0736 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:58:43.0249 0736 mountmgr - ok
20:58:43.0298 0736 [ 3C5C6F16AA229B7CCCF06A355A8B0168 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:58:43.0381 0736 MozillaMaintenance - ok
20:58:43.0411 0736 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:58:43.0432 0736 mpio - ok
20:58:43.0458 0736 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:58:43.0509 0736 mpsdrv - ok
20:58:43.0553 0736 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:58:43.0619 0736 MpsSvc - ok
20:58:43.0649 0736 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:58:43.0690 0736 MRxDAV - ok
20:58:43.0723 0736 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:58:43.0786 0736 mrxsmb - ok
20:58:43.0813 0736 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:58:43.0846 0736 mrxsmb10 - ok
20:58:43.0866 0736 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:58:43.0892 0736 mrxsmb20 - ok
20:58:43.0915 0736 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:58:43.0934 0736 msahci - ok
20:58:43.0963 0736 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:58:43.0984 0736 msdsm - ok
20:58:44.0011 0736 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:58:44.0054 0736 MSDTC - ok
20:58:44.0156 0736 [ 0C02096E686E9EB2A3D37DFF9B42D946 ] MsDtsServer100 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
20:58:44.0214 0736 MsDtsServer100 - ok
20:58:44.0259 0736 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:58:44.0307 0736 Msfs - ok
20:58:44.0327 0736 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:58:44.0389 0736 mshidkmdf - ok
20:58:44.0418 0736 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:58:44.0438 0736 msisadrv - ok
20:58:44.0475 0736 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:58:44.0541 0736 MSiSCSI - ok
20:58:44.0546 0736 msiserver - ok
20:58:44.0577 0736 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:58:44.0645 0736 MSKSSRV - ok
20:58:44.0667 0736 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:58:44.0781 0736 MSPCLOCK - ok
20:58:44.0799 0736 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:58:44.0909 0736 MSPQM - ok
20:58:44.0936 0736 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:58:44.0965 0736 MsRPC - ok
20:58:45.0007 0736 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:58:45.0028 0736 mssmbios - ok
20:58:45.0288 0736 MSSQL$SQLEXPRESS - ok
20:58:45.0610 0736 [ 6286605FE7C87DDC628E3CE41A15FFA6 ] MSSQLFDLauncher C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
20:58:45.0635 0736 MSSQLFDLauncher - ok
20:58:45.0675 0736 MSSQLSERVER - ok
20:58:45.0734 0736 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:58:45.0770 0736 MSSQLServerADHelper100 - ok
20:58:45.0815 0736 MSSQLServerOLAPService - ok
20:58:45.0844 0736 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:58:45.0905 0736 MSTEE - ok
20:58:46.0095 0736 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
20:58:46.0352 0736 msvsmon90 - ok
20:58:46.0385 0736 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:58:46.0431 0736 MTConfig - ok
20:58:46.0472 0736 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:58:46.0492 0736 Mup - ok
20:58:46.0529 0736 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:58:46.0594 0736 napagent - ok
20:58:46.0632 0736 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:58:46.0673 0736 NativeWifiP - ok
20:58:46.0722 0736 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:58:46.0834 0736 NDIS - ok
20:58:46.0883 0736 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:58:46.0935 0736 NdisCap - ok
20:58:46.0956 0736 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:58:47.0004 0736 NdisTapi - ok
20:58:47.0042 0736 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:58:47.0100 0736 Ndisuio - ok
20:58:47.0125 0736 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:58:47.0218 0736 NdisWan - ok
20:58:47.0249 0736 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:58:47.0303 0736 NDProxy - ok
20:58:47.0331 0736 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:58:47.0393 0736 NetBIOS - ok
20:58:47.0460 0736 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:58:47.0618 0736 NetBT - ok
20:58:47.0663 0736 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:58:47.0731 0736 Netlogon - ok
20:58:47.0778 0736 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:58:47.0836 0736 Netman - ok
20:58:47.0874 0736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:47.0936 0736 NetMsmqActivator - ok
20:58:47.0968 0736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:47.0988 0736 NetPipeActivator - ok
20:58:48.0015 0736 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:58:48.0078 0736 netprofm - ok
20:58:48.0091 0736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:48.0113 0736 NetTcpActivator - ok
20:58:48.0120 0736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:48.0138 0736 NetTcpPortSharing - ok
20:58:49.0228 0736 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:58:49.0412 0736 netw5v64 - ok
20:58:49.0444 0736 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:58:49.0464 0736 nfrd960 - ok
20:58:49.0516 0736 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:58:49.0579 0736 NlaSvc - ok
20:58:49.0608 0736 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:58:49.0658 0736 Npfs - ok
20:58:49.0692 0736 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:58:49.0746 0736 nsi - ok
20:58:49.0757 0736 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:58:49.0813 0736 nsiproxy - ok
20:58:49.0866 0736 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:58:49.0954 0736 Ntfs - ok
20:58:49.0982 0736 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:58:50.0041 0736 Null - ok
20:58:50.0080 0736 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:58:50.0105 0736 nvraid - ok
20:58:50.0112 0736 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:58:50.0136 0736 nvstor - ok
20:58:50.0163 0736 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:58:50.0186 0736 nv_agp - ok
20:58:50.0255 0736 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:58:50.0466 0736 odserv - ok
20:58:50.0488 0736 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:58:50.0512 0736 ohci1394 - ok


santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Thu 10 Jan 2013, 7:25 am

20:58:50.0561 0736 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:58:50.0581 0736 ose - ok
20:58:50.0625 0736 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:58:50.0683 0736 p2pimsvc - ok
20:58:50.0708 0736 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:58:50.0758 0736 p2psvc - ok
20:58:50.0856 0736 [ 01907300EB52206B06FACB9608F369A9 ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
20:58:51.0587 0736 PanService - ok
20:58:51.0604 0736 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:58:51.0632 0736 Parport - ok
20:58:51.0663 0736 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:58:51.0721 0736 partmgr - ok
20:58:51.0767 0736 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:58:51.0802 0736 PcaSvc - ok
20:58:51.0830 0736 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:58:51.0860 0736 pci - ok
20:58:51.0893 0736 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:58:51.0913 0736 pciide - ok
20:58:51.0945 0736 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:58:52.0023 0736 pcmcia - ok
20:58:52.0050 0736 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:58:52.0074 0736 pcw - ok
20:58:52.0166 0736 [ 1963155B9D5C22E66F2F7729CD0A6238 ] PDAgent C:\Program Files (x86)\Raxco\PerfectDisk\PDAgent.exe
20:58:52.0219 0736 PDAgent - ok
20:58:52.0344 0736 [ A817F42CA419A7FFFC813B393E45173C ] PDEngine C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
20:58:52.0432 0736 PDEngine - ok
20:58:52.0490 0736 [ 751500CEFA3D3B7A7FCB52C392F3BE78 ] PDFSFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
20:58:52.0510 0736 PDFSFilter - ok
20:58:52.0548 0736 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:58:52.0617 0736 PEAUTH - ok
20:58:52.0681 0736 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:58:52.0814 0736 PeerDistSvc - ok
20:58:52.0892 0736 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:58:52.0923 0736 PerfHost - ok
20:58:53.0000 0736 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:58:53.0079 0736 pla - ok
20:58:53.0133 0736 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:58:53.0213 0736 PlugPlay - ok
20:58:53.0238 0736 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:58:53.0271 0736 PNRPAutoReg - ok
20:58:53.0292 0736 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:58:53.0317 0736 PNRPsvc - ok
20:58:53.0352 0736 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
20:58:53.0447 0736 Point64 - ok
20:58:53.0510 0736 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:58:53.0633 0736 PolicyAgent - ok
20:58:53.0668 0736 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:58:53.0729 0736 Power - ok
20:58:53.0762 0736 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:58:53.0811 0736 PptpMiniport - ok
20:58:53.0848 0736 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:58:53.0885 0736 Processor - ok
20:58:53.0929 0736 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:58:54.0032 0736 ProfSvc - ok
20:58:54.0062 0736 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:58:54.0118 0736 ProtectedStorage - ok
20:58:54.0265 0736 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:58:54.0496 0736 Psched - ok
20:58:54.0573 0736 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:58:54.0624 0736 ql2300 - ok
20:58:54.0651 0736 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:58:54.0672 0736 ql40xx - ok
20:58:54.0707 0736 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:58:54.0765 0736 QWAVE - ok
20:58:54.0799 0736 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:58:54.0843 0736 QWAVEdrv - ok
20:58:54.0867 0736 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:58:54.0927 0736 RasAcd - ok
20:58:54.0963 0736 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:58:55.0011 0736 RasAgileVpn - ok
20:58:55.0030 0736 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:58:55.0100 0736 RasAuto - ok
20:58:55.0122 0736 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:58:55.0182 0736 Rasl2tp - ok
20:58:55.0221 0736 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:58:55.0326 0736 RasMan - ok
20:58:55.0377 0736 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:58:55.0426 0736 RasPppoe - ok
20:58:55.0440 0736 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:58:55.0526 0736 RasSstp - ok
20:58:55.0568 0736 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:58:55.0620 0736 rdbss - ok
20:58:55.0643 0736 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:58:55.0673 0736 rdpbus - ok
20:58:55.0690 0736 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:58:55.0741 0736 RDPCDD - ok
20:58:55.0775 0736 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:58:55.0871 0736 RDPDR - ok
20:58:55.0900 0736 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:58:55.0963 0736 RDPENCDD - ok
20:58:55.0990 0736 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:58:56.0035 0736 RDPREFMP - ok
20:58:56.0067 0736 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:58:56.0190 0736 RDPWD - ok
20:58:56.0249 0736 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:58:56.0279 0736 rdyboost - ok
20:58:56.0307 0736 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:58:56.0371 0736 RemoteAccess - ok
20:58:56.0430 0736 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:58:56.0532 0736 RemoteRegistry - ok
20:58:56.0639 0736 [ DACF8F0D09A0AF56109DFE60351A5BEB ] ReportServer C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
20:58:56.0689 0736 ReportServer - ok
20:58:56.0775 0736 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
20:58:56.0802 0736 RichVideo64 - ok
20:58:56.0838 0736 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:58:56.0904 0736 RpcEptMapper - ok
20:58:56.0928 0736 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:58:56.0965 0736 RpcLocator - ok
20:58:56.0995 0736 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:58:57.0050 0736 RpcSs - ok
20:58:57.0229 0736 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
20:58:57.0454 0736 RsFx0103 - ok
20:58:57.0506 0736 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:58:57.0556 0736 rspndr - ok
20:58:57.0613 0736 RSUSBSTOR - ok
20:58:57.0658 0736 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:58:57.0707 0736 RTL8167 - ok
20:58:57.0735 0736 RtsUIR - ok
20:58:57.0750 0736 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:58:57.0812 0736 SamSs - ok
20:58:57.0904 0736 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:58:57.0956 0736 sbp2port - ok
20:58:58.0178 0736 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:58:58.0212 0736 SBSDWSCService - ok
20:58:58.0248 0736 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:58:58.0311 0736 SCardSvr - ok
20:58:58.0340 0736 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:58:58.0405 0736 scfilter - ok
20:58:58.0471 0736 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:58:58.0541 0736 Schedule - ok
20:58:58.0558 0736 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:58:58.0605 0736 SCPolicySvc - ok
20:58:58.0635 0736 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:58:58.0661 0736 sdbus - ok
20:58:58.0685 0736 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:58:58.0798 0736 SDRSVC - ok
20:58:58.0835 0736 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:58:58.0893 0736 secdrv - ok
20:58:58.0924 0736 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:58:58.0984 0736 seclogon - ok
20:58:59.0018 0736 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:58:59.0076 0736 SENS - ok
20:58:59.0107 0736 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:58:59.0208 0736 SensrSvc - ok
20:58:59.0246 0736 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:58:59.0332 0736 Serenum - ok
20:58:59.0360 0736 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:58:59.0405 0736 Serial - ok
20:58:59.0461 0736 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:58:59.0529 0736 sermouse - ok
20:58:59.0592 0736 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:58:59.0659 0736 SessionEnv - ok
20:58:59.0694 0736 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:58:59.0767 0736 sffdisk - ok
20:58:59.0794 0736 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:58:59.0835 0736 sffp_mmc - ok
20:58:59.0861 0736 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:58:59.0899 0736 sffp_sd - ok
20:58:59.0916 0736 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:58:59.0938 0736 sfloppy - ok
20:58:59.0998 0736 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:59:00.0064 0736 SharedAccess - ok
20:59:00.0251 0736 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:59:00.0614 0736 ShellHWDetection - ok
20:59:00.0654 0736 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:59:00.0673 0736 SiSRaid2 - ok
20:59:00.0699 0736 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:59:00.0725 0736 SiSRaid4 - ok
20:59:00.0783 0736 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:59:00.0948 0736 SkypeUpdate - ok
20:59:00.0988 0736 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:59:01.0038 0736 Smb - ok
20:59:01.0097 0736 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:59:01.0160 0736 SNMPTRAP - ok
20:59:01.0195 0736 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys
20:59:01.0217 0736 speedfan - ok
20:59:01.0234 0736 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:59:01.0260 0736 spldr - ok
20:59:01.0293 0736 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:59:01.0466 0736 Spooler - ok
20:59:01.0610 0736 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:59:01.0731 0736 sppsvc - ok
20:59:01.0757 0736 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:59:01.0809 0736 sppuinotify - ok
20:59:01.0867 0736 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
20:59:01.0867 0736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
20:59:01.0870 0736 sptd ( LockedFile.Multi.Generic ) - warning
20:59:01.0870 0736 sptd - detected LockedFile.Multi.Generic (1)
20:59:01.0938 0736 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:59:01.0963 0736 SQLAgent$SQLEXPRESS - ok
20:59:02.0039 0736 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:59:02.0089 0736 SQLBrowser - ok
20:59:02.0200 0736 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
20:59:02.0226 0736 SQLSERVERAGENT - ok
20:59:02.0279 0736 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:59:02.0309 0736 SQLWriter - ok
20:59:02.0371 0736 [ 83BE26217FD07B3613D151D24AAA9BEB ] SRS_SSCFilter C:\Windows\system32\drivers\srs_sscfilter_amd64.sys
20:59:02.0402 0736 SRS_SSCFilter - ok
20:59:02.0461 0736 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:59:02.0554 0736 srv - ok
20:59:02.0588 0736 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:59:02.0657 0736 srv2 - ok
20:59:02.0693 0736 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:59:02.0732 0736 SrvHsfHDA - ok
20:59:02.0780 0736 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:59:02.0838 0736 SrvHsfV92 - ok
20:59:02.0879 0736 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:59:02.0913 0736 SrvHsfWinac - ok
20:59:02.0950 0736 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:59:02.0981 0736 srvnet - ok
20:59:03.0020 0736 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:59:03.0081 0736 SSDPSRV - ok
20:59:03.0181 0736 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:59:03.0331 0736 SstpSvc - ok
20:59:03.0724 0736 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
20:59:03.0799 0736 STacSV - ok
20:59:03.0824 0736 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:59:03.0844 0736 stexstor - ok
20:59:03.0885 0736 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:59:03.0930 0736 STHDA - ok
20:59:03.0964 0736 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:59:04.0012 0736 stisvc - ok
20:59:04.0044 0736 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
20:59:04.0173 0736 StorSvc - ok
20:59:04.0213 0736 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:59:04.0232 0736 swenum - ok
20:59:04.0271 0736 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:59:04.0381 0736 swprv - ok
20:59:04.0434 0736 [ 772493A8945495F1A287BF6C4CA25B48 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:59:04.0469 0736 SynTP - ok
20:59:04.0562 0736 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:59:04.0642 0736 SysMain - ok
20:59:04.0661 0736 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:59:04.0704 0736 TabletInputService - ok
20:59:04.0730 0736 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:59:04.0822 0736 TapiSrv - ok
20:59:04.0852 0736 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:59:04.0900 0736 TBS - ok
20:59:04.0966 0736 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:59:05.0068 0736 Tcpip - ok
20:59:05.0123 0736 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:59:05.0173 0736 TCPIP6 - ok
20:59:05.0197 0736 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:59:05.0292 0736 tcpipreg - ok
20:59:05.0340 0736 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:59:05.0472 0736 TDPIPE - ok
20:59:05.0517 0736 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:59:05.0572 0736 TDTCP - ok
20:59:05.0667 0736 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:59:05.0714 0736 tdx - ok
20:59:05.0738 0736 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:59:05.0758 0736 TermDD - ok
20:59:05.0826 0736 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:59:05.0915 0736 TermService - ok
20:59:05.0938 0736 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:59:05.0979 0736 Themes - ok
20:59:06.0002 0736 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:59:06.0051 0736 THREADORDER - ok
20:59:06.0078 0736 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:59:06.0435 0736 TrkWks - ok
20:59:06.0503 0736 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:59:06.0561 0736 TrustedInstaller - ok
20:59:06.0589 0736 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:59:06.0644 0736 tssecsrv - ok
20:59:06.0689 0736 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:59:06.0783 0736 TsUsbFlt - ok
20:59:06.0819 0736 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:59:06.0865 0736 tunnel - ok
20:59:06.0907 0736 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:59:06.0982 0736 uagp35 - ok
20:59:07.0033 0736 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:59:07.0107 0736 udfs - ok
20:59:07.0142 0736 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:59:07.0163 0736 UI0Detect - ok
20:59:07.0199 0736 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:59:07.0236 0736 uliagpkx - ok
20:59:07.0265 0736 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:59:07.0339 0736 umbus - ok
20:59:07.0370 0736 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:59:07.0415 0736 UmPass - ok
20:59:07.0441 0736 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:59:07.0469 0736 UmRdpService - ok
20:59:07.0504 0736 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:59:07.0590 0736 upnphost - ok
20:59:07.0632 0736 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:59:07.0751 0736 usbccgp - ok
20:59:07.0756 0736 USBCCID - ok
20:59:07.0787 0736 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:59:07.0812 0736 usbcir - ok
20:59:07.0841 0736 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:59:07.0885 0736 usbehci - ok
20:59:07.0911 0736 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:59:07.0950 0736 usbfilter - ok
20:59:08.0010 0736 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:59:08.0049 0736 usbhub - ok
20:59:08.0081 0736 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:59:08.0113 0736 usbohci - ok
20:59:08.0148 0736 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:59:08.0260 0736 usbprint - ok
20:59:08.0309 0736 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:59:08.0532 0736 USBSTOR - ok
20:59:08.0574 0736 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:59:08.0617 0736 usbuhci - ok
20:59:08.0669 0736 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:59:08.0696 0736 usbvideo - ok
20:59:08.0724 0736 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:59:08.0787 0736 UxSms - ok
20:59:08.0804 0736 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:59:08.0839 0736 VaultSvc - ok
20:59:08.0874 0736 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:59:08.0923 0736 vdrvroot - ok
20:59:08.0979 0736 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:59:09.0042 0736 vds - ok
20:59:09.0100 0736 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:59:09.0283 0736 vga - ok
20:59:09.0307 0736 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:59:09.0366 0736 VgaSave - ok
20:59:09.0404 0736 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:59:09.0427 0736 vhdmp - ok
20:59:09.0462 0736 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:59:09.0482 0736 viaide - ok
20:59:09.0501 0736 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:59:09.0544 0736 volmgr - ok
20:59:09.0593 0736 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:59:09.0620 0736 volmgrx - ok
20:59:09.0637 0736 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:59:09.0666 0736 volsnap - ok
20:59:09.0712 0736 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:59:09.0734 0736 vsmraid - ok
20:59:09.0993 0736 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:59:10.0078 0736 VSS - ok
20:59:10.0105 0736 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:59:10.0169 0736 vwifibus - ok
20:59:10.0179 0736 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:59:10.0214 0736 vwififlt - ok
20:59:10.0249 0736 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:59:10.0313 0736 W32Time - ok
20:59:10.0363 0736 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
20:59:10.0402 0736 W3SVC - ok
20:59:10.0430 0736 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:59:10.0517 0736 WacomPen - ok
20:59:10.0558 0736 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:59:10.0645 0736 WANARP - ok
20:59:10.0649 0736 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:59:10.0701 0736 Wanarpv6 - ok
20:59:10.0741 0736 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
20:59:10.0765 0736 WAS - ok
20:59:10.0821 0736 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:59:10.0877 0736 WatAdminSvc - ok
20:59:10.0932 0736 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:59:11.0059 0736 wbengine - ok
20:59:11.0081 0736 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:59:11.0113 0736 WbioSrvc - ok
20:59:11.0154 0736 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:59:11.0201 0736 wcncsvc - ok
20:59:11.0215 0736 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:59:11.0289 0736 WcsPlugInService - ok
20:59:11.0318 0736 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:59:11.0341 0736 Wd - ok
20:59:11.0376 0736 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:59:11.0453 0736 Wdf01000 - ok
20:59:11.0488 0736 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:59:11.0577 0736 WdiServiceHost - ok
20:59:11.0582 0736 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:59:11.0609 0736 WdiSystemHost - ok
20:59:11.0654 0736 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:59:11.0698 0736 WebClient - ok
20:59:11.0730 0736 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:59:11.0794 0736 Wecsvc - ok
20:59:11.0814 0736 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:59:11.0878 0736 wercplsupport - ok
20:59:11.0903 0736 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:59:11.0958 0736 WerSvc - ok
20:59:11.0999 0736 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:59:12.0047 0736 WfpLwf - ok
20:59:12.0073 0736 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:59:12.0427 0736 WIMMount - ok
20:59:12.0466 0736 WinDefend - ok
20:59:12.0477 0736 WinHttpAutoProxySvc - ok
20:59:12.0562 0736 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:59:12.0677 0736 Winmgmt - ok
20:59:12.0747 0736 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:59:12.0826 0736 WinRM - ok
20:59:12.0904 0736 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:59:12.0974 0736 Wlansvc - ok
20:59:13.0035 0736 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:59:13.0091 0736 wlcrasvc - ok
20:59:13.0233 0736 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:59:13.0300 0736 wlidsvc - ok
20:59:13.0348 0736 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:59:13.0382 0736 WmiAcpi - ok
20:59:13.0421 0736 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:59:13.0495 0736 wmiApSrv - ok
20:59:13.0529 0736 WMPNetworkSvc - ok
20:59:13.0553 0736 [ B5BD872122A2CE82D196ABF2D5D8D80A ] WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
20:59:13.0674 0736 WMSVC - ok
20:59:13.0715 0736 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:59:13.0777 0736 WPCSvc - ok
20:59:13.0800 0736 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:59:13.0885 0736 WPDBusEnum - ok
20:59:13.0915 0736 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:59:13.0976 0736 ws2ifsl - ok
20:59:13.0987 0736 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:59:14.0024 0736 wscsvc - ok
20:59:14.0029 0736 WSearch - ok
20:59:14.0109 0736 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:59:14.0181 0736 wuauserv - ok
20:59:14.0207 0736 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:59:14.0352 0736 WudfPf - ok
20:59:14.0396 0736 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:59:14.0458 0736 WUDFRd - ok
20:59:14.0484 0736 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:59:14.0522 0736 wudfsvc - ok
20:59:14.0559 0736 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:59:14.0626 0736 WwanSvc - ok
20:59:14.0677 0736 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:59:14.0723 0736 yukonw7 - ok
20:59:14.0745 0736 ================ Scan global ===============================
20:59:14.0778 0736 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:59:14.0804 0736 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:59:14.0815 0736 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:59:14.0852 0736 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:59:14.0919 0736 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:59:14.0925 0736 [Global] - ok
20:59:14.0926 0736 ================ Scan MBR ==================================
20:59:14.0941 0736 [ 14156A5A64CBA01DE638308FD63535A2 ] \Device\Harddisk0\DR0
20:59:15.0607 0736 \Device\Harddisk0\DR0 - ok
20:59:15.0613 0736 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:59:16.0117 0736 \Device\Harddisk1\DR1 - ok
20:59:16.0118 0736 ================ Scan VBR ==================================
20:59:16.0140 0736 [ DB506A81C6B1FF9DCD1DC86BE2771444 ] \Device\Harddisk0\DR0\Partition1
20:59:16.0142 0736 \Device\Harddisk0\DR0\Partition1 - ok
20:59:16.0154 0736 [ 1BF5650E491E72A976EB9DD50BC1F937 ] \Device\Harddisk0\DR0\Partition2
20:59:16.0156 0736 \Device\Harddisk0\DR0\Partition2 - ok
20:59:16.0184 0736 [ E6ABADF2493C0C7560B8681E0E5952FF ] \Device\Harddisk0\DR0\Partition3
20:59:16.0188 0736 \Device\Harddisk0\DR0\Partition3 - ok
20:59:16.0201 0736 [ 64F880D3B0BBC752CB6F94F6B1CFEDDA ] \Device\Harddisk0\DR0\Partition4
20:59:16.0203 0736 \Device\Harddisk0\DR0\Partition4 - ok
20:59:16.0211 0736 [ 3FB6AA133F67F2B68F9476EA6B2739D5 ] \Device\Harddisk1\DR1\Partition1
20:59:16.0217 0736 \Device\Harddisk1\DR1\Partition1 - ok
20:59:16.0219 0736 ============================================================
20:59:16.0219 0736 Scan finished
20:59:16.0219 0736 ============================================================
20:59:16.0235 4616 Detected object count: 5
20:59:16.0235 4616 Actual detected object count: 5
21:00:46.0420 4616 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:46.0420 4616 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:46.0422 4616 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:46.0422 4616 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:46.0427 4616 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:46.0427 4616 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:46.0429 4616 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:46.0429 4616 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:46.0432 4616 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:00:46.0432 4616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Thu 10 Jan 2013, 8:35 am

Anyone want to finish this with me ?

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by DragonMaster Jay on Thu 10 Jan 2013, 9:29 am

Please be patient as possible. I'm currently assisting 10+ others.

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Thu 10 Jan 2013, 9:41 am

Of course, I apologise

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by DragonMaster Jay on Thu 10 Jan 2013, 8:33 pm

Go ahead with log when you can.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Fri 11 Jan 2013, 1:42 am

I can't attach txt's
I'm getting message : "Uploaded file is not valid"


It's OK now, it was a "coding" problem - only ANSI is accepted !


Last edited by santasa on Fri 11 Jan 2013, 1:47 am; edited 1 time in total

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Fri 11 Jan 2013, 1:44 am

otl

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Fri 11 Jan 2013, 1:46 am

extras

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by DragonMaster Jay on Fri 11 Jan 2013, 5:23 am

Please tell them here: [You must be registered and logged in to see this link.] , that you'll stay at GeekPolice.

I would like to have you completely remove Firefox and its profile. Please first make a backup of your bookmarks and any other important information.

Let me know if you have trouble preparing for this. Once you're ready, I'll let you know how to do this.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Fri 11 Jan 2013, 6:46 am

I see you found out about my little mischief

Anyway, I am going to do as you asked, although I have two different instances of FF - I have Aurora as 32bit, and FF17.xx as 64bit - both of these provoking Alerts with my KIS2012.
My IE and Opera are apparently unaffected with this infection !

OK then, I have lots of work tonight, especially with my enormous Bookmark file which I dragging around since god knows when, so that recently I had much trouble to save as back-up or move from one to another installation - I will post as soon as I am finished, except something unexpected.

Of course, I am sticking with you guys, ....

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by DragonMaster Jay on Fri 11 Jan 2013, 12:24 pm

Okay.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Sun 13 Jan 2013, 6:08 am

Dear friend, it's seems that your instructions helped ! I removed FF and Aurora completely, cleared everything from registry, and installed new FF.
I made back-up of all my settings & preferences, add-ons, etc. but I will use only add-ons, bookmarks, and some settings that I am sure wont infect it again.
I would appreciate one last advice regarding what you think I should avoid to use from these back-ups, or where do you think this trojan hid himself.

Thank you very much and cheers from Sarajevo,
Santa

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Sun 13 Jan 2013, 6:57 am

Unfortunately it's back, Alerts are back!

And since I didn't use anything from those back-ups except most of the add-ons/extensions, and restored usernames & password back-ups, I suddenly have serious doubts in resolving this issue. I hope I am wrong.

I used FEBE for the process of backing up and I did it one back up at the time (add-ons separately, preference separately, themes separately, etc.), which means I was able to restore everything separately and one at the time (even add-on I could restore one at the time). When I finished restoring add-ons everything was OK, but in the midst of restoring add-ons settings/preferences Alert appeared again - actually it appeared during restoring my registration with WOT.
i will probably remove FF again, while waiting you to reply....

-------

I have reinstalled FF again and I will try to restore just few most essential of add-ons, while waiting for your reply...

------

Ok - as I said I reinstalled FF and after that restored some 30-40% of my old add-ons, also restored Bookmarks and usernames/passwords option. This time I haven't been restored Session Backup, add-on which I suspected was responsible for re-infecting FF with this trojan when I imported backed-up sessions into this add-on (Session Backup or something).
Now, I am browsing like this for few hours and everything seems alright, for now. But I would like to restore all my add-ons on which I relied so much (like anyone else how use FF).
So do you have any idea which add-on or its preference was infected, or if you suspect on something else...
Santa

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by DragonMaster Jay on Mon 14 Jan 2013, 6:20 am

Delete old ComboFix, download new from here: [You must be registered and logged in to see this link.]

Run and post a log, please.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Tue 15 Jan 2013, 5:54 am

ComboFix 13-01-14.01 - Sandi 14.01.2013 19:25:46.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2812.1549 [GMT 1:00]
Running from: c:\users\Sandi\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 18:44 . 2013-01-14 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 18:44 . 2013-01-14 18:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-01-14 06:40 . 2013-01-14 06:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-14 06:37 . 2013-01-14 06:36 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-14 06:36 . 2013-01-14 06:36 -------- d-----w- c:\program files (x86)\Java
2013-01-13 15:31 . 2013-01-13 15:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-13 15:31 . 2013-01-13 15:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-13 15:31 . 2013-01-13 15:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-13 15:31 . 2013-01-13 15:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-13 15:31 . 2013-01-13 15:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-13 15:31 . 2013-01-13 15:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-13 15:31 . 2013-01-13 15:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-13 15:30 . 2013-01-13 15:31 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-12 21:24 . 2013-01-12 21:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-12 07:18 . 2013-01-12 07:18 -------- d-----w- c:\users\Sandi\AppData\Local\Mozilla
2013-01-12 03:50 . 2013-01-12 03:50 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D66D4FC-6916-4805-B11D-B3F5CBC7C8A0}\offreg.dll
2013-01-11 18:56 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D66D4FC-6916-4805-B11D-B3F5CBC7C8A0}\mpengine.dll
2013-01-10 07:27 . 2013-01-10 07:27 -------- d-----w- c:\program files (x86)\ESET
2013-01-09 04:10 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 04:10 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 04:08 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 04:07 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 04:07 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-22 02:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 02:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 02:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 02:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 16:17 . 2012-12-16 16:17 -------- d-----w- c:\users\Sandi\AppData\Local\Adobe_Systems_Incorporate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-14 06:36 . 2010-09-25 20:05 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-13 20:16 . 2012-04-01 16:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-13 20:16 . 2011-05-14 18:33 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-13 15:16 . 2012-09-01 09:48 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-10 02:37 . 2009-10-23 13:47 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 04:45 . 2013-01-09 04:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 02:07 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 02:07 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 02:07 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 02:07 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 02:07 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 02:07 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 02:07 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 02:07 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 02:07 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 02:07 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 02:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 02:07 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 02:07 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 02:07 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 02:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 02:07 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 02:07 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 02:07 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 02:07 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 02:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 02:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 02:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45 . 2012-12-13 00:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 00:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 00:09 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 00:09 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-29 10:50 . 2011-04-20 13:50 637272 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-16 03:07 . 2011-06-16 03:07 16896 ----a-w- c:\program files\wmdmhelper.dll
2011-06-16 03:07 . 2011-06-16 03:07 139264 ----a-w- c:\program files\dunzip32.dll
2011-06-16 03:07 . 2011-06-16 03:07 641024 ----a-w- c:\program files\rjbres.dll
2011-06-16 03:07 . 2011-06-16 03:07 360960 ----a-w- c:\program files\rjdlg.dll
2011-06-16 03:07 . 2011-06-16 03:07 34304 ----a-w- c:\program files\rjprog.dll
2011-06-16 03:07 . 2011-06-16 03:07 9216 ----a-w- c:\program files\fixrjb.exe
2011-06-16 03:07 . 2011-06-16 03:07 45056 ----a-w- c:\program files\ierjplug.dll
2011-06-16 03:07 . 2011-06-16 03:07 1115376 ----a-w- c:\program files\cddbmusicid.dll
2011-06-16 03:07 . 2011-06-16 03:07 943344 ----a-w- c:\program files\cddblink.dll
2011-06-16 03:07 . 2011-06-16 03:07 23552 ----a-w- c:\program files\tnetdtct.dll
2011-06-16 03:07 . 2011-06-16 03:07 2041072 ----a-w- c:\program files\cddbcontrol.dll
2011-06-16 03:07 . 2011-06-16 03:07 74240 ----a-w- c:\program files\tsasdk.dll
2011-06-16 03:07 . 2011-06-16 03:07 48640 ----a-w- c:\program files\tpasdk.dll
2011-06-16 03:07 . 2011-06-16 03:07 45056 ----a-w- c:\program files\mmcdda32.dll
2011-06-16 03:07 . 2011-06-16 03:07 67072 ----a-w- c:\program files\rpwa3260.dll
2011-06-16 03:07 . 2011-06-16 03:07 16296 ----a-w- c:\program files\realtfon.fon
2011-06-16 03:07 . 2011-06-16 03:07 45744 ----a-w- c:\program files\rpshellsearch.dll
2011-06-16 03:06 . 2011-06-16 03:06 368776 ----a-w- c:\program files\realconverter.exe
2011-06-16 03:06 . 2011-06-16 03:06 344712 ----a-w- c:\program files\convert.exe
2011-06-16 03:06 . 2011-06-16 03:06 390384 ----a-w- c:\program files\mc_enc_mp4v.dll
2011-06-16 03:06 . 2011-06-16 03:06 372864 ----a-w- c:\program files\realtrimmer.exe
2011-06-16 03:06 . 2011-06-16 03:06 120960 ----a-w- c:\program files\realshare.exe
2011-06-16 03:06 . 2011-06-16 03:06 719360 ----a-w- c:\program files\dbghelp.dll
2011-06-16 03:06 . 2011-06-16 03:06 72192 ----a-w- c:\program files\rjwmapln.dll
2011-06-16 03:06 . 2011-06-16 03:06 46592 ----a-w- c:\program files\rpau3260.dll
2011-06-16 03:05 . 2011-06-16 03:05 26768 ----a-w- c:\program files\rndevicedbbuilder.exe
2011-06-16 03:05 . 2011-06-16 03:05 88064 ----a-w- c:\program files\hxaudiodevicehook.dll
2011-06-16 03:05 . 2011-06-16 03:05 116392 ----a-w- c:\program files\rdsf3260.dll
2011-06-16 03:05 . 2011-06-16 03:05 86528 ----a-w- c:\program files\rpplugprot.dll
2011-06-16 03:05 . 2011-06-16 03:05 64672 ----a-w- c:\program files\rpshell.dll
2011-06-16 03:05 . 2011-06-16 03:05 9728 ----a-w- c:\program files\realjbox.exe
2011-06-16 03:05 . 2011-06-16 03:05 17064 ----a-w- c:\program files\rphelperapp.exe
2011-06-16 03:05 . 2011-06-16 03:05 490112 ----a-w- c:\program files\realplay.exe
2011-06-16 03:05 . 2011-06-16 03:05 415416 ----a-w- c:\program files\recordingmanager.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Eraser"="c:\program files (x86)\Eraser\Eraser.exe" [2007-12-22 916240]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3676952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-13 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"TkBellExe"="c:\program files\Update\realsched.exe" [2011-06-16 273544]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-29 206448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Sandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-11 834544]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2011-05-22 28032]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2011-06-06 79888]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 2075480]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 09:20 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 16:04]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 16:04]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974327514-3669766198-1081035601-1000Core.job
- c:\users\Sandi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 04:15]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974327514-3669766198-1081035601-1000UA.job
- c:\users\Sandi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-25 04:15]
.
2012-12-30 c:\windows\Tasks\HPCeeScheduleForSandi.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-17 21:38]
.
2013-01-13 c:\windows\Tasks\ReclaimerUpdateFiles_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 21:08]
.
2013-01-14 c:\windows\Tasks\ReclaimerUpdateXML_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 21:08]
.
2013-01-10 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-19 21:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - [You must be registered and logged in to see this link.] files (x86)\Nitro PDF\PDF Download\nitroweb.htm
IE: {{E3CB497B-E230-4445-8B34-13476822F867} - c:\program files\Tidy Favorites\OpenTFV.js
IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {70BEC6D2-977B-43CB-9A50-424099BA3897} -
TCP: DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - ExtSQL: 2013-01-12 23:24; {EF522540-89F5-46b9-B6FE-1829E2B572C6}; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
FF - ExtSQL: 2013-01-12 23:24; {5546F97E-11A5-46b0-9082-32AD74AAA920}; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi
FF - ExtSQL: 2013-01-12 23:24; [You must be registered and logged in to see this link.]; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\googledictionary@toptip.ca.xpi
FF - ExtSQL: 2013-01-12 23:24; ehtip@robertkatic; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\ehtip@robertkatic
FF - ExtSQL: 2013-01-12 23:24; [You must be registered and logged in to see this link.]; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\abhere2@moztw.org.xpi
FF - ExtSQL: 2013-01-12 23:57; {097d3191-e6fa-4728-9826-b533d755359d}; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF - ExtSQL: 2013-01-12 23:57; [You must be registered and logged in to see this link.]; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\tabutils@ithinc.cn.xpi
FF - ExtSQL: 2013-01-12 23:57; [You must be registered and logged in to see this link.]; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\tabscope@xuldev.org.xpi
FF - ExtSQL: 2013-01-12 23:57; [You must be registered and logged in to see this link.]; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\pavel.sherbakov@gmail.com
FF - ExtSQL: 2013-01-13 00:55; {4BBDD651-70CF-4821-84F8-2B918CF89CA3}; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - ExtSQL: 2013-01-13 00:55; zoompage@DW-dev; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\zoompage@DW-dev.xpi
FF - ExtSQL: 2013-01-13 00:55; [You must be registered and logged in to see this link.]; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\en-US@dictionaries.addons.mozilla.org
FF - ExtSQL: 2013-01-13 06:28; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF - ExtSQL: 2013-01-13 06:28; {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
FF - ExtSQL: 2013-01-13 06:28; [You must be registered and logged in to see this link.]; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\status4evar@caligonstudios.com.xpi
FF - ExtSQL: 2013-01-13 16:38; [You must be registered and logged in to see this link.]; c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\8z67cma1.default\extensions\firefox-managefolders@googlecode.com.xpi
FF - ExtSQL: 2013-01-13 17:14; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_\00\00\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-14 19:50:52
ComboFix-quarantined-files.txt 2013-01-14 18:50
ComboFix2.txt 2013-01-09 04:28
.
Pre-Run: 77.426.671.616 bytes free
Post-Run: 77.447.884.800 bytes free
.
- - End Of File - - 269EABBB879FB438C0AD200764E15B9A

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Tue 15 Jan 2013, 7:07 am

I suspect on these add-ons/extensions, actually their data/informations/urls these add-ons preserving :

- Scrapbook
- Session Manager (with Session Manager Export Tool)
- Textarea Cache
- Lazarus: Form Recovery
- Resurrect Pages
- SreenshotPimp

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by DragonMaster Jay on Wed 16 Jan 2013, 4:42 am

ComboFix Script


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    Registry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
    [-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    DDS::
    IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {70BEC6D2-977B-43CB-9A50-424099BA3897} -
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
  • Save this as CFScript.txt, in the same location as ComboFix.exe

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.



Norman Malware Cleaner

Please download Norman Malware Cleaner and save to your desktop.
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by santasa on Mon 21 Jan 2013, 5:40 am

I am sorry for delay, I hope you are still willing to finish this with me - here's ComboFix log file....

santasa

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2013-01-09
Operating System : 7

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by ceylon2 on Wed 23 Jan 2013, 7:04 pm

then visit our site->

ceylon2

Unborn
Unborn

Posts : 1
Joined : 2013-01-23
Operating System : linux

View user profile

Back to top Go down

Re: Trojan.JS.Redirector.xa

Post by Sponsored content Today at 9:22 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum