Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Optimizer Pro removal help!!


  • This topic is locked This topic is locked
34 replies to this topic

#1 JimVarney01

JimVarney01

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 11 April 2012 - 08:32 AM

Thanks to anyone in advance for helping!

We have a problem on a Win 7 machine. PC Optimizer Pro was opened and now everytime we try to uninstall it, it keeps coming back up on reboot. We got it from downloading some kind of foreign language viewer. It also installed the weatherbug and a handful of other programs. I think we uninstalled the rest of the toolbars and weatherbug, but we can't seem to get rid of the PC Optimizer Pro. Malwarebytes seems to be of no use as it has not detected any problems. Here is the DDS log...



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by bobj at 9:21:58 on 2012-04-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8182.5669 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32.EXE
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\bobj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bobj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\bobj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\bobj\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\vssvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120415,17117,0,18,0
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [Google Update] "C:\Users\bobj\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\Users\bobj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://bobj.dyndns-remote.com:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://bobj.dyndns-remote.com:100/VideoViewer.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://rodsecurity25.dvrdns.org/WebClient.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.254.23
TCP: Interfaces\{065456AE-DE72-4BE7-81B1-D690BA301C09} : DhcpNameServer = 192.168.254.23
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bobj\AppData\Roaming\Mozilla\Firefox\Profiles\2ipq8eyf.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80379&language=en&qkw=
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\bobj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-15 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-18 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-18 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-11 12:09:07 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-04-11 07:01:05 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 07:01:05 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 07:01:05 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 07:01:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 07:01:04 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 07:01:04 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 07:01:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 05:41:23 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F36F2BEF-21D2-4933-8112-C8CD7E362FB2}\mpengine.dll
2012-04-10 20:30:54 -------- d-----w- C:\ProgramData\AMD
2012-04-10 20:30:51 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-10 20:30:45 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-10 20:30:37 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-04-10 20:30:37 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-04-10 20:26:07 -------- d-----w- C:\Program Files\ATI Technologies
2012-04-10 20:26:05 -------- d-----w- C:\Program Files\ATI
2012-04-10 20:25:14 -------- d-----w- C:\AMD
2012-04-10 15:48:35 -------- d-----w- C:\Windows\pss
2012-04-09 17:32:54 -------- d-----w- C:\Program Files\iTunes
2012-04-09 17:32:54 -------- d-----w- C:\Program Files\iPod
2012-04-09 17:32:54 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-09 16:19:07 8738464 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 15:36:16 -------- d-----w- C:\ProgramData\PC Optimizer Pro
2012-04-09 15:32:47 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-09 15:00:10 -------- d-----w- C:\Users\bobj\AppData\Local\visi_coupon
2012-04-09 12:57:53 -------- d-----w- C:\Users\bobj\AppData\Local\FileTypeAssistant
2012-04-09 12:56:14 18944 ----a-r- C:\Users\bobj\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-04-09 12:55:50 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2012-04-09 12:55:29 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-03-28 18:29:39 -------- d-----w- C:\Users\bobj\AppData\Roaming\Topalt
2012-03-28 14:12:18 -------- d-----w- C:\Users\bobj\AppData\Local\APN
2012-03-28 14:12:13 -------- d-----w- C:\Users\bobj\AppData\Roaming\Easy Duplicate Finder
2012-03-19 22:34:11 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-19 22:34:11 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-19 22:34:11 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-19 22:30:49 -------- d-----w- C:\Program Files\Bonjour
2012-03-19 22:30:49 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-19 17:06:24 -------- d-----w- C:\Users\bobj\AppData\Local\99DF6A6D-2581-46F8-BB6D-2999289B9E46.aplzod
2012-03-13 21:34:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 21:34:26 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 21:34:25 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 21:33:50 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 21:33:49 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 21:33:49 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 21:33:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 21:33:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 21:33:38 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 21:33:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-04-09 16:19:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-03-09 05:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 05:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-03-08 22:16:41 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-08 22:16:41 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-09 11:48:50 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-02-09 11:48:47 34688 ----a-w- C:\Windows\System32\LMIport.dll
2012-02-09 11:48:46 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-31 11:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 11:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 9:22:34.54 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 13 April 2012 - 09:43 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 16 April 2012 - 12:31 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 JimVarney01

JimVarney01
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 16 April 2012 - 03:02 PM

Hey Gringo,

Thank you for your reply. This is a work computer so I did not have it available over the weekend. I will run the programs as instructed and post the results.

Thank you for your help!!
Kurt

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 16 April 2012 - 05:52 PM

ok see you then



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 JimVarney01

JimVarney01
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 17 April 2012 - 11:17 AM

Following are the logs from combofix and security check. First I posted the security check but when I was running combofix it closed the window so I lost it. The first time I ran combofix, Excel was opened and then was shut down when the computer restarted. When the computer restarted there were no icons whatsoever on the desktop and the computer had no internet access. It seemed as if nothing was running at all. The computer was restarted and everything was back to normal. I ran security check and combofix again and I will post all logs. The computer seems ok now but I'm not sure if everything is cleaned off of it. It did not really slow down the computer in the first place, there were just popups when the computer was booted.

Order of logs:
Security check log 1 -> was lost when combofix shut down internet browser
Combofix log 1 -> first log below
Security check log 2 -> second log below
Combofix log 2 -> third log below.

Thank you again Gringo!


ComboFix 12-04-16.02 - bobj 04/17/2012 8:01.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8182.5528 [GMT -4:00]
Running from: c:\users\bobj\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
c:\users\bobj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{29DAFD14-7960-444C-9E30-535D69EE67FB}.xps
c:\users\bobj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4ACA1625-6BDF-4CF7-A204-E7798CDC8219}.xps
c:\users\bobj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9CFE3A05-97B2-4468-BD1A-8BA8CFCAB592}.xps
c:\users\bobj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D0363D1A-8382-481E-83B0-0BFF29FDAE95}.xps
c:\users\bobj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D106F0D1-1C1E-422C-A47A-EA061F5EF6E6}.xps
c:\users\bobj\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ED396A1C-880F-441C-95CE-2F7B3FF0EF95}.xps
c:\users\bobj\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
c:\users\bobj\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 12:08 . 2012-04-17 12:08 -------- d-----w- c:\users\techedge\AppData\Local\temp
2012-04-17 12:08 . 2012-04-17 12:08 -------- d-----w- c:\users\techedge.HANCOCK\AppData\Local\temp
2012-04-17 12:08 . 2012-04-17 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 12:08 . 2012-04-17 12:08 -------- d-----w- c:\users\bob\AppData\Local\temp
2012-04-17 05:58 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{563320D3-7C56-4DB8-BF13-4C7F131E2542}\mpengine.dll
2012-04-11 12:09 . 2012-04-11 12:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-04-11 07:03 . 2012-04-11 07:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-11 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\programdata\AMD
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-10 20:26 . 2012-04-10 20:30 -------- d-----w- c:\program files\ATI Technologies
2012-04-10 20:26 . 2012-04-10 20:26 -------- d-----w- c:\program files\ATI
2012-04-10 20:25 . 2012-04-10 20:25 -------- d-----w- C:\AMD
2012-04-09 17:32 . 2012-04-09 17:33 -------- d-----w- c:\program files\iTunes
2012-04-09 17:32 . 2012-04-09 17:33 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 17:32 . 2012-04-09 17:32 -------- d-----w- c:\program files\iPod
2012-04-09 16:19 . 2012-04-14 01:19 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 15:36 . 2012-04-09 15:38 -------- d-----w- c:\programdata\PC Optimizer Pro
2012-04-09 15:32 . 2012-04-14 01:19 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-09 15:00 . 2012-04-09 15:00 -------- d-----w- c:\users\bobj\AppData\Local\visi_coupon
2012-04-09 12:57 . 2012-04-09 13:10 -------- d-----w- c:\users\bobj\AppData\Local\FileTypeAssistant
2012-04-09 12:56 . 2012-04-09 12:56 18944 ----a-r- c:\users\bobj\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-04-09 12:55 . 2012-04-09 12:55 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-04-09 12:55 . 2012-04-10 16:16 -------- d-----w- c:\programdata\Yahoo!
2012-04-09 12:55 . 2012-04-10 16:16 -------- d-----w- c:\program files (x86)\Yahoo!
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-28 18:29 . 2012-03-28 18:29 -------- d-----w- c:\users\bobj\AppData\Roaming\Topalt
2012-03-28 14:12 . 2012-03-28 14:12 -------- d-----w- c:\users\bobj\AppData\Local\APN
2012-03-28 14:12 . 2012-04-10 16:12 -------- d-----w- c:\users\bobj\AppData\Roaming\Easy Duplicate Finder
2012-03-19 22:34 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-19 22:34 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-19 22:34 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-19 22:31 . 2012-03-19 22:31 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-19 22:30 . 2012-03-19 22:30 -------- d-----w- c:\program files\Bonjour
2012-03-19 22:30 . 2012-03-19 22:30 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-19 17:06 . 2012-04-17 12:14 -------- d-----w- c:\users\bobj\AppData\Local\99DF6A6D-2581-46F8-BB6D-2999289B9E46.aplzod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:19 . 2011-05-13 14:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-01-26 17:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 03:27 . 2011-01-24 16:42 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2011-01-15 14:03 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2012-03-09 03:57 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2012-03-09 03:47 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 22:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 22:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-17 06:38 . 2012-03-13 21:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 21:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 21:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 21:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 12:03 . 2012-02-10 12:04 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B64035E9-61CC-4BD5-A936-3B620982E003}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 21:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 21:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 11:48 . 2011-01-25 13:18 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-09 11:48 . 2011-01-25 13:18 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-09 11:48 . 2011-01-25 13:18 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 04:34 . 2012-03-13 21:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-01-21 16:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-25 06:38 . 2012-03-13 21:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 21:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 21:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-01-24 160328]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-27 39408]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-04-04 1261472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\bobj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2010\QBW32.EXE [2012-3-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-09 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:19]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 15:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 15:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759384936-1780340661-1091857603-1167Core.job
- c:\users\bobj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 15:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759384936-1780340661-1091857603-1167UA.job
- c:\users\bobj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 15:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2009-08-26 2900992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120415,17117,0,18,0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.23
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://bobj.dyndns-remote.com:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://bobj.dyndns-remote.com:100/VideoViewer.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://rodsecurity25.dvrdns.org/WebClient.cab
FF - ProfilePath - c:\users\bobj\AppData\Roaming\Mozilla\Firefox\Profiles\2ipq8eyf.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80379&language=en&qkw=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
HKLM_Wow6432Node-ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
Toolbar-Locked - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Common Files\Comscan\Comscan.exe
.
**************************************************************************
.
Completion time: 2012-04-17 08:22:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 12:22
.
Pre-Run: 867,734,872,064 bytes free
Post-Run: 870,252,822,528 bytes free
.
- - End Of File - - 18D3237930228EB9C639986ACF510579







Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 23
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (4.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````




ComboFix 12-04-16.02 - bobj 04/17/2012 11:46:33.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8182.5840 [GMT -4:00]
Running from: c:\users\bobj\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bobj\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 15:55 . 2012-04-17 15:55 -------- d-----w- c:\users\techedge\AppData\Local\temp
2012-04-17 15:55 . 2012-04-17 15:55 -------- d-----w- c:\users\techedge.HANCOCK\AppData\Local\temp
2012-04-17 15:55 . 2012-04-17 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 15:55 . 2012-04-17 15:55 -------- d-----w- c:\users\bob\AppData\Local\temp
2012-04-17 05:58 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{563320D3-7C56-4DB8-BF13-4C7F131E2542}\mpengine.dll
2012-04-11 12:09 . 2012-04-11 12:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-04-11 07:03 . 2012-04-11 07:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-11 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\programdata\AMD
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-10 20:26 . 2012-04-10 20:30 -------- d-----w- c:\program files\ATI Technologies
2012-04-10 20:26 . 2012-04-10 20:26 -------- d-----w- c:\program files\ATI
2012-04-10 20:25 . 2012-04-10 20:25 -------- d-----w- C:\AMD
2012-04-09 17:32 . 2012-04-09 17:33 -------- d-----w- c:\program files\iTunes
2012-04-09 17:32 . 2012-04-09 17:33 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 17:32 . 2012-04-09 17:32 -------- d-----w- c:\program files\iPod
2012-04-09 16:19 . 2012-04-14 01:19 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 15:36 . 2012-04-09 15:38 -------- d-----w- c:\programdata\PC Optimizer Pro
2012-04-09 15:32 . 2012-04-14 01:19 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-09 15:00 . 2012-04-09 15:00 -------- d-----w- c:\users\bobj\AppData\Local\visi_coupon
2012-04-09 12:57 . 2012-04-09 13:10 -------- d-----w- c:\users\bobj\AppData\Local\FileTypeAssistant
2012-04-09 12:56 . 2012-04-09 12:56 18944 ----a-r- c:\users\bobj\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-04-09 12:55 . 2012-04-09 12:55 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-04-09 12:55 . 2012-04-10 16:16 -------- d-----w- c:\programdata\Yahoo!
2012-04-09 12:55 . 2012-04-10 16:16 -------- d-----w- c:\program files (x86)\Yahoo!
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-28 18:29 . 2012-03-28 18:29 -------- d-----w- c:\users\bobj\AppData\Roaming\Topalt
2012-03-28 14:12 . 2012-03-28 14:12 -------- d-----w- c:\users\bobj\AppData\Local\APN
2012-03-28 14:12 . 2012-04-10 16:12 -------- d-----w- c:\users\bobj\AppData\Roaming\Easy Duplicate Finder
2012-03-19 22:34 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-19 22:34 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-19 22:34 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-19 22:31 . 2012-03-19 22:31 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-19 22:30 . 2012-03-19 22:30 -------- d-----w- c:\program files\Bonjour
2012-03-19 22:30 . 2012-03-19 22:30 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-19 17:06 . 2012-04-17 14:57 -------- d-----w- c:\users\bobj\AppData\Local\99DF6A6D-2581-46F8-BB6D-2999289B9E46.aplzod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:19 . 2011-05-13 14:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-01-26 17:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 03:27 . 2011-01-24 16:42 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2011-01-15 14:03 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2012-03-09 03:57 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2012-03-09 03:47 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 22:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 22:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-17 06:38 . 2012-03-13 21:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 21:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 21:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 21:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 12:03 . 2012-02-10 12:04 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B64035E9-61CC-4BD5-A936-3B620982E003}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 21:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 21:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 11:48 . 2011-01-25 13:18 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-09 11:48 . 2011-01-25 13:18 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-09 11:48 . 2011-01-25 13:18 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 04:34 . 2012-03-13 21:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-01-21 16:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-25 06:38 . 2012-03-13 21:33 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 21:33 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 21:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-17_12.18.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-15 12:23 . 2012-04-17 13:02 35940 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-17 13:02 53838 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-21 15:40 . 2012-04-17 15:57 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 15:40 . 2012-04-17 12:17 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 15:40 . 2012-04-17 12:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-21 15:40 . 2012-04-17 15:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 12:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 19:14 . 2012-04-17 15:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 19:14 . 2012-04-17 12:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-24 21:09 . 2012-04-17 13:02 8896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2759384936-1780340661-1091857603-1167_UserData.bin
- 2012-04-17 12:17 . 2012-04-17 12:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-17 15:57 . 2012-04-17 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-17 15:57 . 2012-04-17 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-17 12:17 . 2012-04-17 12:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-17 11:55 666896 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-17 13:04 666896 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-17 13:04 123654 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-17 11:55 123654 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-10 16:17 478708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-17 15:56 478708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-19 11:14 . 2012-04-17 15:56 13911368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759384936-1780340661-1091857603-1167-12288.dat
- 2011-04-19 11:14 . 2012-04-10 16:17 13911368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759384936-1780340661-1091857603-1167-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-01-24 160328]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-27 39408]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-04-04 1261472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\bobj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2010\QBW32.EXE [2012-3-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-09 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:19]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 15:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 15:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759384936-1780340661-1091857603-1167Core.job
- c:\users\bobj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 15:07]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759384936-1780340661-1091857603-1167UA.job
- c:\users\bobj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 15:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2009-08-26 2900992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120415,17117,0,18,0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.23
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://bobj.dyndns-remote.com:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://bobj.dyndns-remote.com:100/VideoViewer.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://rodsecurity25.dvrdns.org/WebClient.cab
FF - ProfilePath - c:\users\bobj\AppData\Roaming\Mozilla\Firefox\Profiles\2ipq8eyf.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80379&language=en&qkw=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Common Files\Comscan\Comscan.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-04-17 12:09:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 16:09
ComboFix2.txt 2012-04-17 12:22
.
Pre-Run: 870,136,389,632 bytes free
Post-Run: 869,943,169,024 bytes free
.
- - End Of File - - 4AEB888FCBA2D0D9ABEAD03F80CB0CCD

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 17 April 2012 - 04:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JimVarney01

JimVarney01
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 19 April 2012 - 08:22 AM

There weren't any issues running or updating. Here are the logs.


08:36:11.0946 2928 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
08:36:12.0273 2928 ============================================================
08:36:12.0273 2928 Current date / time: 2012/04/19 08:36:12.0273
08:36:12.0273 2928 SystemInfo:
08:36:12.0273 2928
08:36:12.0273 2928 OS Version: 6.1.7601 ServicePack: 1.0
08:36:12.0273 2928 Product type: Workstation
08:36:12.0273 2928 ComputerName: BOBJ-WIN7
08:36:12.0273 2928 UserName: bobj
08:36:12.0273 2928 Windows directory: C:\Windows
08:36:12.0273 2928 System windows directory: C:\Windows
08:36:12.0273 2928 Running under WOW64
08:36:12.0273 2928 Processor architecture: Intel x64
08:36:12.0273 2928 Number of processors: 8
08:36:12.0273 2928 Page size: 0x1000
08:36:12.0273 2928 Boot type: Normal boot
08:36:12.0273 2928 ============================================================
08:36:13.0350 2928 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:36:13.0350 2928 \Device\Harddisk0\DR0:
08:36:13.0350 2928 MBR partitions:
08:36:13.0350 2928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x177000
08:36:13.0350 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18B000, BlocksNum 0x7457A000
08:36:13.0365 2928 C: <-> \Device\Harddisk0\DR0\Partition1
08:36:13.0365 2928 Initialize success
08:36:13.0365 2928 ============================================================
08:36:23.0342 7236 ============================================================
08:36:23.0342 7236 Scan started
08:36:23.0342 7236 Mode: Manual;
08:36:23.0342 7236 ============================================================
08:36:25.0854 7236 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:36:25.0870 7236 1394ohci - ok
08:36:25.0948 7236 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:36:25.0948 7236 ACPI - ok
08:36:25.0994 7236 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:36:25.0994 7236 AcpiPmi - ok
08:36:26.0119 7236 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:36:26.0135 7236 AdobeARMservice - ok
08:36:26.0260 7236 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:36:26.0260 7236 AdobeFlashPlayerUpdateSvc - ok
08:36:26.0306 7236 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:36:26.0322 7236 adp94xx - ok
08:36:26.0338 7236 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:36:26.0338 7236 adpahci - ok
08:36:26.0353 7236 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:36:26.0353 7236 adpu320 - ok
08:36:26.0384 7236 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:36:26.0400 7236 AeLookupSvc - ok
08:36:26.0494 7236 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:36:26.0509 7236 AFD - ok
08:36:26.0540 7236 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:36:26.0540 7236 agp440 - ok
08:36:26.0556 7236 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:36:26.0556 7236 ALG - ok
08:36:26.0587 7236 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:36:26.0587 7236 aliide - ok
08:36:26.0634 7236 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
08:36:26.0634 7236 AMD External Events Utility - ok
08:36:26.0665 7236 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:36:26.0665 7236 amdide - ok
08:36:26.0681 7236 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:36:26.0696 7236 AmdK8 - ok
08:36:26.0915 7236 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
08:36:27.0040 7236 amdkmdag - ok
08:36:27.0118 7236 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
08:36:27.0118 7236 amdkmdap - ok
08:36:27.0133 7236 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:36:27.0149 7236 AmdPPM - ok
08:36:27.0196 7236 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:36:27.0196 7236 amdsata - ok
08:36:27.0242 7236 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:36:27.0258 7236 amdsbs - ok
08:36:27.0274 7236 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:36:27.0289 7236 amdxata - ok
08:36:27.0336 7236 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:36:27.0352 7236 AppID - ok
08:36:27.0383 7236 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:36:27.0398 7236 AppIDSvc - ok
08:36:27.0445 7236 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:36:27.0461 7236 Appinfo - ok
08:36:27.0539 7236 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:36:27.0539 7236 Apple Mobile Device - ok
08:36:27.0586 7236 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:36:27.0586 7236 AppMgmt - ok
08:36:27.0617 7236 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:36:27.0617 7236 arc - ok
08:36:27.0648 7236 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:36:27.0648 7236 arcsas - ok
08:36:27.0742 7236 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:36:27.0742 7236 aspnet_state - ok
08:36:27.0773 7236 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:36:27.0773 7236 AsyncMac - ok
08:36:27.0804 7236 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:36:27.0804 7236 atapi - ok
08:36:27.0944 7236 atikmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
08:36:27.0976 7236 atikmdag - ok
08:36:28.0022 7236 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:36:28.0038 7236 AudioEndpointBuilder - ok
08:36:28.0038 7236 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:36:28.0054 7236 AudioSrv - ok
08:36:28.0069 7236 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:36:28.0069 7236 AxInstSV - ok
08:36:28.0116 7236 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:36:28.0132 7236 b06bdrv - ok
08:36:28.0178 7236 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:36:28.0178 7236 b57nd60a - ok
08:36:28.0194 7236 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:36:28.0194 7236 BDESVC - ok
08:36:28.0225 7236 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:36:28.0241 7236 Beep - ok
08:36:28.0303 7236 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:36:28.0319 7236 BFE - ok
08:36:28.0350 7236 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:36:28.0366 7236 BITS - ok
08:36:28.0381 7236 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:36:28.0397 7236 blbdrive - ok
08:36:28.0444 7236 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:36:28.0459 7236 Bonjour Service - ok
08:36:28.0522 7236 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:36:28.0537 7236 bowser - ok
08:36:28.0553 7236 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:36:28.0568 7236 BrFiltLo - ok
08:36:28.0568 7236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:36:28.0568 7236 BrFiltUp - ok
08:36:28.0600 7236 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:36:28.0615 7236 BridgeMP - ok
08:36:28.0678 7236 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:36:28.0693 7236 Browser - ok
08:36:28.0724 7236 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:36:28.0724 7236 Brserid - ok
08:36:28.0740 7236 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:36:28.0756 7236 BrSerWdm - ok
08:36:28.0771 7236 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:36:28.0771 7236 BrUsbMdm - ok
08:36:28.0787 7236 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:36:28.0787 7236 BrUsbSer - ok
08:36:28.0818 7236 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:36:28.0834 7236 BTHMODEM - ok
08:36:28.0834 7236 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:36:28.0849 7236 bthserv - ok
08:36:29.0036 7236 CarboniteService (33e43a31ac6ac6ba95d4772d8cca076f) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
08:36:29.0052 7236 CarboniteService - ok
08:36:29.0114 7236 catchme - ok
08:36:29.0146 7236 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:36:29.0146 7236 cdfs - ok
08:36:29.0192 7236 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:36:29.0208 7236 cdrom - ok
08:36:29.0239 7236 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:36:29.0286 7236 CertPropSvc - ok
08:36:29.0317 7236 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:36:29.0348 7236 circlass - ok
08:36:29.0395 7236 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:36:29.0426 7236 CLFS - ok
08:36:29.0489 7236 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:36:29.0504 7236 clr_optimization_v2.0.50727_32 - ok
08:36:29.0551 7236 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:36:29.0567 7236 clr_optimization_v2.0.50727_64 - ok
08:36:29.0645 7236 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:36:29.0660 7236 clr_optimization_v4.0.30319_32 - ok
08:36:29.0707 7236 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:36:29.0723 7236 clr_optimization_v4.0.30319_64 - ok
08:36:29.0723 7236 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:36:29.0738 7236 CmBatt - ok
08:36:29.0770 7236 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:36:29.0785 7236 cmdide - ok
08:36:29.0848 7236 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:36:29.0863 7236 CNG - ok
08:36:29.0879 7236 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:36:29.0879 7236 Compbatt - ok
08:36:29.0926 7236 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:36:29.0957 7236 CompositeBus - ok
08:36:29.0957 7236 COMSysApp - ok
08:36:29.0972 7236 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:36:29.0988 7236 crcdisk - ok
08:36:30.0050 7236 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:36:30.0050 7236 CryptSvc - ok
08:36:30.0113 7236 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:36:30.0128 7236 CSC - ok
08:36:30.0191 7236 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:36:30.0206 7236 CscService - ok
08:36:30.0238 7236 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:36:30.0238 7236 DcomLaunch - ok
08:36:30.0284 7236 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:36:30.0300 7236 defragsvc - ok
08:36:30.0347 7236 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:36:30.0362 7236 DfsC - ok
08:36:30.0378 7236 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:36:30.0394 7236 Dhcp - ok
08:36:30.0409 7236 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:36:30.0409 7236 discache - ok
08:36:30.0425 7236 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:36:30.0425 7236 Disk - ok
08:36:30.0487 7236 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:36:30.0503 7236 Dnscache - ok
08:36:30.0534 7236 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:36:30.0550 7236 dot3svc - ok
08:36:30.0565 7236 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:36:30.0581 7236 DPS - ok
08:36:30.0596 7236 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:36:30.0612 7236 drmkaud - ok
08:36:30.0643 7236 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:36:30.0659 7236 DXGKrnl - ok
08:36:30.0690 7236 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys
08:36:30.0706 7236 e1kexpress - ok
08:36:30.0721 7236 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:36:30.0737 7236 EapHost - ok
08:36:30.0893 7236 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:36:30.0924 7236 ebdrv - ok
08:36:30.0955 7236 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:36:30.0955 7236 EFS - ok
08:36:30.0986 7236 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:36:31.0018 7236 ehRecvr - ok
08:36:31.0096 7236 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:36:31.0111 7236 ehSched - ok
08:36:31.0142 7236 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:36:31.0158 7236 elxstor - ok
08:36:31.0189 7236 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:36:31.0205 7236 ErrDev - ok
08:36:31.0252 7236 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:36:31.0267 7236 EventSystem - ok
08:36:31.0283 7236 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:36:31.0298 7236 exfat - ok
08:36:31.0330 7236 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:36:31.0330 7236 fastfat - ok
08:36:31.0408 7236 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:36:31.0408 7236 Fax - ok
08:36:31.0423 7236 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:36:31.0439 7236 fdc - ok
08:36:31.0454 7236 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:36:31.0470 7236 fdPHost - ok
08:36:31.0486 7236 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:36:31.0486 7236 FDResPub - ok
08:36:31.0486 7236 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:36:31.0501 7236 FileInfo - ok
08:36:31.0517 7236 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:36:31.0517 7236 Filetrace - ok
08:36:31.0610 7236 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:36:31.0642 7236 FLEXnet Licensing Service - ok
08:36:31.0673 7236 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:36:31.0673 7236 flpydisk - ok
08:36:31.0751 7236 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:36:31.0751 7236 FltMgr - ok
08:36:31.0813 7236 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:36:31.0860 7236 FontCache - ok
08:36:31.0907 7236 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:36:31.0922 7236 FontCache3.0.0.0 - ok
08:36:31.0938 7236 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:36:31.0954 7236 FsDepends - ok
08:36:31.0985 7236 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:36:31.0985 7236 Fs_Rec - ok
08:36:32.0032 7236 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:36:32.0047 7236 fvevol - ok
08:36:32.0063 7236 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:36:32.0078 7236 gagp30kx - ok
08:36:32.0110 7236 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:36:32.0125 7236 GEARAspiWDM - ok
08:36:32.0188 7236 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:36:32.0203 7236 gpsvc - ok
08:36:32.0281 7236 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:36:32.0281 7236 gupdate - ok
08:36:32.0312 7236 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:36:32.0312 7236 gupdatem - ok
08:36:32.0390 7236 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:36:32.0390 7236 gusvc - ok
08:36:32.0422 7236 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:36:32.0422 7236 hcw85cir - ok
08:36:32.0453 7236 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:36:32.0468 7236 HDAudBus - ok
08:36:32.0484 7236 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:36:32.0500 7236 HidBatt - ok
08:36:32.0515 7236 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:36:32.0515 7236 HidBth - ok
08:36:32.0531 7236 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:36:32.0546 7236 HidIr - ok
08:36:32.0562 7236 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:36:32.0578 7236 hidserv - ok
08:36:32.0593 7236 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:36:32.0609 7236 HidUsb - ok
08:36:32.0671 7236 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:36:32.0687 7236 hkmsvc - ok
08:36:32.0734 7236 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:36:32.0734 7236 HomeGroupListener - ok
08:36:32.0765 7236 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:36:32.0780 7236 HomeGroupProvider - ok
08:36:32.0812 7236 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:36:32.0827 7236 HpSAMD - ok
08:36:32.0890 7236 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:36:32.0905 7236 HTTP - ok
08:36:32.0936 7236 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:36:32.0936 7236 hwpolicy - ok
08:36:32.0968 7236 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:36:32.0968 7236 i8042prt - ok
08:36:33.0030 7236 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
08:36:33.0030 7236 iaStor - ok
08:36:33.0092 7236 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:36:33.0092 7236 IAStorDataMgrSvc - ok
08:36:33.0124 7236 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:36:33.0139 7236 iaStorV - ok
08:36:33.0186 7236 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:36:33.0202 7236 idsvc - ok
08:36:33.0233 7236 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:36:33.0248 7236 iirsp - ok
08:36:33.0280 7236 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:36:33.0311 7236 IKEEXT - ok
08:36:33.0342 7236 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
08:36:33.0358 7236 Impcd - ok
08:36:33.0436 7236 IntcAzAudAddService (9f61c293284a2435badb78a4e287ae88) C:\Windows\system32\drivers\RTDVHD64.sys
08:36:33.0467 7236 IntcAzAudAddService - ok
08:36:33.0482 7236 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:36:33.0482 7236 intelide - ok
08:36:33.0514 7236 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:36:33.0514 7236 intelppm - ok
08:36:33.0529 7236 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:36:33.0545 7236 IPBusEnum - ok
08:36:33.0576 7236 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:36:33.0592 7236 IpFilterDriver - ok
08:36:33.0623 7236 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:36:33.0654 7236 iphlpsvc - ok
08:36:33.0670 7236 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:36:33.0685 7236 IPMIDRV - ok
08:36:33.0701 7236 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:36:33.0716 7236 IPNAT - ok
08:36:33.0810 7236 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:36:33.0810 7236 iPod Service - ok
08:36:33.0826 7236 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:36:33.0826 7236 IRENUM - ok
08:36:33.0841 7236 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:36:33.0857 7236 isapnp - ok
08:36:33.0888 7236 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:36:33.0888 7236 iScsiPrt - ok
08:36:33.0904 7236 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:36:33.0919 7236 kbdclass - ok
08:36:33.0950 7236 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:36:33.0966 7236 kbdhid - ok
08:36:33.0982 7236 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:36:33.0997 7236 KeyIso - ok
08:36:34.0028 7236 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:36:34.0044 7236 KSecDD - ok
08:36:34.0075 7236 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:36:34.0091 7236 KSecPkg - ok
08:36:34.0106 7236 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:36:34.0122 7236 ksthunk - ok
08:36:34.0153 7236 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:36:34.0169 7236 KtmRm - ok
08:36:34.0231 7236 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:36:34.0231 7236 LanmanServer - ok
08:36:34.0309 7236 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:36:34.0325 7236 LanmanWorkstation - ok
08:36:34.0356 7236 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:36:34.0372 7236 lltdio - ok
08:36:34.0403 7236 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:36:34.0403 7236 lltdsvc - ok
08:36:34.0418 7236 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:36:34.0434 7236 lmhosts - ok
08:36:34.0496 7236 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
08:36:34.0496 7236 LMIGuardianSvc - ok
08:36:34.0543 7236 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:36:34.0543 7236 LMIInfo - ok
08:36:34.0590 7236 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
08:36:34.0590 7236 LMIMaint - ok
08:36:34.0590 7236 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
08:36:34.0606 7236 lmimirr - ok
08:36:34.0606 7236 LMIRfsClientNP - ok
08:36:34.0621 7236 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
08:36:34.0637 7236 LMIRfsDriver - ok
08:36:34.0652 7236 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
08:36:34.0652 7236 LogMeIn - ok
08:36:34.0668 7236 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:36:34.0684 7236 LSI_FC - ok
08:36:34.0684 7236 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:36:34.0684 7236 LSI_SAS - ok
08:36:34.0715 7236 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:36:34.0715 7236 LSI_SAS2 - ok
08:36:34.0746 7236 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:36:34.0746 7236 LSI_SCSI - ok
08:36:34.0777 7236 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:36:34.0793 7236 luafv - ok
08:36:34.0855 7236 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:36:34.0855 7236 MBAMProtector - ok
08:36:34.0918 7236 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:36:34.0949 7236 MBAMService - ok
08:36:34.0996 7236 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:36:35.0011 7236 Mcx2Svc - ok
08:36:35.0136 7236 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
08:36:35.0136 7236 MDM - ok
08:36:35.0152 7236 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:36:35.0167 7236 megasas - ok
08:36:35.0183 7236 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:36:35.0198 7236 MegaSR - ok
08:36:35.0214 7236 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:36:35.0230 7236 MMCSS - ok
08:36:35.0245 7236 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:36:35.0261 7236 Modem - ok
08:36:35.0276 7236 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:36:35.0276 7236 monitor - ok
08:36:35.0308 7236 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:36:35.0308 7236 mouclass - ok
08:36:35.0323 7236 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:36:35.0339 7236 mouhid - ok
08:36:35.0386 7236 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:36:35.0386 7236 mountmgr - ok
08:36:35.0448 7236 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
08:36:35.0448 7236 MpFilter - ok
08:36:35.0495 7236 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:36:35.0510 7236 mpio - ok
08:36:35.0526 7236 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
08:36:35.0542 7236 MpNWMon - ok
08:36:35.0542 7236 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:36:35.0557 7236 mpsdrv - ok
08:36:35.0620 7236 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:36:35.0651 7236 MpsSvc - ok
08:36:35.0682 7236 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:36:35.0698 7236 MRxDAV - ok
08:36:35.0744 7236 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:36:35.0760 7236 mrxsmb - ok
08:36:35.0807 7236 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:36:35.0822 7236 mrxsmb10 - ok
08:36:35.0854 7236 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:36:35.0916 7236 mrxsmb20 - ok
08:36:36.0010 7236 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:36:36.0041 7236 msahci - ok
08:36:36.0103 7236 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:36:36.0103 7236 msdsm - ok
08:36:36.0119 7236 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:36:36.0134 7236 MSDTC - ok
08:36:36.0150 7236 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:36:36.0150 7236 Msfs - ok
08:36:36.0166 7236 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:36:36.0166 7236 mshidkmdf - ok
08:36:36.0197 7236 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:36:36.0197 7236 msisadrv - ok
08:36:36.0228 7236 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:36:36.0244 7236 MSiSCSI - ok
08:36:36.0244 7236 msiserver - ok
08:36:36.0259 7236 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:36:36.0275 7236 MSKSSRV - ok
08:36:36.0322 7236 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
08:36:36.0322 7236 MsMpSvc - ok
08:36:36.0337 7236 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:36:36.0337 7236 MSPCLOCK - ok
08:36:36.0337 7236 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:36:36.0353 7236 MSPQM - ok
08:36:36.0384 7236 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:36:36.0400 7236 MsRPC - ok
08:36:36.0415 7236 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:36:36.0415 7236 mssmbios - ok
08:36:36.0431 7236 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:36:36.0431 7236 MSTEE - ok
08:36:36.0446 7236 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:36:36.0462 7236 MTConfig - ok
08:36:36.0462 7236 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:36:36.0462 7236 Mup - ok
08:36:36.0493 7236 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:36:36.0524 7236 napagent - ok
08:36:36.0540 7236 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:36:36.0540 7236 NativeWifiP - ok
08:36:36.0587 7236 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:36:36.0618 7236 NDIS - ok
08:36:36.0634 7236 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:36:36.0649 7236 NdisCap - ok
08:36:36.0680 7236 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:36:36.0696 7236 NdisTapi - ok
08:36:36.0743 7236 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:36:36.0758 7236 Ndisuio - ok
08:36:36.0790 7236 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:36:36.0805 7236 NdisWan - ok
08:36:36.0836 7236 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:36:36.0852 7236 NDProxy - ok
08:36:36.0868 7236 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:36:36.0868 7236 NetBIOS - ok
08:36:36.0899 7236 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:36:36.0914 7236 NetBT - ok
08:36:36.0914 7236 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:36:36.0914 7236 Netlogon - ok
08:36:36.0961 7236 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:36:36.0961 7236 Netman - ok
08:36:37.0055 7236 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:36:37.0070 7236 NetMsmqActivator - ok
08:36:37.0070 7236 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:36:37.0086 7236 NetPipeActivator - ok
08:36:37.0102 7236 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:36:37.0133 7236 netprofm - ok
08:36:37.0133 7236 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:36:37.0133 7236 NetTcpActivator - ok
08:36:37.0133 7236 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:36:37.0148 7236 NetTcpPortSharing - ok
08:36:37.0164 7236 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:36:37.0179 7236 nfrd960 - ok
08:36:37.0195 7236 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:36:37.0195 7236 NisDrv - ok
08:36:37.0257 7236 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
08:36:37.0257 7236 NisSrv - ok
08:36:37.0273 7236 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:36:37.0304 7236 NlaSvc - ok
08:36:37.0320 7236 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:36:37.0320 7236 Npfs - ok
08:36:37.0351 7236 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:36:37.0351 7236 nsi - ok
08:36:37.0367 7236 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:36:37.0367 7236 nsiproxy - ok
08:36:37.0460 7236 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:36:37.0507 7236 Ntfs - ok
08:36:37.0523 7236 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:36:37.0523 7236 Null - ok
08:36:37.0538 7236 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:36:37.0554 7236 nvraid - ok
08:36:37.0601 7236 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:36:37.0601 7236 nvstor - ok
08:36:37.0616 7236 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:36:37.0632 7236 nv_agp - ok
08:36:37.0679 7236 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:36:37.0694 7236 ohci1394 - ok
08:36:37.0772 7236 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:36:37.0788 7236 ose - ok
08:36:37.0975 7236 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:36:37.0991 7236 osppsvc - ok
08:36:38.0022 7236 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:36:38.0022 7236 p2pimsvc - ok
08:36:38.0053 7236 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:36:38.0053 7236 p2psvc - ok
08:36:38.0084 7236 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:36:38.0100 7236 Parport - ok
08:36:38.0100 7236 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:36:38.0100 7236 partmgr - ok
08:36:38.0131 7236 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
08:36:38.0131 7236 PBADRV - ok
08:36:38.0147 7236 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:36:38.0147 7236 PcaSvc - ok
08:36:38.0178 7236 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:36:38.0178 7236 pci - ok
08:36:38.0193 7236 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:36:38.0193 7236 pciide - ok
08:36:38.0225 7236 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:36:38.0225 7236 pcmcia - ok
08:36:38.0240 7236 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:36:38.0256 7236 pcw - ok
08:36:38.0287 7236 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:36:38.0287 7236 PEAUTH - ok
08:36:38.0349 7236 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:36:38.0365 7236 PeerDistSvc - ok
08:36:38.0427 7236 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:36:38.0443 7236 PerfHost - ok
08:36:38.0521 7236 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:36:38.0552 7236 pla - ok
08:36:38.0615 7236 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:36:38.0630 7236 PlugPlay - ok
08:36:38.0646 7236 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:36:38.0661 7236 PNRPAutoReg - ok
08:36:38.0661 7236 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:36:38.0661 7236 PNRPsvc - ok
08:36:38.0693 7236 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:36:38.0693 7236 PolicyAgent - ok
08:36:38.0724 7236 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:36:38.0724 7236 Power - ok
08:36:38.0786 7236 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:36:38.0802 7236 PptpMiniport - ok
08:36:38.0817 7236 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:36:38.0833 7236 Processor - ok
08:36:38.0849 7236 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:36:38.0864 7236 ProfSvc - ok
08:36:38.0864 7236 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:36:38.0864 7236 ProtectedStorage - ok
08:36:38.0895 7236 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:36:38.0911 7236 Psched - ok
08:36:38.0958 7236 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:36:38.0958 7236 PxHlpa64 - ok
08:36:39.0067 7236 QBCFMonitorService (933d92f0bd1d7a9835cd8a8b1235a11e) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
08:36:39.0067 7236 QBCFMonitorService - ok
08:36:39.0145 7236 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
08:36:39.0161 7236 QBFCService - ok
08:36:39.0254 7236 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
08:36:39.0285 7236 QBVSS - ok
08:36:39.0379 7236 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:36:39.0410 7236 ql2300 - ok
08:36:39.0441 7236 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:36:39.0457 7236 ql40xx - ok
08:36:39.0504 7236 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:36:39.0519 7236 QWAVE - ok
08:36:39.0535 7236 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:36:39.0535 7236 QWAVEdrv - ok
08:36:39.0551 7236 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:36:39.0566 7236 RasAcd - ok
08:36:39.0597 7236 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:36:39.0597 7236 RasAgileVpn - ok
08:36:39.0613 7236 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:36:39.0629 7236 RasAuto - ok
08:36:39.0644 7236 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:36:39.0660 7236 Rasl2tp - ok
08:36:39.0675 7236 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:36:39.0691 7236 RasMan - ok
08:36:39.0707 7236 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:36:39.0722 7236 RasPppoe - ok
08:36:39.0738 7236 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:36:39.0753 7236 RasSstp - ok
08:36:39.0769 7236 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:36:39.0785 7236 rdbss - ok
08:36:39.0800 7236 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:36:39.0800 7236 rdpbus - ok
08:36:39.0800 7236 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:36:39.0800 7236 RDPCDD - ok
08:36:39.0863 7236 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:36:39.0863 7236 RDPDR - ok
08:36:39.0894 7236 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:36:39.0894 7236 RDPENCDD - ok
08:36:39.0909 7236 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:36:39.0909 7236 RDPREFMP - ok
08:36:39.0956 7236 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:36:39.0972 7236 RDPWD - ok
08:36:40.0003 7236 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:36:40.0003 7236 rdyboost - ok
08:36:40.0034 7236 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:36:40.0050 7236 RemoteAccess - ok
08:36:40.0065 7236 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:36:40.0081 7236 RemoteRegistry - ok
08:36:40.0190 7236 RoxMediaDB12OEM (bddc447ab46625a54619808575d5cb46) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
08:36:40.0206 7236 RoxMediaDB12OEM - ok
08:36:40.0268 7236 RoxWatch12 (ce203243adf512540249df9c264f12dd) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
08:36:40.0284 7236 RoxWatch12 - ok
08:36:40.0299 7236 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:36:40.0315 7236 RpcEptMapper - ok
08:36:40.0346 7236 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:36:40.0362 7236 RpcLocator - ok
08:36:40.0393 7236 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:36:40.0393 7236 RpcSs - ok
08:36:40.0409 7236 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:36:40.0409 7236 rspndr - ok
08:36:40.0471 7236 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:36:40.0471 7236 s3cap - ok
08:36:40.0487 7236 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:36:40.0487 7236 SamSs - ok
08:36:40.0533 7236 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:36:40.0549 7236 sbp2port - ok
08:36:40.0565 7236 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:36:40.0565 7236 SCardSvr - ok
08:36:40.0611 7236 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:36:40.0611 7236 scfilter - ok
08:36:40.0658 7236 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:36:40.0674 7236 Schedule - ok
08:36:40.0721 7236 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:36:40.0721 7236 SCPolicySvc - ok
08:36:40.0736 7236 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:36:40.0752 7236 SDRSVC - ok
08:36:40.0767 7236 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:36:40.0783 7236 secdrv - ok
08:36:40.0814 7236 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:36:40.0830 7236 seclogon - ok
08:36:40.0845 7236 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:36:40.0861 7236 SENS - ok
08:36:40.0861 7236 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:36:40.0877 7236 SensrSvc - ok
08:36:40.0908 7236 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:36:40.0908 7236 Serenum - ok
08:36:40.0923 7236 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:36:40.0923 7236 Serial - ok
08:36:40.0955 7236 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:36:40.0955 7236 sermouse - ok
08:36:40.0986 7236 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:36:41.0001 7236 SessionEnv - ok
08:36:41.0017 7236 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:36:41.0017 7236 sffdisk - ok
08:36:41.0033 7236 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:36:41.0033 7236 sffp_mmc - ok
08:36:41.0033 7236 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:36:41.0033 7236 sffp_sd - ok
08:36:41.0048 7236 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:36:41.0064 7236 sfloppy - ok
08:36:41.0142 7236 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:36:41.0157 7236 SharedAccess - ok
08:36:41.0173 7236 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:36:41.0204 7236 ShellHWDetection - ok
08:36:41.0220 7236 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:36:41.0220 7236 SiSRaid2 - ok
08:36:41.0235 7236 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:36:41.0251 7236 SiSRaid4 - ok
08:36:41.0282 7236 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:36:41.0298 7236 Smb - ok
08:36:41.0329 7236 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:36:41.0329 7236 SNMPTRAP - ok
08:36:41.0329 7236 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:36:41.0329 7236 spldr - ok
08:36:41.0376 7236 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:36:41.0376 7236 Spooler - ok
08:36:41.0501 7236 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:36:41.0516 7236 sppsvc - ok
08:36:41.0547 7236 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:36:41.0547 7236 sppuinotify - ok
08:36:41.0579 7236 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:36:41.0610 7236 srv - ok
08:36:41.0625 7236 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:36:41.0641 7236 srv2 - ok
08:36:41.0657 7236 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:36:41.0657 7236 srvnet - ok
08:36:41.0688 7236 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:36:41.0703 7236 SSDPSRV - ok
08:36:41.0703 7236 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:36:41.0719 7236 SstpSvc - ok
08:36:41.0735 7236 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:36:41.0735 7236 stexstor - ok
08:36:41.0797 7236 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:36:41.0813 7236 stisvc - ok
08:36:41.0859 7236 stllssvr (9e182dd94496550a22a392cc1a8e0f52) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:36:41.0875 7236 stllssvr - ok
08:36:41.0922 7236 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:36:41.0922 7236 storflt - ok
08:36:41.0937 7236 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:36:41.0953 7236 StorSvc - ok
08:36:41.0984 7236 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:36:42.0000 7236 storvsc - ok
08:36:42.0015 7236 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:36:42.0015 7236 swenum - ok
08:36:42.0047 7236 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:36:42.0062 7236 swprv - ok
08:36:42.0125 7236 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:36:42.0140 7236 SysMain - ok
08:36:42.0156 7236 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:36:42.0156 7236 TabletInputService - ok
08:36:42.0187 7236 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:36:42.0187 7236 TapiSrv - ok
08:36:42.0203 7236 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:36:42.0203 7236 TBS - ok
08:36:42.0327 7236 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:36:42.0343 7236 Tcpip - ok
08:36:42.0359 7236 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:36:42.0374 7236 TCPIP6 - ok
08:36:42.0405 7236 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:36:42.0421 7236 tcpipreg - ok
08:36:42.0483 7236 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
08:36:42.0515 7236 tcsd_win32.exe - ok
08:36:42.0561 7236 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:36:42.0561 7236 TDPIPE - ok
08:36:42.0577 7236 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:36:42.0608 7236 TDTCP - ok
08:36:42.0624 7236 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:36:42.0639 7236 tdx - ok
08:36:42.0655 7236 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:36:42.0655 7236 TermDD - ok
08:36:42.0686 7236 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:36:42.0686 7236 TermService - ok
08:36:42.0702 7236 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:36:42.0717 7236 Themes - ok
08:36:42.0749 7236 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:36:42.0749 7236 THREADORDER - ok
08:36:42.0827 7236 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
08:36:42.0827 7236 TomTomHOMEService - ok
08:36:42.0827 7236 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:36:42.0858 7236 TrkWks - ok
08:36:42.0889 7236 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:36:42.0905 7236 TrustedInstaller - ok
08:36:42.0920 7236 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:36:42.0936 7236 tssecsrv - ok
08:36:42.0951 7236 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:36:42.0951 7236 TsUsbFlt - ok
08:36:42.0998 7236 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:36:43.0014 7236 tunnel - ok
08:36:43.0045 7236 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:36:43.0045 7236 uagp35 - ok
08:36:43.0076 7236 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:36:43.0092 7236 udfs - ok
08:36:43.0123 7236 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:36:43.0139 7236 UI0Detect - ok
08:36:43.0154 7236 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:36:43.0170 7236 uliagpkx - ok
08:36:43.0185 7236 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:36:43.0201 7236 umbus - ok
08:36:43.0217 7236 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:36:43.0217 7236 UmPass - ok
08:36:43.0248 7236 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:36:43.0248 7236 UmRdpService - ok
08:36:43.0295 7236 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:36:43.0310 7236 upnphost - ok
08:36:43.0357 7236 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:36:43.0373 7236 USBAAPL64 - ok
08:36:43.0419 7236 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:36:43.0435 7236 usbaudio - ok
08:36:43.0451 7236 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:36:43.0466 7236 usbccgp - ok
08:36:43.0513 7236 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:36:43.0529 7236 usbcir - ok
08:36:43.0544 7236 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:36:43.0560 7236 usbehci - ok
08:36:43.0575 7236 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:36:43.0591 7236 usbhub - ok
08:36:43.0607 7236 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:36:43.0622 7236 usbohci - ok
08:36:43.0638 7236 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:36:43.0653 7236 usbprint - ok
08:36:43.0700 7236 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:36:43.0716 7236 usbscan - ok
08:36:43.0731 7236 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:36:43.0747 7236 USBSTOR - ok
08:36:43.0763 7236 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:36:43.0763 7236 usbuhci - ok
08:36:43.0794 7236 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:36:43.0809 7236 UxSms - ok
08:36:43.0841 7236 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:36:43.0856 7236 VaultSvc - ok
08:36:43.0856 7236 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:36:43.0856 7236 vdrvroot - ok
08:36:43.0872 7236 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:36:43.0887 7236 vds - ok
08:36:43.0903 7236 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:36:43.0919 7236 vga - ok
08:36:43.0934 7236 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:36:43.0934 7236 VgaSave - ok
08:36:43.0965 7236 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:36:43.0981 7236 vhdmp - ok
08:36:43.0997 7236 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:36:44.0012 7236 viaide - ok
08:36:44.0028 7236 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:36:44.0043 7236 vmbus - ok
08:36:44.0059 7236 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:36:44.0075 7236 VMBusHID - ok
08:36:44.0090 7236 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:36:44.0090 7236 volmgr - ok
08:36:44.0153 7236 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:36:44.0168 7236 volmgrx - ok
08:36:44.0184 7236 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:36:44.0199 7236 volsnap - ok
08:36:44.0199 7236 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
08:36:44.0199 7236 vpcbus - ok
08:36:44.0231 7236 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
08:36:44.0246 7236 vpcnfltr - ok
08:36:44.0262 7236 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
08:36:44.0277 7236 vpcusb - ok
08:36:44.0293 7236 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
08:36:44.0309 7236 vpcvmm - ok
08:36:44.0340 7236 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:36:44.0340 7236 vsmraid - ok
08:36:44.0418 7236 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:36:44.0418 7236 VSS - ok
08:36:44.0449 7236 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:36:44.0449 7236 vwifibus - ok
08:36:44.0480 7236 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:36:44.0496 7236 W32Time - ok
08:36:44.0527 7236 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:36:44.0543 7236 WacomPen - ok
08:36:44.0543 7236 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:36:44.0558 7236 WANARP - ok
08:36:44.0574 7236 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:36:44.0574 7236 Wanarpv6 - ok
08:36:44.0667 7236 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:36:44.0683 7236 WatAdminSvc - ok
08:36:44.0761 7236 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:36:44.0777 7236 wbengine - ok
08:36:44.0823 7236 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:36:44.0823 7236 WbioSrvc - ok
08:36:44.0855 7236 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:36:44.0886 7236 wcncsvc - ok
08:36:44.0901 7236 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:36:44.0917 7236 WcsPlugInService - ok
08:36:44.0933 7236 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:36:44.0933 7236 Wd - ok
08:36:44.0964 7236 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:36:44.0995 7236 Wdf01000 - ok
08:36:45.0011 7236 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:36:45.0011 7236 WdiServiceHost - ok
08:36:45.0026 7236 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:36:45.0026 7236 WdiSystemHost - ok
08:36:45.0057 7236 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:36:45.0073 7236 WebClient - ok
08:36:45.0073 7236 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:36:45.0104 7236 Wecsvc - ok
08:36:45.0120 7236 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:36:45.0120 7236 wercplsupport - ok
08:36:45.0135 7236 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:36:45.0151 7236 WerSvc - ok
08:36:45.0182 7236 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:36:45.0182 7236 WfpLwf - ok
08:36:45.0213 7236 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:36:45.0213 7236 WIMMount - ok
08:36:45.0229 7236 WinDefend - ok
08:36:45.0245 7236 WinHttpAutoProxySvc - ok
08:36:45.0307 7236 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:36:45.0323 7236 Winmgmt - ok
08:36:45.0385 7236 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:36:45.0432 7236 WinRM - ok
08:36:45.0479 7236 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:36:45.0479 7236 WinUsb - ok
08:36:45.0525 7236 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:36:45.0557 7236 Wlansvc - ok
08:36:45.0619 7236 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:36:45.0635 7236 wlcrasvc - ok
08:36:45.0775 7236 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:36:45.0806 7236 wlidsvc - ok
08:36:45.0806 7236 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:36:45.0806 7236 WmiAcpi - ok
08:36:45.0853 7236 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:36:45.0869 7236 wmiApSrv - ok
08:36:45.0884 7236 WMPNetworkSvc - ok
08:36:45.0900 7236 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:36:45.0900 7236 WPCSvc - ok
08:36:45.0915 7236 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:36:45.0915 7236 WPDBusEnum - ok
08:36:45.0931 7236 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:36:45.0931 7236 ws2ifsl - ok
08:36:45.0947 7236 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:36:45.0962 7236 wscsvc - ok
08:36:46.0025 7236 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:36:46.0040 7236 WSDPrintDevice - ok
08:36:46.0040 7236 WSearch - ok
08:36:46.0118 7236 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:36:46.0181 7236 wuauserv - ok
08:36:46.0274 7236 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:36:46.0352 7236 WudfPf - ok
08:36:46.0430 7236 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:36:46.0446 7236 WUDFRd - ok
08:36:46.0477 7236 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:36:46.0493 7236 wudfsvc - ok
08:36:46.0508 7236 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:36:46.0508 7236 WwanSvc - ok
08:36:46.0524 7236 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
08:36:46.0571 7236 \Device\Harddisk0\DR0 - ok
08:36:46.0571 7236 Boot (0x1200) (13b82f16125de53da39f103b32bf1746) \Device\Harddisk0\DR0\Partition0
08:36:46.0571 7236 \Device\Harddisk0\DR0\Partition0 - ok
08:36:46.0586 7236 Boot (0x1200) (427d713929b105e49c60f28935230466) \Device\Harddisk0\DR0\Partition1
08:36:46.0586 7236 \Device\Harddisk0\DR0\Partition1 - ok
08:36:46.0586 7236 ============================================================
08:36:46.0586 7236 Scan finished
08:36:46.0586 7236 ============================================================
08:36:46.0602 6576 Detected object count: 0
08:36:46.0602 6576 Actual detected object count: 0
08:38:27.0314 3444 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 08:38:44
-----------------------------
08:38:44.667 OS Version: Windows x64 6.1.7601 Service Pack 1
08:38:44.667 Number of processors: 8 586 0x1E05
08:38:44.668 ComputerName: BOBJ-WIN7 UserName: bobj
08:38:46.476 Initialize success
08:39:19.472 AVAST engine defs: 12041900
08:39:30.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:39:30.205 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8
08:39:30.220 Disk 0 MBR read successfully
08:39:30.236 Disk 0 MBR scan
08:39:30.236 Disk 0 Windows VISTA default MBR code
08:39:30.236 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:39:30.251 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 81920
08:39:30.267 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 953076 MB offset 1617920
08:39:30.283 Disk 0 scanning C:\Windows\system32\drivers
08:39:50.484 Service scanning
08:40:11.576 Modules scanning
08:40:11.576 Disk 0 trace - called modules:
08:40:11.607 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:40:11.607 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009554790]
08:40:11.622 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008353050]
08:40:12.512 AVAST engine scan C:\Windows
08:40:15.117 AVAST engine scan C:\Windows\system32
08:43:46.402 AVAST engine scan C:\Windows\system32\drivers
08:44:03.858 AVAST engine scan C:\Users\bobj
08:58:16.211 AVAST engine scan C:\ProgramData
09:19:32.724 Scan finished successfully
09:20:02.192 Disk 0 MBR has been saved successfully to "C:\Users\bobj\Desktop\MBR.dat"
09:20:02.192 The log file has been saved successfully to "C:\Users\bobj\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 21 April 2012 - 08:54 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\PC Optimizer Pro
c:\program files (x86)\Free Offers from Freeze.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JimVarney01

JimVarney01
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 23 April 2012 - 12:35 PM

I am out of the office today, I will get to this issue again when I have the chance.

Thank you for the reply!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 23 April 2012 - 09:36 PM

Thank you for letting me know

If I have not heard from you in a couple of days I will check on you



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JimVarney01

JimVarney01
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 April 2012 - 11:16 AM

Below is the log. I had to re-download combofix because it said my current version was expired. Did not have any other problems running it, and it did not ask me to restart at all. Computer has seemed to be ok so far, but I'm not sure if it is 100% clean or not.

Thanks,
Kurt


ComboFix 12-04-24.02 - bobj 04/24/2012 11:59:24.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8182.5522 [GMT -4:00]
Running from: c:\users\bobj\Desktop\ComboFix.exe
Command switches used :: c:\users\bobj\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Free Offers from Freeze.com
c:\program files (x86)\Free Offers from Freeze.com\6866.url
c:\program files (x86)\Free Offers from Freeze.com\6881.url
c:\program files (x86)\Free Offers from Freeze.com\6884.url
c:\program files (x86)\Free Offers from Freeze.com\control.txt
c:\program files (x86)\Free Offers from Freeze.com\dolphinico.ico
c:\program files (x86)\Free Offers from Freeze.com\games.ico
c:\program files (x86)\Free Offers from Freeze.com\musicoasis.ico
c:\programdata\PC Optimizer Pro
c:\programdata\PC Optimizer Pro\LOGS\REG_LOGS_04_09_2012_11_36_16_AM.log
c:\programdata\PC Optimizer Pro\LOGS\REG_LOGS_04_10_2012_11_34_32_AM.log
c:\programdata\PC Optimizer Pro\LOGS\REG_LOGS_04_10_2012_11_50_34_AM.log
c:\programdata\PC Optimizer Pro\LOGS\REG_LOGS_04_10_2012_16_21_57_PM.log
c:\programdata\PC Optimizer Pro\LOGS\REG_LOGS_04_10_2012_16_34_33_PM.log
c:\programdata\PC Optimizer Pro\LOGS\REG_LOGS_04_11_2012_07_54_54_AM.log
c:\windows\SysWow64\test
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 16:05 . 2012-04-24 16:05 -------- d-----w- c:\users\techedge\AppData\Local\temp
2012-04-24 16:05 . 2012-04-24 16:05 -------- d-----w- c:\users\techedge.HANCOCK\AppData\Local\temp
2012-04-24 16:05 . 2012-04-24 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 16:05 . 2012-04-24 16:05 -------- d-----w- c:\users\bob\AppData\Local\temp
2012-04-24 06:02 . 2012-04-24 06:02 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2F8983E-003B-434E-8657-180B9574CCA6}\offreg.dll
2012-04-24 06:02 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2F8983E-003B-434E-8657-180B9574CCA6}\mpengine.dll
2012-04-11 12:09 . 2012-04-11 12:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-04-11 07:03 . 2012-04-11 07:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-11 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\programdata\AMD
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-10 20:30 . 2012-04-10 20:30 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-10 20:26 . 2012-04-10 20:30 -------- d-----w- c:\program files\ATI Technologies
2012-04-10 20:26 . 2012-04-10 20:26 -------- d-----w- c:\program files\ATI
2012-04-10 20:25 . 2012-04-10 20:25 -------- d-----w- C:\AMD
2012-04-09 17:32 . 2012-04-09 17:33 -------- d-----w- c:\program files\iTunes
2012-04-09 17:32 . 2012-04-09 17:33 -------- d-----w- c:\program files (x86)\iTunes
2012-04-09 17:32 . 2012-04-09 17:32 -------- d-----w- c:\program files\iPod
2012-04-09 16:19 . 2012-04-14 01:19 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 15:32 . 2012-04-14 01:19 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-09 15:00 . 2012-04-09 15:00 -------- d-----w- c:\users\bobj\AppData\Local\visi_coupon
2012-04-09 12:57 . 2012-04-09 13:10 -------- d-----w- c:\users\bobj\AppData\Local\FileTypeAssistant
2012-04-09 12:56 . 2012-04-09 12:56 18944 ----a-r- c:\users\bobj\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-04-09 12:55 . 2012-04-10 16:16 -------- d-----w- c:\programdata\Yahoo!
2012-04-09 12:55 . 2012-04-10 16:16 -------- d-----w- c:\program files (x86)\Yahoo!
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-28 18:29 . 2012-03-28 18:29 -------- d-----w- c:\users\bobj\AppData\Roaming\Topalt
2012-03-28 14:12 . 2012-03-28 14:12 -------- d-----w- c:\users\bobj\AppData\Local\APN
2012-03-28 14:12 . 2012-04-10 16:12 -------- d-----w- c:\users\bobj\AppData\Roaming\Easy Duplicate Finder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:19 . 2011-05-13 14:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2011-01-24 16:42 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 19:56 . 2011-01-26 17:41 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2011-01-15 14:03 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2012-03-09 03:57 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2012-03-09 03:47 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 22:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 22:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-17 06:38 . 2012-03-13 21:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 21:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 21:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 21:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 12:03 . 2012-02-10 12:04 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B64035E9-61CC-4BD5-A936-3B620982E003}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 21:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 21:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 11:48 . 2011-01-25 13:18 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-09 11:48 . 2011-01-25 13:18 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-09 11:48 . 2011-01-25 13:18 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 04:34 . 2012-03-13 21:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-01-21 16:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-17_12.18.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-15 12:23 . 2012-04-17 13:02 35940 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-17 21:04 53870 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-01-21 15:40 . 2012-04-17 12:17 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-21 15:40 . 2012-04-24 16:07 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 15:40 . 2012-04-17 12:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-21 15:40 . 2012-04-24 16:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-24 16:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 12:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 19:14 . 2012-04-24 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 19:14 . 2012-04-17 12:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-24 21:09 . 2012-04-17 15:59 9054 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2759384936-1780340661-1091857603-1167_UserData.bin
+ 2012-04-17 21:02 . 2012-04-24 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-17 12:17 . 2012-04-17 12:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-17 21:02 . 2012-04-24 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-17 12:17 . 2012-04-17 12:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-17 11:55 666896 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-19 12:29 666896 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-19 12:29 123654 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-17 11:55 123654 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-04-19 20:22 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-04-12 20:21 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-04-10 16:17 478708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-17 15:56 478708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-19 11:14 . 2012-04-17 21:01 13911368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759384936-1780340661-1091857603-1167-12288.dat
- 2011-04-19 11:14 . 2012-04-10 16:17 13911368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2759384936-1780340661-1091857603-1167-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-01-24 160328]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-27 39408]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-04-04 1261472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\bobj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-14 5961048]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2010\QBW32.EXE [2012-3-14 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-09 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:19]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 15:07]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 15:07]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759384936-1780340661-1091857603-1167Core.job
- c:\users\bobj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 15:07]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759384936-1780340661-1091857603-1167UA.job
- c:\users\bobj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 15:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2009-08-26 2900992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_SP,204,0_0,StartPage,20120415,17117,0,18,0
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.23
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://bobj.dyndns-remote.com:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://bobj.dyndns-remote.com:100/VideoViewer.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://rodsecurity25.dvrdns.org/WebClient.cab
FF - ProfilePath - c:\users\bobj\AppData\Roaming\Mozilla\Firefox\Profiles\2ipq8eyf.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80379&language=en&qkw=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Common Files\Comscan\Comscan.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-04-24 12:13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 16:13
ComboFix2.txt 2012-04-17 16:09
ComboFix3.txt 2012-04-17 12:22
.
Pre-Run: 877,794,836,480 bytes free
Post-Run: 877,574,619,136 bytes free
.
- - End Of File - - 3EAD1A2F81C142AE4416F837FECAFCD1

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 26 April 2012 - 11:35 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:40 AM

Posted 30 April 2012 - 02:55 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JimVarney01

JimVarney01
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 April 2012 - 08:59 PM

I will try to get on that machine soon. I haven't had a chance yet




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users