Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Dropper BC Miner - Redirecting


  • This topic is locked This topic is locked
19 replies to this topic

#1 sixty

sixty

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 26 June 2012 - 06:56 PM

I was infected with the subject trojan which is causing redirecting and slowing my internet connection to a crawl. Malwarebytes detects it but won't remove it. I have spent quite a few hours trying to remove it myself but it appears I have been defeated. Any help you guys can provide will be greatly apreciated!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 27 June 2012 - 01:13 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 29 June 2012 - 11:15 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 sixty

sixty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 July 2012 - 12:43 PM

Sorry, I have been out of town and just now had the opportunity to check this thread. Sorry if I caused any inconveinence!

Here are my DDS logs

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Owned at 09:44:49 on 2012-07-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.831 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Owned\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPIShell.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: 4shared Toolbar: {95080b13-aa71-4ee8-b951-7e98221e1ed5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [AnRKntfWhA.exe] C:\ProgramData\AnRKntfWhA.exe
uRun: [4Sync] "C:\Program Files (x86)\4Sync\4Sync.exe" -startup
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Heleni Uploader] C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040111 serial=dr12wex-1504435-fce lang=EN
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Owned\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owned\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &4shared Search - C:\Program Files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.4
TCP: Interfaces\{71401B3E-8895-4F24-8C02-07A0986DE448} : DhcpNameServer = 192.168.0.4
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: 4shared Toolbar: {95080B13-AA71-4EE8-B951-7E98221E1ED5} - C:\Program Files (x86)\4shared Toolbar\4sharedbar.dll
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Heleni Uploader] C:\Program Files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040111 serial=dr12wex-1504435-fce lang=EN
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: acaptuser32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owned\AppData\Roaming\Mozilla\Firefox\Profiles\bqonq4c0.default\
FF - prefs.js: browser.startup.homepage - hxxp://websearch.4shared.com
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-27 654408]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-3-16 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257224]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-3-16 1436424]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-21 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-31 129976]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-06-26 23:39:42 -------- d-----w- C:\Users\Owned\AppData\Local\Apps
2012-06-26 21:45:18 -------- d-----w- C:\Users\Owned\AppData\Roaming\SpeedyPC Software
2012-06-26 21:45:18 -------- d-----w- C:\Users\Owned\AppData\Roaming\DriverCure
2012-06-26 21:44:44 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-06-26 21:44:44 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-06-26 21:44:44 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-06-26 19:59:35 110080 ----a-r- C:\Users\Owned\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-26 19:59:35 110080 ----a-r- C:\Users\Owned\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-26 19:59:35 110080 ----a-r- C:\Users\Owned\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-26 19:59:31 -------- d-----w- C:\sh4ldr
2012-06-26 19:59:24 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-26 19:56:34 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-26 19:56:28 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-25 21:01:19 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-31 22:58:01 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-31 22:57:54 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-05-31 22:57:53 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-31 22:57:53 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-31 22:57:53 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-05-31 22:57:53 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 22:57:53 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-31 22:57:52 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-31 22:57:52 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-31 22:57:52 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
.
==================== Find3M ====================
.
2012-06-25 20:36:35 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 20:36:35 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-25 23:46:59 867064 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-05-24 23:14:11 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-05-04 18:13:32 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 18:26:29 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2012-04-13 01:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-04-13 01:12:54 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-04-13 01:12:54 166192 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-04-13 01:12:54 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-04-13 01:12:52 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 09:46:50.84 ===============



Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/16/2011 10:31:43 AM
System Uptime: 7/02/2012 2:21:28 PM (2 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Basswood3G
Processor: Intel® Core™2 Quad CPU @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 4.258 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 10.749 GiB free.
E: is FIXED (NTFS) - 9 GiB total, 1.01 GiB free.
F: is CDROM ()
G: is NetworkDisk (NTFS) - 455 GiB total, 243.059 GiB free.
H: is NetworkDisk (NTFS) - 455 GiB total, 243.059 GiB free.
J: is NetworkDisk (NTFS) - 455 GiB total, 243.059 GiB free.
L: is Removable
N: is Removable
P: is Removable
Q: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_5B7A&SUBSYS_74000070&REV_00\4&12A7A555&0&00F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_5B7A&SUBSYS_74000070&REV_00\4&12A7A555&0&00F0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
4shared Toolbar
4Sync
AC3Filter 1.63b
AccuRender nXt Materials
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.3.2 - CPSID_53951
Adobe Flash Player 11 ActiveX
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Auto Hide IP
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
BELKIN F5U109
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
COMcheck 3.9.0.3 (Current User)
CopyTrans Suite Remove Only
CorelDRAW Graphics Suite 12
DivX Setup
Dropbox
Epson Copy Utility 3.4
Epson Event Manager
EPSON GT-1500 User's Guide
EPSON Scan
EPSON Scan PDF EXtensions
ESET Online Scanner v3
FARO LS 1.1.406.58
Google Earth
Google Update Helper
Hide IP Platinum 3.5
ISIS Driver - EPSON GT-1500 v1.6.10802.6001
Java Auto Updater
Java™ 6 Update 26
Malwarebytes Anti-Malware version 1.61.0.1400
MDI Viewer for Microsoft Office 2.0
Microsoft Office FrontPage 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NewsBin Pro
NFPA's National Fire Codes
Power Commander Control Center 3.2.0 (Test Build 1)
Prolink Version 1.15
QuickBooks
QuickBooks Pro 2010
Quicken 2008
QuickTime
Realtek High Definition Audio Driver
ScanSoft PaperPort 11
SpectrumLink v.7.5
SpeedyPC Pro
Topo USA 5.0
U232 P9/P25 10.2.98
VC80CRTRedist - 8.0.50727.6195
version 1.0.6.1
ViewCompanion Pro v 4.06
WorkForce GT-1500 Scanner Driver Update
.
==== Event Viewer Messages From Past Week ========
.
6/26/2012 3:24:17 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
6/26/2012 2:19:26 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/26/2012 1:54:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
6/26/2012 1:54:21 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/26/2012 1:54:19 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/26/2012 1:54:19 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/26/2012 1:54:18 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/26/2012 1:53:52 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
.
==== End Of File ===========================

Edited by sixty, 02 July 2012 - 12:44 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 02 July 2012 - 01:45 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 sixty

sixty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 July 2012 - 04:55 PM

Here is my Combofix Log, It hung a few times during install but worked fine once the install was successful. the system seems to be running good and the windows firewall is now working. Thanks for your help!


ComboFix 12-07-02.01 - Owned 07/02/2012 13:51:55.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1569 [GMT -7:00]
Running from: c:\users\Owned\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owned\AppData\Local\{b7c079a7-7def-4284-66c7-ed22915e570a}
c:\users\Owned\AppData\Local\{b7c079a7-7def-4284-66c7-ed22915e570a}\@
c:\users\Owned\AppData\Local\{b7c079a7-7def-4284-66c7-ed22915e570a}\n
c:\users\Owned\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\Owned\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\users\Owned\AppData\Roaming\Ownedlog.dat
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{b7c079a7-7def-4284-66c7-ed22915e570a}
c:\windows\Installer\{b7c079a7-7def-4284-66c7-ed22915e570a}\@
c:\windows\XSxS
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 21:00 . 2012-07-02 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 20:46 . 2012-07-02 20:46 16712 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-06-26 23:39 . 2012-06-26 23:39 -------- d-----w- c:\users\Owned\AppData\Local\Apps
2012-06-26 21:45 . 2012-06-26 21:45 -------- d-----w- c:\users\Owned\AppData\Roaming\SpeedyPC Software
2012-06-26 21:45 . 2012-06-26 21:45 -------- d-----w- c:\users\Owned\AppData\Roaming\DriverCure
2012-06-26 21:44 . 2012-07-02 20:43 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-26 19:59 . 2012-06-26 19:59 110080 ----a-r- c:\users\Owned\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-06-26 19:59 . 2012-06-26 19:59 110080 ----a-r- c:\users\Owned\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-06-26 19:59 . 2012-06-26 19:59 110080 ----a-r- c:\users\Owned\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-06-26 19:59 . 2012-06-26 20:00 -------- d-----w- C:\sh4ldr
2012-06-26 19:59 . 2012-06-26 19:59 -------- d-----w- c:\program files\Enigma Software Group
2012-06-26 19:56 . 2012-07-02 20:44 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-26 19:56 . 2012-06-26 19:56 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-25 21:01 . 2012-06-25 21:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-12 20:31 . 2012-06-12 20:31 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-12 20:31 . 2012-06-12 20:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 20:36 . 2012-04-02 22:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 20:36 . 2012-04-02 22:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-25 23:46 . 2012-05-25 23:16 867064 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-24 23:15 . 2012-05-24 23:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-24 23:15 . 2012-05-24 23:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-24 23:15 . 2012-05-24 23:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-24 23:15 . 2012-05-24 23:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-24 23:15 . 2012-05-24 23:15 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-24 23:15 . 2012-05-24 23:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-24 23:15 . 2012-05-24 23:15 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-24 23:15 . 2012-05-24 23:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-24 23:15 . 2012-05-24 23:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-24 23:15 . 2012-05-24 23:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-24 23:15 . 2012-05-24 23:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-24 23:15 . 2012-05-24 23:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-24 23:15 . 2012-05-24 23:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-24 23:15 . 2012-05-24 23:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-24 23:15 . 2012-05-24 23:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-24 23:15 . 2012-05-24 23:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-24 23:15 . 2012-05-24 23:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-24 23:15 . 2012-05-24 23:15 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-24 23:15 . 2012-05-24 23:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-24 23:15 . 2012-05-24 23:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-24 23:15 . 2012-05-24 23:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-24 23:15 . 2012-05-24 23:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-24 23:15 . 2012-05-24 23:15 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-24 23:15 . 2012-05-24 23:15 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-05-24 23:15 . 2012-05-24 23:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-24 23:15 . 2012-05-24 23:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-24 23:15 . 2012-05-24 23:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-24 23:15 . 2012-05-24 23:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-24 23:15 . 2012-05-24 23:15 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-05-24 23:15 . 2012-05-24 23:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-24 23:15 . 2012-05-24 23:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-24 23:15 . 2012-05-24 23:15 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-24 23:15 . 2012-05-24 23:15 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-24 23:15 . 2012-05-24 23:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-24 23:15 . 2012-05-24 23:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-24 23:15 . 2012-05-24 23:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-24 23:15 . 2012-05-24 23:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-24 23:15 . 2012-05-24 23:15 448512 ----a-w- c:\windows\system32\html.iec
2012-05-24 23:15 . 2012-05-24 23:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-24 23:15 . 2012-05-24 23:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-24 23:15 . 2012-05-24 23:15 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-24 23:15 . 2012-05-24 23:15 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-24 23:14 . 2012-05-24 23:14 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-05-24 23:14 . 2012-05-24 23:14 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-24 23:14 . 2012-05-24 23:14 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-24 23:14 . 2012-05-24 23:14 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-24 23:14 . 2012-05-24 23:14 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-24 23:14 . 2012-05-24 23:14 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-24 23:14 . 2012-05-24 23:14 4068864 ----a-w- c:\windows\system32\mf.dll
2012-05-24 23:14 . 2012-05-24 23:14 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-24 23:14 . 2012-05-24 23:14 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-05-24 23:14 . 2012-05-24 23:14 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-24 23:14 . 2012-05-24 23:14 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-24 23:14 . 2012-05-24 23:14 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-05-24 23:14 . 2012-05-24 23:14 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-24 23:14 . 2012-05-24 23:14 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-24 23:14 . 2012-05-24 23:14 206848 ----a-w- c:\windows\system32\mfps.dll
2012-05-24 23:14 . 2012-05-24 23:14 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-24 23:14 . 2012-05-24 23:14 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-05-24 23:14 . 2012-05-24 23:14 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-05-24 23:14 . 2012-05-24 23:14 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-24 23:14 . 2012-05-24 23:14 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-24 23:14 . 2012-05-24 23:14 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-05-24 23:14 . 2012-05-24 23:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-24 23:14 . 2012-05-24 23:14 1540608 ----a-w- c:\windows\system32\DWrite.dll
2012-05-24 23:14 . 2012-05-24 23:14 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-05-24 23:14 . 2012-05-24 23:14 144384 ----a-w- c:\windows\system32\cdd.dll
2012-05-24 23:14 . 2012-05-24 23:14 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-05-24 23:14 . 2012-05-24 23:14 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-24 23:14 . 2012-05-24 23:14 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-05-24 23:14 . 2012-05-24 23:14 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-04 18:13 . 2012-04-14 08:25 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 18:26 . 2011-03-16 20:11 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-04-13 01:12 . 2012-04-13 01:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-13 01:12 . 2012-05-16 23:24 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-13 01:12 . 2012-05-16 23:24 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-13 01:12 . 2012-04-13 01:12 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-13 01:12 . 2012-04-13 01:12 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-04-04 22:56 . 2012-01-13 22:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-03-16 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files (x86)\4shared Toolbar\4sharedbar.dll" [2011-11-03 204800]
.
[HKEY_CLASSES_ROOT\clsid\{95080b13-aa71-4ee8-b951-7e98221e1ed5}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-26 740216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2988488]
"4Sync"="c:\program files (x86)\4Sync\4Sync.exe" [2011-11-08 7713272]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Heleni Uploader"="c:\program files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe" [2010-12-23 130560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"CorelDRAW Graphics Suite 11b"="c:\program files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-01-14 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-01-14 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Owned\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owned\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-31 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP113;PROCEXP113;c:\windows\system32\Drivers\PROCEXP113.SYS [2012-07-02 16712]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-16 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-25 867064]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-13 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-13 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-13 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-13 166192]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:36]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 20:31]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 20:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files (x86)\4shared Toolbar\4sharedbar64.dll" [2011-11-03 244736]
.
[HKEY_CLASSES_ROOT\CLSID\{95080B13-AA71-4EE8-B951-7E98221E1ED5}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 112512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF30393.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
IE: &4shared Search - c:\program files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM
TCP: DhcpNameServer = 192.168.0.4
FF - ProfilePath - c:\users\Owned\AppData\Roaming\Mozilla\Firefox\Profiles\bqonq4c0.default\
FF - prefs.js: browser.startup.homepage - hxxp://websearch.4shared.com
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AnRKntfWhA.exe - c:\programdata\AnRKntfWhA.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
.
Completion time: 2012-07-02 14:16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-02 21:16
ComboFix2.txt 2010-06-04 19:28
.
Pre-Run: 7,910,166,528 bytes free
Post-Run: 9,396,342,784 bytes free
.
- - End Of File - - 2F9F072E42B3B6CCBF35DAB3CBD27744

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 02 July 2012 - 09:13 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 sixty

sixty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 July 2012 - 02:36 PM

Both tools ran no problem. I Rebooted after TDS killer ran. Here are the logs:

TDSkiller:

12:03:08.0084 4648 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
12:03:08.0911 4648 ============================================================
12:03:08.0911 4648 Current date / time: 2012/07/03 12:03:08.0911
12:03:08.0911 4648 SystemInfo:
12:03:08.0911 4648
12:03:08.0911 4648 OS Version: 6.1.7600 ServicePack: 0.0
12:03:08.0911 4648 Product type: Workstation
12:03:08.0911 4648 ComputerName: OWNED-PC
12:03:08.0911 4648 UserName: Owned
12:03:08.0911 4648 Windows directory: C:\Windows
12:03:08.0911 4648 System windows directory: C:\Windows
12:03:08.0911 4648 Running under WOW64
12:03:08.0911 4648 Processor architecture: Intel x64
12:03:08.0911 4648 Number of processors: 4
12:03:08.0911 4648 Page size: 0x1000
12:03:08.0911 4648 Boot type: Normal boot
12:03:08.0911 4648 ============================================================
12:03:09.0457 4648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:03:09.0472 4648 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:03:09.0488 4648 ============================================================
12:03:09.0488 4648 \Device\Harddisk0\DR0:
12:03:09.0488 4648 MBR partitions:
12:03:09.0488 4648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
12:03:09.0488 4648 \Device\Harddisk1\DR1:
12:03:09.0504 4648 MBR partitions:
12:03:09.0504 4648 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24254235
12:03:09.0504 4648 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x24254274, BlocksNum 0x11D944D
12:03:09.0504 4648 ============================================================
12:03:09.0535 4648 C: <-> \Device\Harddisk1\DR1\Partition0
12:03:09.0550 4648 D: <-> \Device\Harddisk0\DR0\Partition0
12:03:09.0597 4648 E: <-> \Device\Harddisk1\DR1\Partition1
12:03:09.0597 4648 ============================================================
12:03:09.0597 4648 Initialize success
12:03:09.0597 4648 ============================================================
12:03:19.0066 0748 ============================================================
12:03:19.0066 0748 Scan started
12:03:19.0066 0748 Mode: Manual;
12:03:19.0066 0748 ============================================================
12:03:21.0672 0748 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:03:21.0687 0748 !SASCORE - ok
12:03:21.0828 0748 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:03:21.0843 0748 1394ohci - ok
12:03:21.0874 0748 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:03:21.0874 0748 ACPI - ok
12:03:21.0906 0748 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:03:21.0906 0748 AcpiPmi - ok
12:03:22.0062 0748 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:03:22.0077 0748 AdobeFlashPlayerUpdateSvc - ok
12:03:22.0155 0748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:03:22.0186 0748 adp94xx - ok
12:03:22.0218 0748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:03:22.0233 0748 adpahci - ok
12:03:22.0264 0748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:03:22.0280 0748 adpu320 - ok
12:03:22.0327 0748 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:03:22.0327 0748 AeLookupSvc - ok
12:03:22.0374 0748 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
12:03:22.0405 0748 AFD - ok
12:03:22.0420 0748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:03:22.0420 0748 agp440 - ok
12:03:22.0452 0748 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:03:22.0452 0748 ALG - ok
12:03:22.0483 0748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:03:22.0483 0748 aliide - ok
12:03:22.0545 0748 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
12:03:22.0561 0748 AMD External Events Utility - ok
12:03:22.0608 0748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:03:22.0608 0748 amdide - ok
12:03:22.0623 0748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:03:22.0623 0748 AmdK8 - ok
12:03:23.0200 0748 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:03:23.0434 0748 amdkmdag - ok
12:03:23.0544 0748 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
12:03:23.0544 0748 amdkmdap - ok
12:03:23.0606 0748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:03:23.0606 0748 AmdPPM - ok
12:03:23.0637 0748 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
12:03:23.0637 0748 amdsata - ok
12:03:23.0653 0748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:03:23.0668 0748 amdsbs - ok
12:03:23.0684 0748 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
12:03:23.0684 0748 amdxata - ok
12:03:23.0731 0748 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:03:23.0731 0748 AppID - ok
12:03:23.0778 0748 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:03:23.0778 0748 AppIDSvc - ok
12:03:23.0793 0748 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
12:03:23.0793 0748 Appinfo - ok
12:03:23.0934 0748 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:03:23.0934 0748 Apple Mobile Device - ok
12:03:23.0996 0748 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:03:24.0012 0748 AppMgmt - ok
12:03:24.0027 0748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:03:24.0043 0748 arc - ok
12:03:24.0090 0748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:03:24.0105 0748 arcsas - ok
12:03:24.0136 0748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:03:24.0136 0748 AsyncMac - ok
12:03:24.0152 0748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:03:24.0152 0748 atapi - ok
12:03:24.0230 0748 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
12:03:24.0246 0748 AtiHDAudioService - ok
12:03:24.0807 0748 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:03:24.0870 0748 atikmdag - ok
12:03:25.0041 0748 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:03:25.0088 0748 AudioEndpointBuilder - ok
12:03:25.0088 0748 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:03:25.0104 0748 AudioSrv - ok
12:03:25.0135 0748 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
12:03:25.0135 0748 AxInstSV - ok
12:03:25.0228 0748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:03:25.0244 0748 b06bdrv - ok
12:03:25.0291 0748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:03:25.0291 0748 b57nd60a - ok
12:03:25.0353 0748 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:03:25.0369 0748 BDESVC - ok
12:03:25.0369 0748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:03:25.0369 0748 Beep - ok
12:03:25.0416 0748 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
12:03:25.0431 0748 BFE - ok
12:03:25.0509 0748 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
12:03:25.0556 0748 BITS - ok
12:03:25.0587 0748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:03:25.0587 0748 blbdrive - ok
12:03:25.0681 0748 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:03:25.0696 0748 Bonjour Service - ok
12:03:25.0728 0748 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
12:03:25.0728 0748 bowser - ok
12:03:25.0743 0748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:03:25.0743 0748 BrFiltLo - ok
12:03:25.0759 0748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:03:25.0759 0748 BrFiltUp - ok
12:03:25.0806 0748 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:03:25.0806 0748 BridgeMP - ok
12:03:25.0868 0748 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
12:03:25.0868 0748 Browser - ok
12:03:25.0899 0748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:03:25.0915 0748 Brserid - ok
12:03:25.0930 0748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:03:25.0930 0748 BrSerWdm - ok
12:03:25.0946 0748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:03:25.0946 0748 BrUsbMdm - ok
12:03:25.0946 0748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:03:25.0946 0748 BrUsbSer - ok
12:03:25.0993 0748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:03:26.0008 0748 BTHMODEM - ok
12:03:26.0040 0748 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:03:26.0040 0748 bthserv - ok
12:03:26.0071 0748 catchme - ok
12:03:26.0118 0748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:03:26.0118 0748 cdfs - ok
12:03:26.0149 0748 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:03:26.0164 0748 cdrom - ok
12:03:26.0180 0748 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:03:26.0180 0748 CertPropSvc - ok
12:03:26.0196 0748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:03:26.0196 0748 circlass - ok
12:03:26.0258 0748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:03:26.0274 0748 CLFS - ok
12:03:26.0383 0748 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:03:26.0383 0748 clr_optimization_v2.0.50727_32 - ok
12:03:26.0445 0748 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:03:26.0461 0748 clr_optimization_v2.0.50727_64 - ok
12:03:26.0523 0748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:03:26.0523 0748 CmBatt - ok
12:03:26.0523 0748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:03:26.0523 0748 cmdide - ok
12:03:26.0570 0748 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:03:26.0586 0748 CNG - ok
12:03:26.0617 0748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:03:26.0617 0748 Compbatt - ok
12:03:26.0632 0748 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:03:26.0648 0748 CompositeBus - ok
12:03:26.0664 0748 COMSysApp - ok
12:03:26.0710 0748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:03:26.0710 0748 crcdisk - ok
12:03:26.0773 0748 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
12:03:26.0788 0748 CryptSvc - ok
12:03:26.0866 0748 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
12:03:26.0882 0748 CSC - ok
12:03:26.0929 0748 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
12:03:26.0960 0748 CscService - ok
12:03:27.0038 0748 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
12:03:27.0038 0748 dc3d - ok
12:03:27.0132 0748 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:03:27.0147 0748 DcomLaunch - ok
12:03:27.0241 0748 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:03:27.0241 0748 defragsvc - ok
12:03:27.0303 0748 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
12:03:27.0303 0748 DfsC - ok
12:03:27.0350 0748 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
12:03:27.0366 0748 Dhcp - ok
12:03:27.0381 0748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:03:27.0381 0748 discache - ok
12:03:27.0412 0748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:03:27.0412 0748 Disk - ok
12:03:27.0459 0748 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
12:03:27.0475 0748 Dnscache - ok
12:03:27.0506 0748 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
12:03:27.0522 0748 dot3svc - ok
12:03:27.0537 0748 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
12:03:27.0553 0748 DPS - ok
12:03:27.0615 0748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:03:27.0615 0748 drmkaud - ok
12:03:27.0709 0748 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:03:27.0740 0748 DXGKrnl - ok
12:03:27.0787 0748 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
12:03:27.0802 0748 e1express - ok
12:03:27.0865 0748 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:03:27.0865 0748 EapHost - ok
12:03:28.0052 0748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:03:28.0130 0748 ebdrv - ok
12:03:28.0286 0748 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
12:03:28.0286 0748 EFS - ok
12:03:28.0395 0748 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
12:03:28.0411 0748 ehRecvr - ok
12:03:28.0442 0748 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:03:28.0442 0748 ehSched - ok
12:03:28.0536 0748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:03:28.0567 0748 elxstor - ok
12:03:28.0582 0748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:03:28.0582 0748 ErrDev - ok
12:03:28.0660 0748 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:03:28.0676 0748 EventSystem - ok
12:03:28.0707 0748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:03:28.0707 0748 exfat - ok
12:03:28.0754 0748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:03:28.0770 0748 fastfat - ok
12:03:28.0863 0748 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
12:03:28.0879 0748 Fax - ok
12:03:28.0941 0748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:03:28.0941 0748 fdc - ok
12:03:28.0957 0748 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:03:28.0972 0748 fdPHost - ok
12:03:28.0988 0748 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:03:28.0988 0748 FDResPub - ok
12:03:29.0035 0748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:03:29.0035 0748 FileInfo - ok
12:03:29.0050 0748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:03:29.0050 0748 Filetrace - ok
12:03:29.0160 0748 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:03:29.0175 0748 FLEXnet Licensing Service - ok
12:03:29.0300 0748 FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
12:03:29.0394 0748 FLEXnet Licensing Service 64 - ok
12:03:29.0550 0748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:03:29.0550 0748 flpydisk - ok
12:03:29.0581 0748 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:03:29.0581 0748 FltMgr - ok
12:03:29.0674 0748 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
12:03:29.0706 0748 FontCache - ok
12:03:29.0830 0748 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:03:29.0830 0748 FontCache3.0.0.0 - ok
12:03:29.0893 0748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:03:29.0893 0748 FsDepends - ok
12:03:29.0908 0748 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:03:29.0908 0748 Fs_Rec - ok
12:03:29.0940 0748 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
12:03:29.0955 0748 fvevol - ok
12:03:29.0971 0748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:03:29.0971 0748 gagp30kx - ok
12:03:30.0064 0748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:03:30.0096 0748 GEARAspiWDM - ok
12:03:30.0174 0748 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
12:03:30.0205 0748 gpsvc - ok
12:03:30.0345 0748 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:03:30.0361 0748 gupdate - ok
12:03:30.0361 0748 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:03:30.0361 0748 gupdatem - ok
12:03:30.0423 0748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:03:30.0423 0748 hcw85cir - ok
12:03:30.0486 0748 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:03:30.0501 0748 HdAudAddService - ok
12:03:30.0532 0748 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:03:30.0548 0748 HDAudBus - ok
12:03:30.0564 0748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:03:30.0564 0748 HidBatt - ok
12:03:30.0610 0748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:03:30.0626 0748 HidBth - ok
12:03:30.0642 0748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:03:30.0642 0748 HidIr - ok
12:03:30.0704 0748 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:03:30.0704 0748 hidserv - ok
12:03:30.0735 0748 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:03:30.0735 0748 HidUsb - ok
12:03:30.0798 0748 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
12:03:30.0798 0748 hkmsvc - ok
12:03:30.0813 0748 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
12:03:30.0829 0748 HomeGroupListener - ok
12:03:30.0891 0748 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
12:03:30.0907 0748 HomeGroupProvider - ok
12:03:30.0922 0748 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:03:30.0922 0748 HpSAMD - ok
12:03:30.0969 0748 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:03:31.0000 0748 HTTP - ok
12:03:31.0047 0748 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:03:31.0047 0748 hwpolicy - ok
12:03:31.0110 0748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:03:31.0110 0748 i8042prt - ok
12:03:31.0141 0748 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
12:03:31.0141 0748 iaStorV - ok
12:03:31.0297 0748 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:03:31.0328 0748 idsvc - ok
12:03:31.0344 0748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:03:31.0344 0748 iirsp - ok
12:03:31.0437 0748 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
12:03:31.0468 0748 IKEEXT - ok
12:03:31.0640 0748 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
12:03:31.0702 0748 IntcAzAudAddService - ok
12:03:31.0843 0748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:03:31.0843 0748 intelide - ok
12:03:31.0858 0748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:03:31.0858 0748 intelppm - ok
12:03:31.0936 0748 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:03:31.0936 0748 IPBusEnum - ok
12:03:31.0952 0748 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:03:31.0968 0748 IpFilterDriver - ok
12:03:32.0124 0748 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
12:03:32.0139 0748 iphlpsvc - ok
12:03:32.0170 0748 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:03:32.0170 0748 IPMIDRV - ok
12:03:32.0202 0748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:03:32.0202 0748 IPNAT - ok
12:03:32.0326 0748 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
12:03:32.0389 0748 iPod Service - ok
12:03:32.0451 0748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:03:32.0451 0748 IRENUM - ok
12:03:32.0467 0748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:03:32.0467 0748 isapnp - ok
12:03:32.0529 0748 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:03:32.0545 0748 iScsiPrt - ok
12:03:32.0560 0748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:03:32.0560 0748 kbdclass - ok
12:03:32.0592 0748 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:03:32.0592 0748 kbdhid - ok
12:03:32.0685 0748 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:03:32.0685 0748 KeyIso - ok
12:03:32.0701 0748 KMService - ok
12:03:32.0763 0748 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:03:32.0763 0748 KSecDD - ok
12:03:32.0826 0748 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:03:32.0826 0748 KSecPkg - ok
12:03:32.0841 0748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:03:32.0841 0748 ksthunk - ok
12:03:32.0904 0748 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:03:32.0950 0748 KtmRm - ok
12:03:33.0013 0748 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
12:03:33.0060 0748 LanmanServer - ok
12:03:33.0122 0748 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
12:03:33.0138 0748 LanmanWorkstation - ok
12:03:33.0325 0748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:03:33.0387 0748 lltdio - ok
12:03:33.0450 0748 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:03:33.0465 0748 lltdsvc - ok
12:03:33.0481 0748 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:03:33.0481 0748 lmhosts - ok
12:03:33.0512 0748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:03:33.0528 0748 LSI_FC - ok
12:03:33.0543 0748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:03:33.0543 0748 LSI_SAS - ok
12:03:33.0559 0748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:03:33.0559 0748 LSI_SAS2 - ok
12:03:33.0590 0748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:03:33.0590 0748 LSI_SCSI - ok
12:03:33.0606 0748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:03:33.0621 0748 luafv - ok
12:03:33.0684 0748 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:03:33.0684 0748 MBAMProtector - ok
12:03:33.0793 0748 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:03:33.0824 0748 MBAMService - ok
12:03:33.0886 0748 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
12:03:33.0886 0748 Mcx2Svc - ok
12:03:33.0933 0748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:03:33.0933 0748 megasas - ok
12:03:33.0964 0748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:03:33.0980 0748 MegaSR - ok
12:03:34.0042 0748 Microsoft SharePoint Workspace Audit Service - ok
12:03:34.0120 0748 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:03:34.0136 0748 MMCSS - ok
12:03:34.0183 0748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:03:34.0183 0748 Modem - ok
12:03:34.0230 0748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:03:34.0230 0748 monitor - ok
12:03:34.0245 0748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:03:34.0245 0748 mouclass - ok
12:03:34.0276 0748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:03:34.0276 0748 mouhid - ok
12:03:34.0292 0748 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:03:34.0292 0748 mountmgr - ok
12:03:34.0370 0748 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:03:34.0370 0748 MozillaMaintenance - ok
12:03:34.0401 0748 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:03:34.0417 0748 mpio - ok
12:03:34.0432 0748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:03:34.0432 0748 mpsdrv - ok
12:03:34.0526 0748 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
12:03:34.0557 0748 MpsSvc - ok
12:03:34.0588 0748 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:03:34.0588 0748 MRxDAV - ok
12:03:34.0651 0748 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:03:34.0666 0748 mrxsmb - ok
12:03:34.0698 0748 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:03:34.0713 0748 mrxsmb10 - ok
12:03:34.0760 0748 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:03:34.0760 0748 mrxsmb20 - ok
12:03:34.0822 0748 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:03:34.0822 0748 msahci - ok
12:03:34.0838 0748 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:03:34.0854 0748 msdsm - ok
12:03:34.0900 0748 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:03:34.0916 0748 MSDTC - ok
12:03:34.0932 0748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:03:34.0932 0748 Msfs - ok
12:03:34.0932 0748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:03:34.0947 0748 mshidkmdf - ok
12:03:34.0947 0748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:03:34.0947 0748 msisadrv - ok
12:03:35.0010 0748 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:03:35.0025 0748 MSiSCSI - ok
12:03:35.0025 0748 msiserver - ok
12:03:35.0056 0748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:03:35.0056 0748 MSKSSRV - ok
12:03:35.0072 0748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:03:35.0072 0748 MSPCLOCK - ok
12:03:35.0088 0748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:03:35.0088 0748 MSPQM - ok
12:03:35.0119 0748 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:03:35.0134 0748 MsRPC - ok
12:03:35.0150 0748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:03:35.0150 0748 mssmbios - ok
12:03:35.0150 0748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:03:35.0166 0748 MSTEE - ok
12:03:35.0181 0748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:03:35.0181 0748 MTConfig - ok
12:03:35.0197 0748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:03:35.0197 0748 Mup - ok
12:03:35.0275 0748 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
12:03:35.0306 0748 napagent - ok
12:03:35.0384 0748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:03:35.0400 0748 NativeWifiP - ok
12:03:35.0478 0748 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:03:35.0524 0748 NDIS - ok
12:03:35.0540 0748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:03:35.0540 0748 NdisCap - ok
12:03:35.0556 0748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:03:35.0556 0748 NdisTapi - ok
12:03:35.0634 0748 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:03:35.0634 0748 Ndisuio - ok
12:03:35.0680 0748 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:03:35.0696 0748 NdisWan - ok
12:03:35.0712 0748 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:03:35.0712 0748 NDProxy - ok
12:03:35.0774 0748 Net Driver HPZ12 (2c723e42fc8d7b0209492828f921fb50) C:\Windows\system32\HPZinw12.dll
12:03:35.0774 0748 Net Driver HPZ12 - ok
12:03:35.0805 0748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:03:35.0805 0748 NetBIOS - ok
12:03:35.0821 0748 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:03:35.0836 0748 NetBT - ok
12:03:35.0883 0748 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:03:35.0883 0748 Netlogon - ok
12:03:35.0961 0748 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:03:36.0024 0748 Netman - ok
12:03:36.0070 0748 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:03:36.0102 0748 netprofm - ok
12:03:36.0211 0748 netr7364 (f3a1d8b7317939813568992d1bfdde37) C:\Windows\system32\DRIVERS\netr7364.sys
12:03:36.0242 0748 netr7364 - ok
12:03:36.0382 0748 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:03:36.0382 0748 NetTcpPortSharing - ok
12:03:36.0445 0748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:03:36.0445 0748 nfrd960 - ok
12:03:36.0523 0748 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
12:03:36.0585 0748 NlaSvc - ok
12:03:36.0616 0748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:03:36.0632 0748 Npfs - ok
12:03:36.0679 0748 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:03:36.0679 0748 nsi - ok
12:03:36.0694 0748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:03:36.0694 0748 nsiproxy - ok
12:03:36.0819 0748 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
12:03:36.0897 0748 Ntfs - ok
12:03:37.0038 0748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:03:37.0038 0748 Null - ok
12:03:37.0069 0748 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
12:03:37.0084 0748 nvraid - ok
12:03:37.0100 0748 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
12:03:37.0100 0748 nvstor - ok
12:03:37.0116 0748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:03:37.0131 0748 nv_agp - ok
12:03:37.0147 0748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:03:37.0147 0748 ohci1394 - ok
12:03:37.0256 0748 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:03:37.0256 0748 ose - ok
12:03:37.0334 0748 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:03:37.0350 0748 ose64 - ok
12:03:37.0630 0748 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:03:37.0755 0748 osppsvc - ok
12:03:37.0896 0748 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:03:37.0911 0748 p2pimsvc - ok
12:03:37.0989 0748 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:03:38.0005 0748 p2psvc - ok
12:03:38.0067 0748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:03:38.0083 0748 Parport - ok
12:03:38.0083 0748 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:03:38.0098 0748 partmgr - ok
12:03:38.0114 0748 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:03:38.0114 0748 PcaSvc - ok
12:03:38.0145 0748 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:03:38.0145 0748 pci - ok
12:03:38.0176 0748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:03:38.0176 0748 pciide - ok
12:03:38.0192 0748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:03:38.0208 0748 pcmcia - ok
12:03:38.0223 0748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:03:38.0223 0748 pcw - ok
12:03:38.0270 0748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:03:38.0301 0748 PEAUTH - ok
12:03:38.0426 0748 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:03:38.0473 0748 PeerDistSvc - ok
12:03:38.0566 0748 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:03:38.0566 0748 PerfHost - ok
12:03:38.0754 0748 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
12:03:38.0800 0748 pla - ok
12:03:38.0863 0748 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
12:03:38.0894 0748 PlugPlay - ok
12:03:38.0972 0748 Pml Driver HPZ12 (171e6d91a20aac8d02172a64e82ce90b) C:\Windows\system32\HPZipm12.dll
12:03:38.0972 0748 Pml Driver HPZ12 - ok
12:03:38.0988 0748 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:03:39.0003 0748 PNRPAutoReg - ok
12:03:39.0019 0748 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:03:39.0019 0748 PNRPsvc - ok
12:03:39.0159 0748 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
12:03:39.0159 0748 Point64 - ok
12:03:39.0222 0748 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
12:03:39.0237 0748 PolicyAgent - ok
12:03:39.0300 0748 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:03:39.0315 0748 Power - ok
12:03:39.0378 0748 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:03:39.0378 0748 PptpMiniport - ok
12:03:39.0424 0748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:03:39.0440 0748 Processor - ok
12:03:39.0487 0748 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
12:03:39.0502 0748 ProfSvc - ok
12:03:39.0549 0748 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:03:39.0549 0748 ProtectedStorage - ok
12:03:39.0612 0748 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:03:39.0627 0748 Psched - ok
12:03:39.0799 0748 QBCFMonitorService (0e7cea5dd0ae5500c94cbafaca024dec) c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:03:39.0799 0748 QBCFMonitorService - ok
12:03:39.0814 0748 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:03:39.0814 0748 QBFCService - ok
12:03:39.0877 0748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:03:39.0924 0748 ql2300 - ok
12:03:40.0095 0748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:03:40.0111 0748 ql40xx - ok
12:03:40.0173 0748 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:03:40.0189 0748 QWAVE - ok
12:03:40.0204 0748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:03:40.0204 0748 QWAVEdrv - ok
12:03:40.0220 0748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:03:40.0220 0748 RasAcd - ok
12:03:40.0282 0748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:03:40.0282 0748 RasAgileVpn - ok
12:03:40.0314 0748 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:03:40.0314 0748 RasAuto - ok
12:03:40.0376 0748 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:03:40.0392 0748 Rasl2tp - ok
12:03:40.0407 0748 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
12:03:40.0423 0748 RasMan - ok
12:03:40.0438 0748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:03:40.0454 0748 RasPppoe - ok
12:03:40.0470 0748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:03:40.0470 0748 RasSstp - ok
12:03:40.0485 0748 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:03:40.0501 0748 rdbss - ok
12:03:40.0516 0748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:03:40.0516 0748 rdpbus - ok
12:03:40.0532 0748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:03:40.0532 0748 RDPCDD - ok
12:03:40.0610 0748 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
12:03:40.0626 0748 RDPDR - ok
12:03:40.0641 0748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:03:40.0641 0748 RDPENCDD - ok
12:03:40.0704 0748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:03:40.0704 0748 RDPREFMP - ok
12:03:40.0750 0748 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:03:40.0766 0748 RDPWD - ok
12:03:40.0797 0748 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:03:40.0813 0748 rdyboost - ok
12:03:40.0906 0748 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:03:40.0922 0748 RemoteAccess - ok
12:03:40.0969 0748 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:03:40.0984 0748 RemoteRegistry - ok
12:03:41.0000 0748 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:03:41.0000 0748 RpcEptMapper - ok
12:03:41.0047 0748 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:03:41.0062 0748 RpcLocator - ok
12:03:41.0094 0748 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:03:41.0094 0748 RpcSs - ok
12:03:41.0187 0748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:03:41.0187 0748 rspndr - ok
12:03:41.0250 0748 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
12:03:41.0250 0748 s3cap - ok
12:03:41.0296 0748 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:03:41.0296 0748 SamSs - ok
12:03:41.0390 0748 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:03:41.0390 0748 SASDIFSV - ok
12:03:41.0406 0748 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:03:41.0406 0748 SASKUTIL - ok
12:03:41.0421 0748 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:03:41.0421 0748 sbp2port - ok
12:03:41.0468 0748 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:03:41.0484 0748 SCardSvr - ok
12:03:41.0530 0748 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:03:41.0530 0748 scfilter - ok
12:03:41.0640 0748 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
12:03:41.0671 0748 Schedule - ok
12:03:41.0718 0748 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:03:41.0718 0748 SCPolicySvc - ok
12:03:41.0733 0748 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
12:03:41.0749 0748 SDRSVC - ok
12:03:41.0827 0748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:03:41.0827 0748 secdrv - ok
12:03:41.0842 0748 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
12:03:41.0842 0748 seclogon - ok
12:03:41.0889 0748 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:03:41.0889 0748 SENS - ok
12:03:41.0905 0748 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:03:41.0905 0748 SensrSvc - ok
12:03:41.0936 0748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:03:41.0936 0748 Serenum - ok
12:03:41.0998 0748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:03:41.0998 0748 Serial - ok
12:03:42.0014 0748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:03:42.0014 0748 sermouse - ok
12:03:42.0076 0748 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
12:03:42.0076 0748 SessionEnv - ok
12:03:42.0092 0748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:03:42.0092 0748 sffdisk - ok
12:03:42.0108 0748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:03:42.0108 0748 sffp_mmc - ok
12:03:42.0108 0748 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:03:42.0108 0748 sffp_sd - ok
12:03:42.0108 0748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:03:42.0108 0748 sfloppy - ok
12:03:42.0186 0748 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:03:42.0201 0748 SharedAccess - ok
12:03:42.0248 0748 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
12:03:42.0279 0748 ShellHWDetection - ok
12:03:42.0326 0748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:03:42.0326 0748 SiSRaid2 - ok
12:03:42.0342 0748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:03:42.0342 0748 SiSRaid4 - ok
12:03:42.0373 0748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:03:42.0388 0748 Smb - ok
12:03:42.0435 0748 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:03:42.0451 0748 SNMPTRAP - ok
12:03:42.0498 0748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:03:42.0498 0748 spldr - ok
12:03:42.0560 0748 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
12:03:42.0591 0748 Spooler - ok
12:03:42.0778 0748 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
12:03:42.0872 0748 sppsvc - ok
12:03:42.0966 0748 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:03:42.0966 0748 sppuinotify - ok
12:03:43.0075 0748 sptd (aa90a319bb067e0d149b4c95608c4b05) C:\Windows\System32\Drivers\sptd.sys
12:03:43.0106 0748 sptd - ok
12:03:43.0168 0748 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
12:03:43.0184 0748 srv - ok
12:03:43.0246 0748 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
12:03:43.0262 0748 srv2 - ok
12:03:43.0309 0748 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
12:03:43.0324 0748 srvnet - ok
12:03:43.0387 0748 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:03:43.0402 0748 SSDPSRV - ok
12:03:43.0418 0748 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:03:43.0418 0748 SstpSvc - ok
12:03:43.0465 0748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:03:43.0480 0748 stexstor - ok
12:03:43.0558 0748 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
12:03:43.0621 0748 stisvc - ok
12:03:43.0668 0748 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:03:43.0668 0748 storflt - ok
12:03:43.0699 0748 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
12:03:43.0699 0748 storvsc - ok
12:03:43.0714 0748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:03:43.0714 0748 swenum - ok
12:03:43.0792 0748 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:03:43.0808 0748 swprv - ok
12:03:43.0902 0748 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
12:03:43.0933 0748 SysMain - ok
12:03:44.0011 0748 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
12:03:44.0011 0748 TabletInputService - ok
12:03:44.0042 0748 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
12:03:44.0058 0748 TapiSrv - ok
12:03:44.0089 0748 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:03:44.0089 0748 TBS - ok
12:03:44.0245 0748 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
12:03:44.0292 0748 Tcpip - ok
12:03:44.0448 0748 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
12:03:44.0463 0748 TCPIP6 - ok
12:03:44.0588 0748 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:03:44.0588 0748 tcpipreg - ok
12:03:44.0604 0748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:03:44.0604 0748 TDPIPE - ok
12:03:44.0604 0748 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:03:44.0604 0748 TDTCP - ok
12:03:44.0666 0748 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:03:44.0666 0748 tdx - ok
12:03:44.0713 0748 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:03:44.0713 0748 TermDD - ok
12:03:44.0791 0748 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
12:03:44.0869 0748 TermService - ok
12:03:44.0900 0748 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:03:44.0900 0748 Themes - ok
12:03:44.0947 0748 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:03:44.0962 0748 THREADORDER - ok
12:03:45.0025 0748 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:03:45.0040 0748 TrkWks - ok
12:03:45.0103 0748 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
12:03:45.0118 0748 TrustedInstaller - ok
12:03:45.0134 0748 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:03:45.0134 0748 tssecsrv - ok
12:03:45.0165 0748 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:03:45.0165 0748 tunnel - ok
12:03:45.0228 0748 U2SP (4fd2f1366055d55f0d10b2568526ab78) C:\Windows\system32\DRIVERS\u2s2kxp64.sys
12:03:45.0228 0748 U2SP - ok
12:03:45.0274 0748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:03:45.0274 0748 uagp35 - ok
12:03:45.0337 0748 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:03:45.0352 0748 udfs - ok
12:03:45.0415 0748 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:03:45.0415 0748 UI0Detect - ok
12:03:45.0462 0748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:03:45.0462 0748 uliagpkx - ok
12:03:45.0493 0748 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:03:45.0493 0748 umbus - ok
12:03:45.0508 0748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:03:45.0508 0748 UmPass - ok
12:03:45.0571 0748 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
12:03:45.0586 0748 UmRdpService - ok
12:03:45.0618 0748 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:03:45.0633 0748 upnphost - ok
12:03:45.0680 0748 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:03:45.0680 0748 USBAAPL64 - ok
12:03:45.0711 0748 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
12:03:45.0711 0748 usbccgp - ok
12:03:45.0742 0748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:03:45.0742 0748 usbcir - ok
12:03:45.0758 0748 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
12:03:45.0758 0748 usbehci - ok
12:03:45.0836 0748 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
12:03:45.0852 0748 usbhub - ok
12:03:45.0898 0748 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
12:03:45.0898 0748 usbohci - ok
12:03:45.0914 0748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:03:45.0914 0748 usbprint - ok
12:03:45.0992 0748 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:03:45.0992 0748 usbscan - ok
12:03:46.0039 0748 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:03:46.0039 0748 USBSTOR - ok
12:03:46.0070 0748 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:03:46.0070 0748 usbuhci - ok
12:03:46.0132 0748 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:03:46.0132 0748 UxSms - ok
12:03:46.0195 0748 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
12:03:46.0195 0748 VaultSvc - ok
12:03:46.0273 0748 VBoxDrv (780b472a8392771ef31031ba6238bf9e) C:\Windows\system32\DRIVERS\VBoxDrv.sys
12:03:46.0273 0748 VBoxDrv - ok
12:03:46.0351 0748 VBoxNetAdp (e705a3a384e7569fa2f1a3a29bdc5240) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:03:46.0366 0748 VBoxNetAdp - ok
12:03:46.0429 0748 VBoxNetFlt (d00756d69efcfbf90f759d338e4b16eb) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
12:03:46.0444 0748 VBoxNetFlt - ok
12:03:46.0460 0748 VBoxUSBMon (508cfd271cfdd2b686a0fc5d370070e6) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
12:03:46.0476 0748 VBoxUSBMon - ok
12:03:46.0491 0748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:03:46.0491 0748 vdrvroot - ok
12:03:46.0569 0748 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
12:03:46.0585 0748 vds - ok
12:03:46.0663 0748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:03:46.0663 0748 vga - ok
12:03:46.0694 0748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:03:46.0694 0748 VgaSave - ok
12:03:46.0725 0748 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:03:46.0741 0748 vhdmp - ok
12:03:46.0756 0748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:03:46.0756 0748 viaide - ok
12:03:46.0803 0748 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
12:03:46.0819 0748 vmbus - ok
12:03:46.0834 0748 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:03:46.0834 0748 VMBusHID - ok
12:03:46.0897 0748 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:03:46.0897 0748 volmgr - ok
12:03:46.0928 0748 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:03:46.0944 0748 volmgrx - ok
12:03:47.0006 0748 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:03:47.0006 0748 volsnap - ok
12:03:47.0037 0748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:03:47.0037 0748 vsmraid - ok
12:03:47.0162 0748 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
12:03:47.0240 0748 VSS - ok
12:03:47.0412 0748 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
12:03:47.0427 0748 VST64HWBS2 - ok
12:03:47.0536 0748 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:03:47.0614 0748 VST64_DPV - ok
12:03:47.0724 0748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:03:47.0724 0748 vwifibus - ok
12:03:47.0739 0748 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:03:47.0755 0748 vwififlt - ok
12:03:47.0817 0748 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:03:47.0864 0748 W32Time - ok
12:03:47.0911 0748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:03:47.0911 0748 WacomPen - ok
12:03:47.0942 0748 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:03:47.0942 0748 WANARP - ok
12:03:47.0942 0748 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:03:47.0942 0748 Wanarpv6 - ok
12:03:48.0098 0748 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:03:48.0160 0748 WatAdminSvc - ok
12:03:48.0270 0748 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
12:03:48.0348 0748 wbengine - ok
12:03:48.0441 0748 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:03:48.0457 0748 WbioSrvc - ok
12:03:48.0488 0748 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
12:03:48.0504 0748 wcncsvc - ok
12:03:48.0519 0748 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:03:48.0519 0748 WcsPlugInService - ok
12:03:48.0582 0748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:03:48.0582 0748 Wd - ok
12:03:48.0628 0748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:03:48.0644 0748 Wdf01000 - ok
12:03:48.0675 0748 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:03:48.0675 0748 WdiServiceHost - ok
12:03:48.0675 0748 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:03:48.0675 0748 WdiSystemHost - ok
12:03:48.0784 0748 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
12:03:48.0800 0748 WebClient - ok
12:03:48.0816 0748 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:03:48.0831 0748 Wecsvc - ok
12:03:48.0847 0748 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:03:48.0862 0748 wercplsupport - ok
12:03:48.0878 0748 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:03:48.0894 0748 WerSvc - ok
12:03:48.0972 0748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:03:48.0972 0748 WfpLwf - ok
12:03:48.0987 0748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:03:48.0987 0748 WIMMount - ok
12:03:49.0081 0748 winachsf (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:03:49.0096 0748 winachsf - ok
12:03:49.0128 0748 WinDefend - ok
12:03:49.0128 0748 WinHttpAutoProxySvc - ok
12:03:49.0268 0748 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:03:49.0284 0748 Winmgmt - ok
12:03:49.0424 0748 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
12:03:49.0486 0748 WinRM - ok
12:03:49.0627 0748 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
12:03:49.0627 0748 WinUsb - ok
12:03:49.0954 0748 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:03:49.0986 0748 Wlansvc - ok
12:03:50.0032 0748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:03:50.0048 0748 WmiAcpi - ok
12:03:50.0126 0748 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:03:50.0142 0748 wmiApSrv - ok
12:03:50.0220 0748 WMPNetworkSvc - ok
12:03:50.0282 0748 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:03:50.0282 0748 WPCSvc - ok
12:03:50.0313 0748 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
12:03:50.0329 0748 WPDBusEnum - ok
12:03:50.0391 0748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:03:50.0391 0748 ws2ifsl - ok
12:03:50.0407 0748 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:03:50.0422 0748 wscsvc - ok
12:03:50.0422 0748 WSearch - ok
12:03:50.0578 0748 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
12:03:50.0688 0748 wuauserv - ok
12:03:50.0844 0748 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:03:50.0859 0748 WudfPf - ok
12:03:50.0890 0748 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:03:50.0890 0748 WUDFRd - ok
12:03:50.0953 0748 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
12:03:50.0953 0748 wudfsvc - ok
12:03:51.0000 0748 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:03:51.0046 0748 WwanSvc - ok
12:03:51.0124 0748 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:03:51.0312 0748 \Device\Harddisk0\DR0 - ok
12:03:51.0312 0748 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk1\DR1
12:03:51.0343 0748 \Device\Harddisk1\DR1 ( Rootkit.Win32.TDSS.tdl4 ) - infected
12:03:51.0343 0748 \Device\Harddisk1\DR1 - detected Rootkit.Win32.TDSS.tdl4 (0)
12:03:51.0343 0748 Boot (0x1200) (7973c3972cab8a9e82a166a51f6269b0) \Device\Harddisk0\DR0\Partition0
12:03:51.0343 0748 \Device\Harddisk0\DR0\Partition0 - ok
12:03:51.0343 0748 Boot (0x1200) (40bab7da9d4f92418c74771ad0d92843) \Device\Harddisk1\DR1\Partition0
12:03:51.0343 0748 \Device\Harddisk1\DR1\Partition0 - ok
12:03:51.0374 0748 Boot (0x1200) (6261b4b31b7fa9265217deadebb1b76d) \Device\Harddisk1\DR1\Partition1
12:03:51.0374 0748 \Device\Harddisk1\DR1\Partition1 - ok
12:03:51.0374 0748 ============================================================
12:03:51.0374 0748 Scan finished
12:03:51.0374 0748 ============================================================
12:03:51.0374 2384 Detected object count: 1
12:03:51.0374 2384 Actual detected object count: 1
12:04:04.0291 2384 \Device\Harddisk1\DR1\# - copied to quarantine
12:04:04.0291 2384 \Device\Harddisk1\DR1 - copied to quarantine
12:04:04.0338 2384 \Device\Harddisk1\DR1\TDLFS\cfg.ini - copied to quarantine
12:04:04.0353 2384 \Device\Harddisk1\DR1\TDLFS\mbr - copied to quarantine
12:04:04.0369 2384 \Device\Harddisk1\DR1\TDLFS\bckfg.tmp - copied to quarantine
12:04:04.0478 2384 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine
12:04:04.0525 2384 \Device\Harddisk1\DR1 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
12:04:04.0525 2384 \Device\Harddisk1\DR1 - ok
12:04:05.0367 2384 \Device\Harddisk1\DR1 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
12:05:09.0948 0824 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 12:10:19
-----------------------------
12:10:19.632 OS Version: Windows x64 6.1.7600
12:10:19.632 Number of processors: 4 586 0xF07
12:10:19.632 ComputerName: OWNED-PC UserName: Owned
12:10:23.158 Initialize success
12:11:01.520 AVAST engine defs: 12070300
12:11:11.441 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:11:11.441 Disk 0 Vendor: ST332082 3.AH Size: 305245MB BusType: 8
12:11:11.457 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:11:11.457 Disk 1 Vendor: ST332082 3.AH Size: 305245MB BusType: 8
12:11:11.472 Disk 1 MBR read successfully
12:11:11.472 Disk 1 MBR scan
12:11:11.472 Disk 1 Windows XP default MBR code
12:11:11.488 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296104 MB offset 63
12:11:11.504 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 9138 MB offset 606421620
12:11:11.566 Disk 1 scanning C:\Windows\system32\drivers
12:11:29.834 Service scanning
12:12:14.325 Modules scanning
12:12:14.341 Disk 1 trace - called modules:
12:12:14.372 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
12:12:14.387 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80040bd060]
12:12:14.387 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8003a72050]
12:12:16.322 AVAST engine scan C:\Windows
12:12:21.283 AVAST engine scan C:\Windows\system32
12:17:41.650 AVAST engine scan C:\Windows\system32\drivers
12:18:00.307 AVAST engine scan C:\Users\Owned
12:33:42.309 Disk 1 MBR has been saved successfully to "C:\Users\Owned\Desktop\MBR.dat"
12:33:42.325 The log file has been saved successfully to "C:\Users\Owned\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 03 July 2012 - 04:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 05 July 2012 - 11:23 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sixty

sixty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 06 July 2012 - 12:56 AM

Sorry, I havent been by my computer in a couple days. I will post up my log as soon as i get a chance. Thanks gringo for helping me out and being so patient!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 06 July 2012 - 06:05 AM

No problem and see you around later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sixty

sixty
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 06 July 2012 - 12:51 PM

Here is my ComboFix log, the system seems to be running great wth no sign of infection:

ComboFix 12-07-02.01 - Owned 07/03/2012 16:04:54.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1944 [GMT -7:00]
Running from: c:\users\Owned\Desktop\ComboFix.exe
Command switches used :: c:\users\Owned\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 23:16 . 2012-07-03 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 19:04 . 2012-07-03 19:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-26 23:39 . 2012-06-26 23:39 -------- d-----w- c:\users\Owned\AppData\Local\Apps
2012-06-26 21:45 . 2012-06-26 21:45 -------- d-----w- c:\users\Owned\AppData\Roaming\SpeedyPC Software
2012-06-26 21:45 . 2012-06-26 21:45 -------- d-----w- c:\users\Owned\AppData\Roaming\DriverCure
2012-06-26 21:44 . 2012-07-02 20:43 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-26 19:59 . 2012-07-02 21:13 -------- d-----w- C:\sh4ldr
2012-06-26 19:59 . 2012-06-26 19:59 -------- d-----w- c:\program files\Enigma Software Group
2012-06-26 19:56 . 2012-07-02 21:13 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-26 19:56 . 2012-06-26 19:56 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-25 21:01 . 2012-06-25 21:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-12 20:31 . 2012-06-12 20:31 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-12 20:31 . 2012-06-12 20:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 20:36 . 2012-04-02 22:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 20:36 . 2012-04-02 22:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-25 23:46 . 2012-05-25 23:16 867064 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-24 23:15 . 2012-05-24 23:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-24 23:15 . 2012-05-24 23:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-24 23:15 . 2012-05-24 23:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-24 23:15 . 2012-05-24 23:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-24 23:15 . 2012-05-24 23:15 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-24 23:15 . 2012-05-24 23:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-24 23:15 . 2012-05-24 23:15 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-24 23:15 . 2012-05-24 23:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-24 23:15 . 2012-05-24 23:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-24 23:15 . 2012-05-24 23:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-24 23:15 . 2012-05-24 23:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-24 23:15 . 2012-05-24 23:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-24 23:15 . 2012-05-24 23:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-24 23:15 . 2012-05-24 23:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-24 23:15 . 2012-05-24 23:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-24 23:15 . 2012-05-24 23:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-24 23:15 . 2012-05-24 23:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-24 23:15 . 2012-05-24 23:15 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-24 23:15 . 2012-05-24 23:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-24 23:15 . 2012-05-24 23:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-24 23:15 . 2012-05-24 23:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-24 23:15 . 2012-05-24 23:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-24 23:15 . 2012-05-24 23:15 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-24 23:15 . 2012-05-24 23:15 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-05-24 23:15 . 2012-05-24 23:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-24 23:15 . 2012-05-24 23:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-24 23:15 . 2012-05-24 23:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-24 23:15 . 2012-05-24 23:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-24 23:15 . 2012-05-24 23:15 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-05-24 23:15 . 2012-05-24 23:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-24 23:15 . 2012-05-24 23:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-24 23:15 . 2012-05-24 23:15 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-24 23:15 . 2012-05-24 23:15 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-24 23:15 . 2012-05-24 23:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-24 23:15 . 2012-05-24 23:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-24 23:15 . 2012-05-24 23:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-24 23:15 . 2012-05-24 23:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-24 23:15 . 2012-05-24 23:15 448512 ----a-w- c:\windows\system32\html.iec
2012-05-24 23:15 . 2012-05-24 23:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-24 23:15 . 2012-05-24 23:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-24 23:15 . 2012-05-24 23:15 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-24 23:15 . 2012-05-24 23:15 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-24 23:14 . 2012-05-24 23:14 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-05-24 23:14 . 2012-05-24 23:14 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-24 23:14 . 2012-05-24 23:14 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-24 23:14 . 2012-05-24 23:14 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-24 23:14 . 2012-05-24 23:14 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-24 23:14 . 2012-05-24 23:14 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-24 23:14 . 2012-05-24 23:14 4068864 ----a-w- c:\windows\system32\mf.dll
2012-05-24 23:14 . 2012-05-24 23:14 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-24 23:14 . 2012-05-24 23:14 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-05-24 23:14 . 2012-05-24 23:14 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-05-24 23:14 . 2012-05-24 23:14 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-24 23:14 . 2012-05-24 23:14 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-05-24 23:14 . 2012-05-24 23:14 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-24 23:14 . 2012-05-24 23:14 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-24 23:14 . 2012-05-24 23:14 206848 ----a-w- c:\windows\system32\mfps.dll
2012-05-24 23:14 . 2012-05-24 23:14 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-24 23:14 . 2012-05-24 23:14 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-05-24 23:14 . 2012-05-24 23:14 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-05-24 23:14 . 2012-05-24 23:14 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-24 23:14 . 2012-05-24 23:14 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-24 23:14 . 2012-05-24 23:14 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-05-24 23:14 . 2012-05-24 23:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-24 23:14 . 2012-05-24 23:14 1540608 ----a-w- c:\windows\system32\DWrite.dll
2012-05-24 23:14 . 2012-05-24 23:14 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-05-24 23:14 . 2012-05-24 23:14 144384 ----a-w- c:\windows\system32\cdd.dll
2012-05-24 23:14 . 2012-05-24 23:14 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-05-24 23:14 . 2012-05-24 23:14 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-24 23:14 . 2012-05-24 23:14 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-05-24 23:14 . 2012-05-24 23:14 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-04 18:13 . 2012-04-14 08:25 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 18:26 . 2011-03-16 20:11 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-04-13 01:12 . 2012-04-13 01:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-13 01:12 . 2012-05-16 23:24 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-13 01:12 . 2012-05-16 23:24 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-13 01:12 . 2012-04-13 01:12 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-13 01:12 . 2012-04-13 01:12 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-03-16 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-03-16 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-02_21.03.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-16 17:51 . 2012-07-03 19:08 31260 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-03 19:08 26668 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-07-02 20:44 . 2012-07-02 20:44 66956 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCall.dll
+ 2012-07-02 20:44 . 2012-07-02 21:12 66956 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCall.dll
+ 2011-03-16 17:42 . 2012-07-03 19:08 8236 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4153574629-3578504478-2687243105-1000_UserData.bin
- 2012-07-02 21:02 . 2012-07-02 21:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-03 19:06 . 2012-07-03 19:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 21:02 . 2012-07-02 21:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-03 19:06 . 2012-07-03 19:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-17 20:33 . 2012-07-03 22:58 249648 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:01 . 2012-07-02 21:01 586656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-03 19:05 586656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-26 19:13 . 2012-07-03 19:05 767736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4153574629-3578504478-2687243105-1000-12288.dat
- 2012-06-26 19:13 . 2012-07-02 21:01 767736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4153574629-3578504478-2687243105-1000-12288.dat
- 2012-07-02 20:44 . 2012-07-02 20:44 189872 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla36.dll
+ 2012-07-02 20:44 . 2012-07-02 21:12 189872 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla36.dll
+ 2012-07-02 20:44 . 2012-07-02 21:12 175992 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla34.dll
- 2012-07-02 20:44 . 2012-07-02 20:44 175992 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla34.dll
- 2012-07-02 20:44 . 2012-07-02 20:44 176035 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla33.dll
+ 2012-07-02 20:44 . 2012-07-02 21:12 176035 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla33.dll
+ 2012-07-02 20:44 . 2012-07-02 21:12 176545 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla32.dll
- 2012-07-02 20:44 . 2012-07-02 20:44 176545 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla32.dll
+ 2012-07-02 21:12 . 2012-07-02 21:12 184966 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla31.dll
- 2012-07-02 20:44 . 2012-07-02 20:44 189776 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla21.dll
+ 2012-07-02 20:44 . 2012-07-02 21:12 189776 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla21.dll
+ 2012-07-02 20:44 . 2012-07-02 21:12 176035 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla2.dll
- 2012-07-02 20:44 . 2012-07-02 20:44 176035 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla2.dll
+ 2012-07-02 20:44 . 2012-07-02 21:12 179526 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla.dll
- 2012-07-02 20:44 . 2012-07-02 20:44 179526 c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP\WiseCustomCalla.dll
+ 2011-08-26 21:17 . 2012-07-03 19:05 1385404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4153574629-3578504478-2687243105-1000-8192.dat
+ 2009-07-14 02:34 . 2012-07-02 23:19 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-28 07:20 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2012-05-25 23:34 . 2012-07-02 21:01 14783652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4153574629-3578504478-2687243105-1000-4096.dat
+ 2012-05-25 23:34 . 2012-07-03 19:05 14783652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4153574629-3578504478-2687243105-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files (x86)\4shared Toolbar\4sharedbar.dll" [2011-11-03 204800]
.
[HKEY_CLASSES_ROOT\clsid\{95080b13-aa71-4ee8-b951-7e98221e1ed5}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-26 740216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2988488]
"4Sync"="c:\program files (x86)\4Sync\4Sync.exe" [2011-11-08 7713272]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Heleni Uploader"="c:\program files\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe" [2010-12-23 130560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"CorelDRAW Graphics Suite 11b"="c:\program files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-01-14 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-01-14 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Owned\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owned\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-16 1436424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-31 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-16 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-25 867064]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-13 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-13 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-13 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-13 166192]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:36]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 20:31]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 20:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files (x86)\4shared Toolbar\4sharedbar64.dll" [2011-11-03 244736]
.
[HKEY_CLASSES_ROOT\CLSID\{95080B13-AA71-4EE8-B951-7E98221E1ED5}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}]
[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2011-11-04 15:46 1212928 ----a-w- c:\program files (x86)\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Owned\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 112512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=
IE: &4shared Search - c:\program files (x86)\4shared Toolbar\4sharedbar64.dll/MENUSEARCH.HTM
TCP: DhcpNameServer = 192.168.0.4
FF - ProfilePath - c:\users\Owned\AppData\Roaming\Mozilla\Firefox\Profiles\bqonq4c0.default\
FF - prefs.js: browser.startup.homepage - hxxp://websearch.4shared.com
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-03 16:31:07
ComboFix-quarantined-files.txt 2012-07-03 23:31
ComboFix2.txt 2012-07-02 21:16
ComboFix3.txt 2010-06-04 19:28
.
Pre-Run: 8,903,229,440 bytes free
Post-Run: 9,943,658,496 bytes free
.
- - End Of File - - F263AE9E5411DD66EAAD85D3CD89987D

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 06 July 2012 - 10:45 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:30 PM

Posted 08 July 2012 - 11:22 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users