Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with Sirefef Trojam family


  • This topic is locked This topic is locked
18 replies to this topic

#1 Tha Abacus

Tha Abacus

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 27 July 2012 - 10:46 PM

Greetings...Got hit with the Sirefef Trojans(A, B, AB, P is all I remember)

I cannot open up the following items:
Windows Update
Windows Firewall

I originally had MSE installed on my computer, but the Trojan must have removed it as I clicked on the MSE Icon(Start Menu) and it could not find it. I re-installed it, found most of the Sirefef Trojans and removed some of them which caused the infinite restart loop. I then uninstalled MSE, installed spyhunter and it could not find the sirefef trojans.

I do notice also the Adobe Flash Player 11_3 Crashes alot and I was getting redirected on google searches.

Since I uninstalled MSE, I have not had any issues with sirefef symptoms. I'm willing to bet its not gone though

Here is the DDS Log, I have Windows 7 Home 64-Bit.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by DIM at 20:19:50 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8187.6515 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\OSD\Service1.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\OSD\OSD_Main.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\DIM\AppData\Local\Apps\2.0\VYK911J7.ZDD\HE2PVCRW.NM7\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = about:blank
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4C350B19-6CA1-4569-B14C-296D8D65300B} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "C:\Users\DIM\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\DIM\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup]
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\DIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Vitakey\PwdBank.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: blackboard.com\ctc
Trusted Zone: labmentors.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\14D65627963616E6027516272796F62702E4564702131333431302D20283 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\14D65627963616E6027516272796F62702E4564702131333431302D20283 : DhcpNameServer = 10.59.0.1
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\2456C6B696E6E253444353 : NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\2456C6B696E6E253444353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\35B4950214633303B4829393830392 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\35B4950214633303B4829393830392 : DhcpNameServer = 192.168.43.1
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\45572616C602D457A796B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\45572616C602D457A796B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\C47402441434F4D4 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\C47402441434F4D4 : DhcpNameServer = 203.248.252.2
TCP: Interfaces\{FA6E6C42-17C0-418A-BC25-9017DEE2BD9A} : DhcpNameServer = 10.71.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {4C350B19-6CA1-4569-B14C-296D8D65300B} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Vitakey\PwdBank.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DIM\AppData\Roaming\Mozilla\Firefox\Profiles\ul1llkl3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: C:\Program Files (x86)\Search Settings\FF\components\SearchSettingsFF.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\DIM\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\DIM\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\DIM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\DIM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 customsvc;Vista Session Launcher Service;C:\Program Files\OSD\Service1.exe [2008-10-21 13312]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2009-6-24 2368776]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-28 598312]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-29 3048136]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-7-11 1019328]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\OSD\WinRing0x64.sys [2008-10-21 14544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-17 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-17 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-7 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-19 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-4 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-8 250056]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-7 136176]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TTM57SLUsb;TTM 57SL USB driver;C:\Windows\system32\Drivers\TTM57SLUsb.sys --> C:\Windows\system32\Drivers\TTM57SLUsb.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-4 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-07-27 02:22:59 110080 ----a-r- C:\Users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-07-27 02:22:59 110080 ----a-r- C:\Users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-07-27 02:22:59 110080 ----a-r- C:\Users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-07-27 02:22:58 -------- d-----w- C:\sh4ldr
2012-07-27 02:22:58 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-27 02:22:03 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-27 01:22:01 328704 ----a-w- C:\Windows\System32\services.exe.6B20A7F1E30DB398
2012-07-27 01:15:47 328704 ----a-w- C:\Windows\System32\services.exe.0E4E0C51C3D11496
2012-07-27 01:04:46 328704 ----a-w- C:\Windows\System32\services.exe.776992E272109844
2012-07-27 00:54:44 50392 ----a-w- C:\Windows\System32\drivers\pcwdjlfh.sys
2012-07-27 00:54:42 328704 ----a-w- C:\Windows\System32\services.exe.09AAD79F0F48A8AE
2012-07-26 23:30:52 328704 ----a-w- C:\Windows\System32\services.exe.FC41785977AF21BD
2012-07-26 23:27:10 328704 ----a-w- C:\Windows\System32\services.exe.82E8EF7BB53336AD
2012-07-26 23:23:33 328704 ----a-w- C:\Windows\System32\services.exe.8995B52570C14614
2012-07-26 23:15:25 328704 ----a-w- C:\Windows\System32\services.exe.E8FB353160D54609
2012-07-26 23:11:40 328704 ----a-w- C:\Windows\System32\services.exe.FBF04F7463935F35
2012-07-26 23:00:49 328704 ----a-w- C:\Windows\System32\services.exe.F5976D30D29ADD90
2012-07-25 03:11:03 -------- d-----w- C:\Program Files (x86)\WinDirStat
2012-07-25 01:22:07 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2012-07-20 18:23:55 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DC8C8F2-CEC5-460F-BE74-9252F03E58CA}\mpengine.dll
2012-07-14 06:25:06 -------- d-----w- C:\Users\DIM\AppData\Local\{215B6797-FB2C-434B-B863-C886FAD85938}
2012-07-14 06:24:54 -------- d-----w- C:\Users\DIM\AppData\Local\{C60C07AE-9F64-41D8-8BF6-2824A65D4FB0}
2012-07-11 18:05:17 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 15:58:30 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-05 17:47:40 -------- d-----w- C:\Users\DIM\AppData\Local\{08E32E3B-591D-408A-9129-9C583F82F199}
2012-07-05 17:47:28 -------- d-----w- C:\Users\DIM\AppData\Local\{89BD64B4-5954-417C-8515-47E1C9447394}
2012-07-01 14:31:36 -------- d-----w- C:\Program Files\iTunes
2012-07-01 14:31:36 -------- d-----w- C:\Program Files\iPod
2012-07-01 14:31:36 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-30 13:35:39 -------- d-----w- C:\Users\DIM\AppData\Local\{F3385D99-7211-4E7C-8E74-801125D96023}
2012-06-30 13:35:26 -------- d-----w- C:\Users\DIM\AppData\Local\{5078B79E-42B9-4B1D-B29D-449B6FEAC342}
.
==================== Find3M ====================
.
2012-07-27 03:18:03 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 03:18:03 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 06:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 06:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-08 08:46:19 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-08 08:46:19 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 20:23:06.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 28 July 2012 - 12:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Tha Abacus

Tha Abacus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 28 July 2012 - 01:21 AM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be

accurate!

Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java™ 6 Update 32
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 Tha Abacus

Tha Abacus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 28 July 2012 - 02:11 AM

ComboFix 12-07-27.03 - DIM 07/27/2012 23:39:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8187.6257 [GMT -7:00]
Running from: c:\users\DIM\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}
c:\program files (x86)\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}\chrome\zwankysearch.jar
c:\program files (x86)\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}\install.rdf
c:\windows\Installer\{cf1d62af-3001-e4d6-69b9-3e5ffa92e0a0}\@
c:\windows\Installer\{cf1d62af-3001-e4d6-69b9-3e5ffa92e0a0}\L\00000004.@
c:\windows\Installer\{cf1d62af-3001-e4d6-69b9-3e5ffa92e0a0}\L\201d3dde
c:\windows\Installer\{cf1d62af-3001-e4d6-69b9-3e5ffa92e0a0}\n
c:\windows\Installer\{cf1d62af-3001-e4d6-69b9-3e5ffa92e0a0}\U\00000008.@
E:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 06:50 . 2012-07-28 06:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-28 06:50 . 2012-07-28 06:50 -------- d-----w- c:\users\DJ I-Master\AppData\Local\temp
2012-07-27 02:22 . 2012-07-27 02:22 110080 ----a-r- c:\users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-07-27 02:22 . 2012-07-27 02:22 110080 ----a-r- c:\users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-07-27 02:22 . 2012-07-27 02:22 110080 ----a-r- c:\users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-07-27 02:22 . 2012-07-27 02:23 -------- d-----w- C:\sh4ldr
2012-07-27 02:22 . 2012-07-27 02:22 -------- d-----w- c:\program files\Enigma Software Group
2012-07-27 02:22 . 2012-07-27 02:23 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-27 01:22 . 2012-07-27 01:22 328704 ----a-w- c:\windows\system32\services.exe.6B20A7F1E30DB398
2012-07-27 01:15 . 2012-07-27 01:15 328704 ----a-w- c:\windows\system32\services.exe.0E4E0C51C3D11496
2012-07-27 01:04 . 2012-07-27 01:04 328704 ----a-w- c:\windows\system32\services.exe.776992E272109844
2012-07-27 00:54 . 2012-07-27 00:54 50392 ----a-w- c:\windows\system32\drivers\pcwdjlfh.sys
2012-07-27 00:54 . 2012-07-27 00:54 328704 ----a-w- c:\windows\system32\services.exe.09AAD79F0F48A8AE
2012-07-26 23:30 . 2012-07-26 23:30 328704 ----a-w- c:\windows\system32\services.exe.FC41785977AF21BD
2012-07-26 23:27 . 2012-07-26 23:27 328704 ----a-w- c:\windows\system32\services.exe.82E8EF7BB53336AD
2012-07-26 23:23 . 2012-07-26 23:23 328704 ----a-w- c:\windows\system32\services.exe.8995B52570C14614
2012-07-26 23:15 . 2012-07-26 23:15 328704 ----a-w- c:\windows\system32\services.exe.E8FB353160D54609
2012-07-26 23:11 . 2012-07-26 23:11 328704 ----a-w- c:\windows\system32\services.exe.FBF04F7463935F35
2012-07-26 23:00 . 2012-07-26 23:00 328704 ----a-w- c:\windows\system32\services.exe.F5976D30D29ADD90
2012-07-25 03:11 . 2012-07-25 03:11 -------- d-----w- c:\program files (x86)\WinDirStat
2012-07-25 01:22 . 2012-07-25 01:22 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software
2012-07-22 12:18 . 2012-07-22 12:18 -------- d-----w- c:\program files (x86)\Real
2012-07-11 18:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 15:58 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-01 14:31 . 2012-07-01 14:32 -------- d-----w- c:\program files\iTunes
2012-07-01 14:31 . 2012-07-01 14:32 -------- d-----w- c:\program files (x86)\iTunes
2012-07-01 14:31 . 2012-07-01 14:31 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 03:18 . 2012-05-08 08:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 03:18 . 2011-05-17 14:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:02 . 2010-03-26 23:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-07-20 18:23 9133488 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DC8C8F2-CEC5-460F-BE74-9252F03E58CA}\mpengine.dll
2012-06-02 22:19 . 2012-06-19 09:27 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 09:27 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 09:27 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 09:27 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 09:27 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 09:27 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 09:27 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 06:19 . 2012-06-19 09:26 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 06:15 . 2012-06-19 09:26 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-14 06:00 . 2010-06-12 14:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-14 05:59 . 2010-06-12 14:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-14 05:55 . 2010-06-12 14:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-08 08:46 . 2012-05-08 08:46 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-08 08:46 . 2010-04-25 11:30 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-14 09:52 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 09:52 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 09:52 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 09:52 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-21 6276408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-05-29 25249400]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2009-06-24 95496]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\DIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-9-4 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 23:31 140552 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 gnetpypz;gnetpypz;c:\windows\system32\drivers\gnetpypz.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-06 271640]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-06 327704]
R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-06 6379288]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\Drivers\TTM57SLUsb.sys [2011-08-22 50296]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\OSD\WinRing0x64.sys [2008-07-26 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-14 203264]
S2 customsvc;Vista Session Launcher Service;c:\program files\OSD\Service1.exe [2008-09-30 13312]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2009-06-24 2368776]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 54824]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 10:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 03:18]
.
2012-07-25 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2012-06-06 13:14]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 17:28]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 17:28]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1924877330-3177915154-4158296574-1000Core.job
- c:\users\DIM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 12:23]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1924877330-3177915154-4158296574-1000UA.job
- c:\users\DIM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 12:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"combofix"="c:\combofix\CF23016.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: blackboard.com\ctc
Trusted Zone: labmentors.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\14D65627963616E6027516272796F62702E4564702131333431302D20283: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\2456C6B696E6E253444353: NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\35B4950214633303B4829393830392: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\45572616C602D457A796B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\C47402441434F4D4: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\DIM\AppData\Roaming\Mozilla\Firefox\Profiles\ul1llkl3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Wow6432Node-HKCU-Run-Facebook Update - c:\users\DIM\AppData\Local\Facebook\Update\FacebookUpdate.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
Notify-AWinNotifyVitaKey AC5031 - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9} - c:\programdata\{13A9B825-42CB-4973-913D-2194B5A4CF94}\Massive Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\OSD\OSD_Startup.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alienware\Command Center\AlienSense\FATrayAlert.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-07-28 00:03:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 07:03
.
Pre-Run: 24,285,327,360 bytes free
Post-Run: 24,115,851,264 bytes free
.
- - End Of File - - DAFC27C5329B80F8D371E5F49129B474

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 28 July 2012 - 02:14 AM

Greetings


let me have the Combofix report when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 28 July 2012 - 02:16 AM

Greetings

OOps didn't see the post!!

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Tha Abacus

Tha Abacus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 28 July 2012 - 02:32 AM

00:26:00.0043 0268 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:26:00.0448 0268 ============================================================
00:26:00.0448 0268 Current date / time: 2012/07/28 00:26:00.0448
00:26:00.0448 0268 SystemInfo:
00:26:00.0448 0268
00:26:00.0448 0268 OS Version: 6.1.7601 ServicePack: 1.0
00:26:00.0448 0268 Product type: Workstation
00:26:00.0448 0268 ComputerName: EYEMASTER
00:26:00.0448 0268 UserName: DIM
00:26:00.0448 0268 Windows directory: C:\Windows
00:26:00.0448 0268 System windows directory: C:\Windows
00:26:00.0448 0268 Running under WOW64
00:26:00.0448 0268 Processor architecture: Intel x64
00:26:00.0448 0268 Number of processors: 2
00:26:00.0448 0268 Page size: 0x1000
00:26:00.0448 0268 Boot type: Normal boot
00:26:00.0448 0268 ============================================================
00:26:02.0998 0268 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:26:03.0013 0268 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:26:03.0078 0268 Drive \Device\Harddisk2\DR2 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:26:05.0513 0268 ============================================================
00:26:05.0513 0268 \Device\Harddisk0\DR0:
00:26:05.0533 0268 MBR partitions:
00:26:05.0533 0268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1119FFC1
00:26:05.0533 0268 \Device\Harddisk1\DR1:
00:26:05.0588 0268 MBR partitions:
00:26:05.0588 0268 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A8566C1
00:26:05.0588 0268 \Device\Harddisk2\DR2:
00:26:05.0588 0268 MBR partitions:
00:26:05.0588 0268 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
00:26:05.0588 0268 ============================================================
00:26:05.0748 0268 C: <-> \Device\Harddisk0\DR0\Partition0
00:26:05.0903 0268 F: <-> \Device\Harddisk2\DR2\Partition0
00:26:05.0933 0268 E: <-> \Device\Harddisk1\DR1\Partition0
00:26:05.0933 0268 ============================================================
00:26:05.0933 0268 Initialize success
00:26:05.0933 0268 ============================================================
00:26:17.0524 4788 ============================================================
00:26:17.0524 4788 Scan started
00:26:17.0524 4788 Mode: Manual;
00:26:17.0524 4788 ============================================================
00:26:20.0509 4788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:26:20.0524 4788 1394ohci - ok
00:26:21.0114 4788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:26:21.0124 4788 ACPI - ok
00:26:21.0199 4788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:26:21.0199 4788 AcpiPmi - ok
00:26:22.0319 4788 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:26:22.0339 4788 AdobeFlashPlayerUpdateSvc - ok
00:26:22.0894 4788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:26:22.0904 4788 adp94xx - ok
00:26:23.0364 4788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:26:23.0379 4788 adpahci - ok
00:26:23.0634 4788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:26:23.0659 4788 adpu320 - ok
00:26:23.0814 4788 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:26:23.0819 4788 AeLookupSvc - ok
00:26:24.0489 4788 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:26:24.0494 4788 AFD - ok
00:26:24.0639 4788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:26:24.0649 4788 agp440 - ok
00:26:24.0894 4788 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:26:24.0919 4788 ALG - ok
00:26:24.0969 4788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:26:24.0974 4788 aliide - ok
00:26:25.0224 4788 AMD External Events Utility (fc07ceaf07e33344628c4415faae3469) C:\Windows\system32\atiesrxx.exe
00:26:25.0244 4788 AMD External Events Utility - ok
00:26:25.0304 4788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:26:25.0304 4788 amdide - ok
00:26:25.0414 4788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:26:25.0429 4788 AmdK8 - ok
00:26:25.0529 4788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:26:25.0529 4788 AmdPPM - ok
00:26:25.0790 4788 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:26:25.0805 4788 amdsata - ok
00:26:26.0030 4788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:26:26.0055 4788 amdsbs - ok
00:26:26.0115 4788 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:26:26.0115 4788 amdxata - ok
00:26:26.0180 4788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:26:26.0190 4788 AppID - ok
00:26:26.0390 4788 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:26:26.0395 4788 AppIDSvc - ok
00:26:26.0505 4788 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:26:26.0505 4788 Appinfo - ok
00:26:27.0040 4788 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:26:27.0040 4788 Apple Mobile Device - ok
00:26:27.0315 4788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:26:27.0320 4788 arc - ok
00:26:27.0470 4788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:26:27.0495 4788 arcsas - ok
00:26:27.0710 4788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:26:27.0710 4788 AsyncMac - ok
00:26:27.0805 4788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:26:27.0805 4788 atapi - ok
00:26:34.0040 4788 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys
00:26:34.0170 4788 atikmdag - ok
00:26:35.0980 4788 ATSwpWDF (ea512f43f4a28d18b52cafe8c93984fb) C:\Windows\system32\Drivers\ATSwpWDF.sys
00:26:36.0005 4788 ATSwpWDF - ok
00:26:36.0705 4788 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:26:36.0725 4788 AudioEndpointBuilder - ok
00:26:36.0730 4788 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:26:36.0735 4788 AudioSrv - ok
00:26:36.0910 4788 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:26:36.0930 4788 AxInstSV - ok
00:26:37.0580 4788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:26:37.0610 4788 b06bdrv - ok
00:26:38.0000 4788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:26:38.0030 4788 b57nd60a - ok
00:26:38.0165 4788 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:26:38.0190 4788 BDESVC - ok
00:26:38.0460 4788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:26:38.0470 4788 Beep - ok
00:26:39.0230 4788 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:26:39.0245 4788 BFE - ok
00:26:39.0475 4788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:26:39.0485 4788 blbdrive - ok
00:26:40.0230 4788 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:26:40.0260 4788 Bonjour Service - ok
00:26:40.0530 4788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:26:40.0530 4788 bowser - ok
00:26:40.0595 4788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:26:40.0600 4788 BrFiltLo - ok
00:26:40.0625 4788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:26:40.0625 4788 BrFiltUp - ok
00:26:40.0810 4788 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:26:40.0825 4788 BridgeMP - ok
00:26:41.0100 4788 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:26:41.0100 4788 Browser - ok
00:26:41.0455 4788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:26:41.0470 4788 Brserid - ok
00:26:41.0570 4788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:26:41.0570 4788 BrSerWdm - ok
00:26:41.0610 4788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:26:41.0620 4788 BrUsbMdm - ok
00:26:41.0670 4788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:26:41.0675 4788 BrUsbSer - ok
00:26:41.0875 4788 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:26:41.0875 4788 BthEnum - ok
00:26:42.0060 4788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:26:42.0085 4788 BTHMODEM - ok
00:26:42.0400 4788 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:26:42.0420 4788 BthPan - ok
00:26:42.0980 4788 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:26:43.0000 4788 BTHPORT - ok
00:26:43.0105 4788 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:26:43.0115 4788 bthserv - ok
00:26:43.0310 4788 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:26:43.0320 4788 BTHUSB - ok
00:26:43.0425 4788 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
00:26:43.0425 4788 btusbflt - ok
00:26:43.0831 4788 catchme - ok
00:26:43.0961 4788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:26:43.0966 4788 cdfs - ok
00:26:44.0221 4788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:26:44.0236 4788 cdrom - ok
00:26:44.0371 4788 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:26:44.0376 4788 CertPropSvc - ok
00:26:44.0471 4788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:26:44.0471 4788 circlass - ok
00:26:45.0091 4788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:26:45.0106 4788 CLFS - ok
00:26:45.0466 4788 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:26:45.0486 4788 clr_optimization_v2.0.50727_32 - ok
00:26:45.0841 4788 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:26:45.0841 4788 clr_optimization_v2.0.50727_64 - ok
00:26:46.0221 4788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:26:46.0231 4788 clr_optimization_v4.0.30319_32 - ok
00:26:46.0531 4788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:26:46.0541 4788 clr_optimization_v4.0.30319_64 - ok
00:26:46.0686 4788 clwvd - ok
00:26:46.0781 4788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:26:46.0791 4788 CmBatt - ok
00:26:46.0906 4788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:26:46.0906 4788 cmdide - ok
00:26:47.0811 4788 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
00:26:47.0856 4788 CNG - ok
00:26:47.0911 4788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:26:47.0911 4788 Compbatt - ok
00:26:48.0001 4788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:26:48.0016 4788 CompositeBus - ok
00:26:48.0021 4788 COMSysApp - ok
00:26:48.0301 4788 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
00:26:48.0301 4788 cpudrv64 - ok
00:26:48.0351 4788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:26:48.0356 4788 crcdisk - ok
00:26:48.0661 4788 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:26:48.0661 4788 CryptSvc - ok
00:26:48.0871 4788 customsvc (324421ebddda3721e719a8ad20e92113) C:\Program Files\OSD\Service1.exe
00:26:48.0871 4788 customsvc - ok
00:26:49.0531 4788 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:26:49.0536 4788 DcomLaunch - ok
00:26:49.0926 4788 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:26:49.0941 4788 defragsvc - ok
00:26:50.0146 4788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:26:50.0176 4788 DfsC - ok
00:26:50.0636 4788 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:26:50.0671 4788 Dhcp - ok
00:26:50.0806 4788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:26:50.0811 4788 discache - ok
00:26:50.0966 4788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:26:50.0976 4788 Disk - ok
00:26:51.0231 4788 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:26:51.0251 4788 Dnscache - ok
00:26:51.0526 4788 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:26:51.0546 4788 dot3svc - ok
00:26:51.0896 4788 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
00:26:51.0906 4788 Dot4 - ok
00:26:52.0111 4788 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
00:26:52.0131 4788 Dot4Print - ok
00:26:52.0301 4788 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
00:26:52.0301 4788 dot4usb - ok
00:26:52.0556 4788 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:26:52.0576 4788 DPS - ok
00:26:52.0846 4788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:26:52.0846 4788 drmkaud - ok
00:26:54.0091 4788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:26:54.0096 4788 DXGKrnl - ok
00:26:54.0246 4788 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:26:54.0256 4788 EapHost - ok
00:26:57.0427 4788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:26:57.0527 4788 ebdrv - ok
00:26:58.0302 4788 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:26:58.0302 4788 EFS - ok
00:26:59.0057 4788 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:26:59.0072 4788 ehRecvr - ok
00:26:59.0507 4788 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:26:59.0537 4788 ehSched - ok
00:27:00.0643 4788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:27:00.0688 4788 elxstor - ok
00:27:00.0733 4788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:27:00.0738 4788 ErrDev - ok
00:27:01.0018 4788 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
00:27:01.0018 4788 esgiguard - ok
00:27:01.0608 4788 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:27:01.0613 4788 EventSystem - ok
00:27:01.0888 4788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:27:01.0923 4788 exfat - ok
00:27:02.0448 4788 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
00:27:02.0488 4788 FACAP - ok
00:27:05.0423 4788 FAService (935867267a37317e5c1089019e1851b8) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
00:27:05.0443 4788 FAService - ok
00:27:06.0558 4788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:27:06.0568 4788 fastfat - ok
00:27:07.0208 4788 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:27:07.0228 4788 Fax - ok
00:27:07.0323 4788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:27:07.0328 4788 fdc - ok
00:27:07.0373 4788 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:27:07.0378 4788 fdPHost - ok
00:27:07.0443 4788 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:27:07.0443 4788 FDResPub - ok
00:27:07.0748 4788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:27:07.0748 4788 FileInfo - ok
00:27:07.0883 4788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:27:07.0888 4788 Filetrace - ok
00:27:07.0923 4788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:27:07.0938 4788 flpydisk - ok
00:27:08.0313 4788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:27:08.0343 4788 FltMgr - ok
00:27:09.0573 4788 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:27:09.0593 4788 FontCache - ok
00:27:09.0808 4788 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:27:09.0808 4788 FontCache3.0.0.0 - ok
00:27:10.0003 4788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:27:10.0013 4788 FsDepends - ok
00:27:10.0328 4788 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
00:27:10.0388 4788 fssfltr - ok
00:27:12.0468 4788 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:27:12.0518 4788 fsssvc - ok
00:27:13.0808 4788 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:27:13.0808 4788 Fs_Rec - ok
00:27:14.0128 4788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:27:14.0138 4788 fvevol - ok
00:27:14.0213 4788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:27:14.0213 4788 gagp30kx - ok
00:27:14.0303 4788 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:27:14.0303 4788 GEARAspiWDM - ok
00:27:14.0408 4788 gnetpypz - ok
00:27:15.0218 4788 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:27:15.0243 4788 gpsvc - ok
00:27:15.0753 4788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:27:15.0778 4788 gupdate - ok
00:27:15.0908 4788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:27:15.0908 4788 gupdatem - ok
00:27:16.0058 4788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:27:16.0058 4788 hcw85cir - ok
00:27:16.0523 4788 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:27:16.0528 4788 HdAudAddService - ok
00:27:16.0793 4788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:27:16.0813 4788 HDAudBus - ok
00:27:16.0888 4788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:27:16.0898 4788 HidBatt - ok
00:27:17.0023 4788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:27:17.0038 4788 HidBth - ok
00:27:17.0203 4788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:27:17.0203 4788 HidIr - ok
00:27:17.0278 4788 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:27:17.0313 4788 hidserv - ok
00:27:17.0383 4788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:27:17.0393 4788 HidUsb - ok
00:27:17.0513 4788 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:27:17.0518 4788 hkmsvc - ok
00:27:17.0829 4788 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:27:17.0854 4788 HomeGroupListener - ok
00:27:18.0079 4788 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:27:18.0089 4788 HomeGroupProvider - ok
00:27:18.0204 4788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:27:18.0209 4788 HpSAMD - ok
00:27:19.0124 4788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:27:19.0149 4788 HTTP - ok
00:27:19.0274 4788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:27:19.0274 4788 hwpolicy - ok
00:27:19.0519 4788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:27:19.0524 4788 i8042prt - ok
00:27:20.0029 4788 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:27:20.0044 4788 iaStorV - ok
00:27:20.0489 4788 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:27:20.0489 4788 IDriverT - ok
00:27:22.0024 4788 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:27:22.0039 4788 idsvc - ok
00:27:22.0809 4788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:27:22.0819 4788 iirsp - ok
00:27:23.0714 4788 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:27:23.0744 4788 IKEEXT - ok
00:27:24.0359 4788 int15 - ok
00:27:26.0624 4788 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
00:27:26.0639 4788 IntcAzAudAddService - ok
00:27:27.0899 4788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:27:27.0909 4788 intelide - ok
00:27:28.0029 4788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:27:28.0029 4788 intelppm - ok
00:27:28.0154 4788 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:27:28.0169 4788 IPBusEnum - ok
00:27:28.0339 4788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:27:28.0349 4788 IpFilterDriver - ok
00:27:28.0944 4788 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:27:28.0954 4788 iphlpsvc - ok
00:27:29.0104 4788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:27:29.0104 4788 IPMIDRV - ok
00:27:29.0324 4788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:27:29.0334 4788 IPNAT - ok
00:27:30.0829 4788 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
00:27:30.0854 4788 iPod Service - ok
00:27:30.0889 4788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:27:30.0899 4788 IRENUM - ok
00:27:30.0959 4788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:27:30.0959 4788 isapnp - ok
00:27:31.0244 4788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:27:31.0274 4788 iScsiPrt - ok
00:27:31.0539 4788 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys
00:27:31.0544 4788 JRAID - ok
00:27:31.0699 4788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:27:31.0699 4788 kbdclass - ok
00:27:31.0859 4788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:27:31.0859 4788 kbdhid - ok
00:27:31.0909 4788 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:27:31.0909 4788 KeyIso - ok
00:27:32.0029 4788 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
00:27:32.0029 4788 KSecDD - ok
00:27:32.0329 4788 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
00:27:32.0339 4788 KSecPkg - ok
00:27:32.0534 4788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:27:32.0539 4788 ksthunk - ok
00:27:32.0989 4788 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:27:33.0014 4788 KtmRm - ok
00:27:33.0379 4788 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:27:33.0394 4788 LanmanServer - ok
00:27:33.0599 4788 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:27:33.0604 4788 LanmanWorkstation - ok
00:27:33.0750 4788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:27:33.0760 4788 lltdio - ok
00:27:34.0310 4788 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:27:34.0330 4788 lltdsvc - ok
00:27:34.0400 4788 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:27:34.0405 4788 lmhosts - ok
00:27:34.0560 4788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:27:34.0560 4788 LSI_FC - ok
00:27:34.0765 4788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:27:34.0805 4788 LSI_SAS - ok
00:27:34.0905 4788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:27:34.0915 4788 LSI_SAS2 - ok
00:27:35.0070 4788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:27:35.0090 4788 LSI_SCSI - ok
00:27:35.0340 4788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:27:35.0345 4788 luafv - ok
00:27:35.0830 4788 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys
00:27:35.0855 4788 lvpopf64 - ok
00:27:35.0965 4788 LVPr2M64 - ok
00:27:36.0360 4788 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
00:27:36.0390 4788 LVRS64 - ok
00:27:42.0630 4788 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
00:27:42.0755 4788 LVUVC64 - ok
00:27:43.0745 4788 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:27:43.0755 4788 Mcx2Svc - ok
00:27:43.0970 4788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:27:43.0985 4788 megasas - ok
00:27:44.0370 4788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:27:44.0405 4788 MegaSR - ok
00:27:44.0550 4788 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:27:44.0565 4788 MMCSS - ok
00:27:44.0625 4788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:27:44.0625 4788 Modem - ok
00:27:44.0880 4788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:27:44.0880 4788 monitor - ok
00:27:44.0995 4788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:27:44.0995 4788 mouclass - ok
00:27:45.0070 4788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:27:45.0075 4788 mouhid - ok
00:27:45.0220 4788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:27:45.0230 4788 mountmgr - ok
00:27:45.0755 4788 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:27:45.0780 4788 MozillaMaintenance - ok
00:27:46.0005 4788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:27:46.0025 4788 mpio - ok
00:27:46.0145 4788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:27:46.0150 4788 mpsdrv - ok
00:27:47.0615 4788 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:27:47.0705 4788 MpsSvc - ok
00:27:47.0950 4788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:27:47.0980 4788 MRxDAV - ok
00:27:48.0355 4788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:27:48.0355 4788 mrxsmb - ok
00:27:48.0760 4788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:27:48.0765 4788 mrxsmb10 - ok
00:27:49.0010 4788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:27:49.0035 4788 mrxsmb20 - ok
00:27:49.0105 4788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:27:49.0105 4788 msahci - ok
00:27:49.0370 4788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:27:49.0375 4788 msdsm - ok
00:27:49.0595 4788 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:27:49.0620 4788 MSDTC - ok
00:27:49.0766 4788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:27:49.0771 4788 Msfs - ok
00:27:49.0846 4788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:27:49.0871 4788 mshidkmdf - ok
00:27:49.0931 4788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:27:49.0931 4788 msisadrv - ok
00:27:50.0131 4788 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:27:50.0146 4788 MSiSCSI - ok
00:27:50.0151 4788 msiserver - ok
00:27:50.0326 4788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:27:50.0336 4788 MSKSSRV - ok
00:27:50.0361 4788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:27:50.0366 4788 MSPCLOCK - ok
00:27:50.0416 4788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:27:50.0416 4788 MSPQM - ok
00:27:50.0966 4788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:27:51.0006 4788 MsRPC - ok
00:27:51.0201 4788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:27:51.0206 4788 mssmbios - ok
00:27:51.0336 4788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:27:51.0341 4788 MSTEE - ok
00:27:51.0396 4788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:27:51.0396 4788 MTConfig - ok
00:27:51.0506 4788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:27:51.0506 4788 Mup - ok
00:27:51.0986 4788 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:27:52.0016 4788 napagent - ok
00:27:52.0361 4788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:27:52.0386 4788 NativeWifiP - ok
00:27:53.0496 4788 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) C:\Program Files (x86)\Nero\Update\NASvc.exe
00:27:53.0516 4788 NAUpdate - ok
00:27:54.0481 4788 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:27:54.0486 4788 NDIS - ok
00:27:54.0561 4788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:27:54.0571 4788 NdisCap - ok
00:27:54.0756 4788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:27:54.0756 4788 NdisTapi - ok
00:27:54.0956 4788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:27:54.0976 4788 Ndisuio - ok
00:27:55.0261 4788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:27:55.0271 4788 NdisWan - ok
00:27:55.0466 4788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:27:55.0466 4788 NDProxy - ok
00:27:56.0601 4788 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
00:27:56.0651 4788 Nero BackItUp Scheduler 4.0 - ok
00:27:56.0781 4788 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
00:27:56.0786 4788 Net Driver HPZ12 - ok
00:27:56.0916 4788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:27:56.0921 4788 NetBIOS - ok
00:27:57.0411 4788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:27:57.0431 4788 NetBT - ok
00:27:57.0481 4788 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:27:57.0486 4788 Netlogon - ok
00:27:57.0861 4788 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:27:57.0866 4788 Netman - ok
00:27:58.0291 4788 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:27:58.0326 4788 netprofm - ok
00:27:58.0676 4788 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:27:58.0696 4788 NetTcpPortSharing - ok
00:28:04.0286 4788 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
00:28:04.0406 4788 netw5v64 - ok
00:28:13.0797 4788 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
00:28:13.0967 4788 NETwNs64 - ok
00:28:14.0962 4788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:28:14.0972 4788 nfrd960 - ok
00:28:15.0462 4788 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:28:15.0532 4788 NlaSvc - ok
00:28:15.0652 4788 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
00:28:15.0652 4788 NPF - ok
00:28:15.0902 4788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:28:15.0902 4788 Npfs - ok
00:28:15.0947 4788 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:28:15.0952 4788 nsi - ok
00:28:16.0122 4788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:28:16.0122 4788 nsiproxy - ok
00:28:17.0747 4788 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:28:17.0757 4788 Ntfs - ok
00:28:18.0987 4788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:28:18.0987 4788 Null - ok
00:28:19.0192 4788 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:28:19.0207 4788 nvraid - ok
00:28:19.0517 4788 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:28:19.0527 4788 nvstor - ok
00:28:19.0717 4788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:28:19.0747 4788 nv_agp - ok
00:28:20.0587 4788 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:28:20.0612 4788 odserv - ok
00:28:20.0697 4788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:28:20.0702 4788 ohci1394 - ok
00:28:20.0977 4788 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:28:20.0987 4788 ose - ok
00:28:21.0412 4788 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:28:21.0422 4788 p2pimsvc - ok
00:28:21.0897 4788 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:28:21.0922 4788 p2psvc - ok
00:28:22.0057 4788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:28:22.0097 4788 Parport - ok
00:28:22.0192 4788 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:28:22.0192 4788 partmgr - ok
00:28:22.0432 4788 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:28:22.0457 4788 PcaSvc - ok
00:28:22.0792 4788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:28:22.0827 4788 pci - ok
00:28:22.0907 4788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:28:22.0907 4788 pciide - ok
00:28:23.0162 4788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:28:23.0177 4788 pcmcia - ok
00:28:23.0327 4788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:28:23.0327 4788 pcw - ok
00:28:24.0038 4788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:28:24.0048 4788 PEAUTH - ok
00:28:25.0193 4788 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:28:25.0198 4788 PerfHost - ok
00:28:26.0503 4788 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:28:26.0538 4788 pla - ok
00:28:26.0988 4788 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:28:27.0008 4788 PlugPlay - ok
00:28:27.0128 4788 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
00:28:27.0128 4788 Pml Driver HPZ12 - ok
00:28:27.0263 4788 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:28:27.0268 4788 PNRPAutoReg - ok
00:28:27.0578 4788 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:28:27.0583 4788 PNRPsvc - ok
00:28:28.0123 4788 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:28:28.0143 4788 PolicyAgent - ok
00:28:28.0333 4788 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:28:28.0338 4788 Power - ok
00:28:28.0618 4788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:28:28.0638 4788 PptpMiniport - ok
00:28:28.0773 4788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:28:28.0793 4788 Processor - ok
00:28:29.0043 4788 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:28:29.0083 4788 ProfSvc - ok
00:28:29.0148 4788 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:28:29.0153 4788 ProtectedStorage - ok
00:28:29.0333 4788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:28:29.0348 4788 Psched - ok
00:28:30.0763 4788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:28:30.0803 4788 ql2300 - ok
00:28:31.0923 4788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:28:31.0938 4788 ql40xx - ok
00:28:32.0263 4788 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:28:32.0268 4788 QWAVE - ok
00:28:32.0438 4788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:28:32.0438 4788 QWAVEdrv - ok
00:28:32.0493 4788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:28:32.0493 4788 RasAcd - ok
00:28:32.0593 4788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:28:32.0603 4788 RasAgileVpn - ok
00:28:32.0758 4788 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:28:32.0778 4788 RasAuto - ok
00:28:32.0878 4788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:28:32.0903 4788 Rasl2tp - ok
00:28:33.0263 4788 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:28:33.0303 4788 RasMan - ok
00:28:33.0513 4788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:28:33.0528 4788 RasPppoe - ok
00:28:33.0608 4788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:28:33.0623 4788 RasSstp - ok
00:28:34.0008 4788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:28:34.0023 4788 rdbss - ok
00:28:34.0128 4788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:28:34.0128 4788 rdpbus - ok
00:28:34.0188 4788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:28:34.0188 4788 RDPCDD - ok
00:28:34.0213 4788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:28:34.0213 4788 RDPENCDD - ok
00:28:34.0238 4788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:28:34.0238 4788 RDPREFMP - ok
00:28:34.0553 4788 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:28:34.0578 4788 RDPWD - ok
00:28:34.0883 4788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:28:34.0888 4788 rdyboost - ok
00:28:35.0013 4788 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:28:35.0018 4788 RemoteAccess - ok
00:28:35.0238 4788 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:28:35.0238 4788 RemoteRegistry - ok
00:28:35.0668 4788 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:28:35.0683 4788 RFCOMM - ok
00:28:35.0778 4788 rimmptsk (528d70eabe8305a02f387fec839b9a47) C:\Windows\system32\DRIVERS\rimmpx64.sys
00:28:35.0778 4788 rimmptsk - ok
00:28:35.0958 4788 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
00:28:35.0963 4788 rimsptsk - ok
00:28:36.0298 4788 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
00:28:36.0303 4788 rpcapd - ok
00:28:36.0438 4788 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:28:36.0448 4788 RpcEptMapper - ok
00:28:36.0503 4788 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:28:36.0528 4788 RpcLocator - ok
00:28:37.0043 4788 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:28:37.0048 4788 RpcSs - ok
00:28:37.0173 4788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:28:37.0173 4788 rspndr - ok
00:28:37.0263 4788 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:28:37.0263 4788 SamSs - ok
00:28:37.0433 4788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:28:37.0433 4788 sbp2port - ok
00:28:38.0788 4788 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:28:38.0808 4788 SBSDWSCService - ok
00:28:39.0103 4788 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:28:39.0123 4788 SCardSvr - ok
00:28:39.0298 4788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:28:39.0303 4788 scfilter - ok
00:28:40.0314 4788 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:28:40.0324 4788 Schedule - ok
00:28:40.0499 4788 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:28:40.0499 4788 SCPolicySvc - ok
00:28:40.0704 4788 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
00:28:40.0714 4788 sdbus - ok
00:28:40.0974 4788 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:28:40.0984 4788 SDRSVC - ok
00:28:41.0579 4788 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:28:41.0609 4788 SeaPort - ok
00:28:41.0734 4788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:28:41.0739 4788 secdrv - ok
00:28:41.0819 4788 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:28:41.0824 4788 seclogon - ok
00:28:41.0949 4788 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:28:41.0954 4788 SENS - ok
00:28:42.0024 4788 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:28:42.0029 4788 SensrSvc - ok
00:28:42.0094 4788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:28:42.0104 4788 Serenum - ok
00:28:42.0204 4788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:28:42.0254 4788 Serial - ok
00:28:42.0344 4788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:28:42.0349 4788 sermouse - ok
00:28:42.0634 4788 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:28:42.0644 4788 SessionEnv - ok
00:28:42.0719 4788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:28:42.0724 4788 sffdisk - ok
00:28:42.0784 4788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:28:42.0799 4788 sffp_mmc - ok
00:28:42.0909 4788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:28:42.0909 4788 sffp_sd - ok
00:28:42.0949 4788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:28:42.0949 4788 sfloppy - ok
00:28:43.0564 4788 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:28:43.0604 4788 SharedAccess - ok
00:28:44.0249 4788 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:28:44.0249 4788 ShellHWDetection - ok
00:28:44.0509 4788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:28:44.0514 4788 SiSRaid2 - ok
00:28:44.0674 4788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:28:44.0679 4788 SiSRaid4 - ok
00:28:48.0569 4788 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:28:48.0639 4788 Skype C2C Service - ok
00:28:49.0239 4788 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:28:49.0249 4788 SkypeUpdate - ok
00:28:50.0454 4788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:28:50.0464 4788 Smb - ok
00:28:50.0534 4788 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:28:50.0539 4788 SNMPTRAP - ok
00:28:50.0609 4788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:28:50.0609 4788 spldr - ok
00:28:51.0504 4788 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:28:51.0509 4788 Spooler - ok
00:28:55.0364 4788 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:28:55.0489 4788 sppsvc - ok
00:28:56.0755 4788 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:28:56.0760 4788 sppuinotify - ok
00:28:57.0975 4788 SpyHunter 4 Service (cef26d36cf0c8a2ae6aac27767070308) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
00:28:57.0980 4788 SpyHunter 4 Service - ok
00:28:58.0585 4788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:28:58.0595 4788 srv - ok
00:28:59.0135 4788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:28:59.0170 4788 srv2 - ok
00:28:59.0410 4788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:28:59.0420 4788 srvnet - ok
00:28:59.0825 4788 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:28:59.0830 4788 SSDPSRV - ok
00:28:59.0955 4788 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:28:59.0960 4788 SstpSvc - ok
00:29:00.0025 4788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:29:00.0040 4788 stexstor - ok
00:29:00.0205 4788 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
00:29:00.0220 4788 StillCam - ok
00:29:00.0915 4788 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:29:00.0955 4788 stisvc - ok
00:29:01.0160 4788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:29:01.0160 4788 swenum - ok
00:29:01.0660 4788 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:29:01.0685 4788 swprv - ok
00:29:03.0460 4788 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:29:03.0530 4788 SysMain - ok
00:29:04.0375 4788 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:29:04.0395 4788 TabletInputService - ok
00:29:04.0610 4788 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
00:29:04.0615 4788 taphss - ok
00:29:04.0980 4788 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:29:04.0985 4788 TapiSrv - ok
00:29:05.0190 4788 tbhsd (4430e9b4c60aab672d16e801bad0555e) C:\Windows\system32\drivers\tbhsd.sys
00:29:05.0200 4788 tbhsd - ok
00:29:05.0340 4788 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:29:05.0345 4788 TBS - ok
00:29:07.0105 4788 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:29:07.0120 4788 Tcpip - ok
00:29:09.0851 4788 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:29:09.0866 4788 TCPIP6 - ok
00:29:10.0806 4788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:29:10.0806 4788 tcpipreg - ok
00:29:10.0886 4788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:29:10.0906 4788 TDPIPE - ok
00:29:11.0026 4788 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:29:11.0026 4788 TDTCP - ok
00:29:11.0271 4788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:29:11.0271 4788 tdx - ok
00:29:11.0406 4788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:29:11.0406 4788 TermDD - ok
00:29:12.0086 4788 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:29:12.0096 4788 TermService - ok
00:29:12.0196 4788 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:29:12.0211 4788 Themes - ok
00:29:12.0291 4788 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:29:12.0291 4788 THREADORDER - ok
00:29:12.0521 4788 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:29:12.0526 4788 TrkWks - ok
00:29:12.0841 4788 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:29:12.0871 4788 TrustedInstaller - ok
00:29:12.0996 4788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:29:13.0001 4788 tssecsrv - ok
00:29:13.0316 4788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:29:13.0316 4788 TsUsbFlt - ok
00:29:13.0626 4788 TTM57SLUsb (2169892c15c769e190e70510980d43c0) C:\Windows\system32\Drivers\TTM57SLUsb.sys
00:29:13.0636 4788 TTM57SLUsb - ok
00:29:13.0856 4788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:29:13.0866 4788 tunnel - ok
00:29:14.0301 4788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:29:14.0306 4788 uagp35 - ok
00:29:15.0251 4788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:29:15.0291 4788 udfs - ok
00:29:15.0521 4788 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:29:15.0551 4788 UI0Detect - ok
00:29:15.0606 4788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:29:15.0616 4788 uliagpkx - ok
00:29:15.0711 4788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:29:15.0716 4788 umbus - ok
00:29:15.0786 4788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:29:15.0791 4788 UmPass - ok
00:29:16.0066 4788 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:29:16.0081 4788 upnphost - ok
00:29:16.0211 4788 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:29:16.0211 4788 USBAAPL64 - ok
00:29:16.0531 4788 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:29:16.0551 4788 usbaudio - ok
00:29:16.0701 4788 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:29:16.0711 4788 usbccgp - ok
00:29:16.0796 4788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:29:16.0846 4788 usbcir - ok
00:29:17.0016 4788 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:29:17.0026 4788 usbehci - ok
00:29:17.0411 4788 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:29:17.0451 4788 usbhub - ok
00:29:17.0546 4788 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:29:17.0551 4788 usbohci - ok
00:29:17.0701 4788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:29:17.0706 4788 usbprint - ok
00:29:17.0826 4788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:29:17.0831 4788 usbscan - ok
00:29:18.0046 4788 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:29:18.0046 4788 USBSTOR - ok
00:29:18.0141 4788 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
00:29:18.0141 4788 usbuhci - ok
00:29:18.0326 4788 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:29:18.0351 4788 usbvideo - ok
00:29:18.0486 4788 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:29:18.0486 4788 UxSms - ok
00:29:18.0581 4788 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:29:18.0581 4788 VaultSvc - ok
00:29:18.0636 4788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:29:18.0641 4788 vdrvroot - ok
00:29:19.0216 4788 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:29:19.0241 4788 vds - ok
00:29:19.0306 4788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:29:19.0311 4788 vga - ok
00:29:19.0386 4788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:29:19.0386 4788 VgaSave - ok
00:29:19.0686 4788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:29:19.0706 4788 vhdmp - ok
00:29:19.0766 4788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:29:19.0786 4788 viaide - ok
00:29:19.0956 4788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:29:19.0961 4788 volmgr - ok
00:29:20.0631 4788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:29:20.0671 4788 volmgrx - ok
00:29:21.0031 4788 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:29:21.0071 4788 volsnap - ok
00:29:21.0236 4788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:29:21.0241 4788 vsmraid - ok
00:29:22.0802 4788 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:29:22.0847 4788 VSS - ok
00:29:23.0883 4788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:29:23.0898 4788 vwifibus - ok
00:29:24.0098 4788 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:29:24.0108 4788 VWiFiFlt - ok
00:29:24.0193 4788 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:29:24.0198 4788 vwifimp - ok
00:29:24.0633 4788 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:29:24.0648 4788 W32Time - ok
00:29:24.0703 4788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:29:24.0723 4788 WacomPen - ok
00:29:24.0828 4788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:24.0833 4788 WANARP - ok
00:29:24.0838 4788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:29:24.0838 4788 Wanarpv6 - ok
00:29:26.0118 4788 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:29:26.0153 4788 WatAdminSvc - ok
00:29:27.0588 4788 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:29:27.0653 4788 wbengine - ok
00:29:28.0603 4788 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:29:28.0613 4788 WbioSrvc - ok
00:29:29.0118 4788 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:29:29.0148 4788 wcncsvc - ok
00:29:29.0208 4788 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:29:29.0223 4788 WcsPlugInService - ok
00:29:29.0588 4788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:29:29.0593 4788 Wd - ok
00:29:30.0153 4788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:29:30.0188 4788 Wdf01000 - ok
00:29:30.0283 4788 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:29:30.0298 4788 WdiServiceHost - ok
00:29:30.0298 4788 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:29:30.0303 4788 WdiSystemHost - ok
00:29:30.0768 4788 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:29:30.0808 4788 WebClient - ok
00:29:31.0048 4788 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:29:31.0073 4788 Wecsvc - ok
00:29:31.0178 4788 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:29:31.0198 4788 wercplsupport - ok
00:29:31.0308 4788 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:29:31.0313 4788 WerSvc - ok
00:29:31.0558 4788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:29:31.0568 4788 WfpLwf - ok
00:29:31.0613 4788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:29:31.0613 4788 WIMMount - ok
00:29:31.0768 4788 WinDefend - ok
00:29:31.0778 4788 WinHttpAutoProxySvc - ok
00:29:32.0188 4788 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:29:32.0198 4788 Winmgmt - ok
00:29:32.0523 4788 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files\OSD\WinRing0x64.sys
00:29:32.0523 4788 WinRing0_1_2_0 - ok
00:29:34.0258 4788 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:29:34.0313 4788 WinRM - ok
00:29:35.0508 4788 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
00:29:35.0528 4788 WinUSB - ok
00:29:36.0343 4788 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:29:36.0373 4788 Wlansvc - ok
00:29:38.0809 4788 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:29:38.0864 4788 wlidsvc - ok
00:29:40.0084 4788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:29:40.0099 4788 WmiAcpi - ok
00:29:40.0399 4788 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:29:40.0419 4788 wmiApSrv - ok
00:29:40.0604 4788 WMPNetworkSvc - ok
00:29:41.0234 4788 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
00:29:41.0264 4788 WMZuneComm - ok
00:29:41.0334 4788 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:29:41.0339 4788 WPCSvc - ok
00:29:41.0639 4788 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:29:41.0649 4788 WPDBusEnum - ok
00:29:41.0739 4788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:29:41.0739 4788 ws2ifsl - ok
00:29:41.0899 4788 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:29:41.0914 4788 wscsvc - ok
00:29:42.0039 4788 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:29:42.0039 4788 WSDPrintDevice - ok
00:29:42.0044 4788 WSearch - ok
00:29:45.0169 4788 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:29:45.0249 4788 wuauserv - ok
00:29:46.0489 4788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:29:46.0509 4788 WudfPf - ok
00:29:46.0739 4788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:29:46.0764 4788 WUDFRd - ok
00:29:47.0024 4788 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:29:47.0054 4788 wudfsvc - ok
00:29:47.0359 4788 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:29:47.0379 4788 WwanSvc - ok
00:29:48.0269 4788 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:29:48.0294 4788 YahooAUService - ok
00:29:48.0689 4788 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
00:29:48.0699 4788 yukonw7 - ok
00:29:57.0155 4788 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
00:29:57.0310 4788 ZuneNetworkSvc - ok
00:29:58.0090 4788 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
00:29:58.0105 4788 ZuneWlanCfgSvc - ok
00:29:58.0135 4788 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:30:01.0250 4788 \Device\Harddisk0\DR0 - ok
00:30:01.0285 4788 MBR (0x1B8) (08b26729634452d0c2889c002b1bb97c) \Device\Harddisk1\DR1
00:30:01.0870 4788 \Device\Harddisk1\DR1 - ok
00:30:01.0875 4788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
00:30:01.0875 4788 \Device\Harddisk2\DR2 - ok
00:30:01.0900 4788 Boot (0x1200) (1a87b8e1dc9f83b18935130276819f3a) \Device\Harddisk0\DR0\Partition0
00:30:01.0960 4788 \Device\Harddisk0\DR0\Partition0 - ok
00:30:01.0995 4788 Boot (0x1200) (e4424f6c11311fe06fdbb2e9487eb2ae) \Device\Harddisk1\DR1\Partition0
00:30:02.0000 4788 \Device\Harddisk1\DR1\Partition0 - ok
00:30:02.0000 4788 Boot (0x1200) (8b3db32b2480e1023e1f201d7b8bc27f) \Device\Harddisk2\DR2\Partition0
00:30:02.0005 4788 \Device\Harddisk2\DR2\Partition0 - ok
00:30:02.0005 4788 ============================================================
00:30:02.0005 4788 Scan finished
00:30:02.0005 4788 ============================================================
00:30:02.0020 4104 Detected object count: 0
00:30:02.0020 4104 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 28 July 2012 - 02:56 AM

greetings


were you able to run the aswMBR scan?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Tha Abacus

Tha Abacus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 28 July 2012 - 03:29 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 00:33:52
-----------------------------
00:33:52.741 OS Version: Windows x64 6.1.7601 Service Pack 1
00:33:52.741 Number of processors: 2 586 0x170A
00:33:52.741 ComputerName: EYEMASTER UserName: DIM
00:34:00.421 Initialize success
00:36:40.493 AVAST engine defs: 12072701
00:37:27.376 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:37:27.381 Disk 0 Vendor: ST9160411ASG DE17 Size: 152627MB BusType: 3
00:37:27.416 Disk 0 MBR read successfully
00:37:27.421 Disk 0 MBR scan
00:37:27.461 Disk 0 Windows 7 default MBR code
00:37:27.476 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140095 MB offset 63
00:37:27.531 Disk 0 Partition 2 00 12 Compaq diag NTFS 12528 MB offset 286916608
00:37:27.631 Disk 0 scanning C:\Windows\system32\drivers
00:37:57.559 Service scanning
00:38:59.517 Modules scanning
00:38:59.522 Disk 0 trace - called modules:
00:38:59.547 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys
00:38:59.552 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bf66d0]
00:38:59.887 3 CLASSPNP.SYS[fffff8800199443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007723060]
00:39:21.018 AVAST engine scan C:\Windows
00:39:31.649 AVAST engine scan C:\Windows\system32
00:48:44.498 AVAST engine scan C:\Windows\system32\drivers
00:49:07.673 AVAST engine scan C:\Users\DIM
01:03:51.227 AVAST engine scan C:\ProgramData
01:07:00.370 Scan finished successfully
01:27:11.233 Disk 0 MBR has been saved successfully to "C:\Users\DIM\Desktop\MBR.dat"
01:27:11.238 The log file has been saved successfully to "C:\Users\DIM\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 28 July 2012 - 03:45 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Tha Abacus

Tha Abacus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 28 July 2012 - 04:44 AM

Gringo,

The combofix log is too big to post or attach! (760KB)

I have not had any other problems.

I can now get into Windows Update, and Firewall again.

Is there any other way I can send you the log file?

Thanks!

Abacus

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 28 July 2012 - 12:13 PM

There is one section called "snapshot" (it should be the largest section) remove that section and send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Tha Abacus

Tha Abacus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 29 July 2012 - 10:26 PM

ComboFix 12-07-27.03 - DIM 07/28/2012 1:52.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8187.5835 [GMT -7:00]
Running from: c:\users\DIM\Desktop\ComboFix.exe
Command switches used :: c:\users\DIM\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 09:04 . 2012-07-28 09:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-28 09:04 . 2012-07-28 09:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-28 09:04 . 2012-07-28 09:04 -------- d-----w- c:\users\DJ I-Master\AppData\Local\temp
2012-07-28 09:04 . 2012-07-28 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 09:04 . 2012-07-28 09:04 -------- d-----w- c:\users\Dajana\AppData\Local\temp
2012-07-27 02:22 . 2012-07-27 02:22 110080 ----a-r- c:\users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-07-27 02:22 . 2012-07-27 02:22 110080 ----a-r- c:\users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-07-27 02:22 . 2012-07-27 02:22 110080 ----a-r- c:\users\DIM\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-07-27 02:22 . 2012-07-27 02:23 -------- d-----w- C:\sh4ldr
2012-07-27 02:22 . 2012-07-27 02:22 -------- d-----w- c:\program files\Enigma Software Group
2012-07-27 02:22 . 2012-07-27 02:23 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-27 01:22 . 2012-07-27 01:22 328704 ----a-w- c:\windows\system32\services.exe.6B20A7F1E30DB398
2012-07-27 01:15 . 2012-07-27 01:15 328704 ----a-w- c:\windows\system32\services.exe.0E4E0C51C3D11496
2012-07-27 01:04 . 2012-07-27 01:04 328704 ----a-w- c:\windows\system32\services.exe.776992E272109844
2012-07-27 00:54 . 2012-07-27 00:54 50392 ----a-w- c:\windows\system32\drivers\pcwdjlfh.sys
2012-07-27 00:54 . 2012-07-27 00:54 328704 ----a-w- c:\windows\system32\services.exe.09AAD79F0F48A8AE
2012-07-26 23:30 . 2012-07-26 23:30 328704 ----a-w- c:\windows\system32\services.exe.FC41785977AF21BD
2012-07-26 23:27 . 2012-07-26 23:27 328704 ----a-w- c:\windows\system32\services.exe.82E8EF7BB53336AD
2012-07-26 23:23 . 2012-07-26 23:23 328704 ----a-w- c:\windows\system32\services.exe.8995B52570C14614
2012-07-26 23:15 . 2012-07-26 23:15 328704 ----a-w- c:\windows\system32\services.exe.E8FB353160D54609
2012-07-26 23:11 . 2012-07-26 23:11 328704 ----a-w- c:\windows\system32\services.exe.FBF04F7463935F35
2012-07-26 23:00 . 2012-07-26 23:00 328704 ----a-w- c:\windows\system32\services.exe.F5976D30D29ADD90
2012-07-25 03:11 . 2012-07-25 03:11 -------- d-----w- c:\program files (x86)\WinDirStat
2012-07-25 01:22 . 2012-07-25 01:22 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software
2012-07-22 12:18 . 2012-07-22 12:18 -------- d-----w- c:\program files (x86)\Real
2012-07-20 18:23 . 2012-06-29 10:04 9133488 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DC8C8F2-CEC5-460F-BE74-9252F03E58CA}\mpengine.dll
2012-07-11 18:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 15:58 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-01 14:31 . 2012-07-01 14:32 -------- d-----w- c:\program files\iTunes
2012-07-01 14:31 . 2012-07-01 14:32 -------- d-----w- c:\program files (x86)\iTunes
2012-07-01 14:31 . 2012-07-01 14:31 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 03:18 . 2012-05-08 08:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 03:18 . 2011-05-17 14:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:02 . 2010-03-26 23:54 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 09:27 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 09:27 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 09:27 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 09:27 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 09:27 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 09:27 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 09:27 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 06:19 . 2012-06-19 09:26 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 06:15 . 2012-06-19 09:26 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-14 06:00 . 2010-06-12 14:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-14 05:59 . 2010-06-12 14:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-14 05:55 . 2010-06-12 14:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-08 08:46 . 2012-05-08 08:46 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-08 08:46 . 2010-04-25 11:30 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-14 09:52 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 09:52 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 09:52 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 09:52 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.

.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-21 6276408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-05-29 25249400]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2009-06-24 95496]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\DIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-9-4 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey AC5031]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 23:31 140552 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 gnetpypz;gnetpypz;c:\windows\system32\drivers\gnetpypz.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 customsvc;Vista Session Launcher Service;c:\program files\OSD\Service1.exe [2008-09-30 13312]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-06 271640]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-06 327704]
R3 LVUVC64;QuickCam for Notebooks Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-06 6379288]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\Drivers\TTM57SLUsb.sys [2011-08-22 50296]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\OSD\WinRing0x64.sys [2008-07-26 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-14 203264]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2009-06-24 2368776]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 54824]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 23640194
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 23640194
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 10:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 03:18]
.
2012-07-25 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2012-06-06 13:14]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 17:28]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-07 17:28]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1924877330-3177915154-4158296574-1000Core.job
- c:\users\DIM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 12:23]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1924877330-3177915154-4158296574-1000UA.job
- c:\users\DIM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 12:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: blackboard.com\ctc
Trusted Zone: labmentors.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\14D65627963616E6027516272796F62702E4564702131333431302D20283: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\2456C6B696E6E253444353: NameServer = 216.146.35.35,216.146.36.36
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\35B4950214633303B4829393830392: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\45572616C602D457A796B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}\C47402441434F4D4: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\DIM\AppData\Roaming\Mozilla\Firefox\Profiles\ul1llkl3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-28 02:18:50
ComboFix-quarantined-files.txt 2012-07-28 09:18
ComboFix2.txt 2012-07-28 07:03
.
Pre-Run: 24,260,288,512 bytes free
Post-Run: 24,041,771,008 bytes free
.
- - End Of File - - D6208730D6DB49EB7FDBD14E92A2B050

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 29 July 2012 - 10:34 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1
BitTorrent
Java™ 6 Update 32
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

[b]"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Tha Abacus

Tha Abacus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:43 AM

Posted 29 July 2012 - 11:34 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DIM :: EYEMASTER [administrator]

7/29/2012 9:05:05 PM
mbam-log-2012-07-29 (21-05-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255315
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:14 PM, on 7/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\DIM\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\DIM\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Vitakey\PwdBank.exe (file missing)
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Vitakey\PwdBank.exe (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://ctc.blackboard.com
O15 - Trusted Zone: http://*.labmentors.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{47043851-DFC3-4D41-B3A9-5E2DBA19242B}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: AWinNotifyVitaKey AC5031 - Invalid registry found
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Vista Session Launcher Service (customsvc) - Unknown owner - C:\Program Files\OSD\Service1.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13688 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users