Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uncoverthenet


  • This topic is locked This topic is locked
42 replies to this topic

#1 stewartsd

stewartsd

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 31 July 2012 - 04:26 PM

Get uncoverthe net popups in Chrome and other browsers -- It would be so great to get rid of this without re-installing everything --

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by upstairs at 16:16:39 on 2012-07-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.968 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\upstairs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\upstairs\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SkyDrive] "C:\Users\upstairs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{7CD5E626-9AAD-46B9-97CA-420300FD534B} : DhcpNameServer = 192.168.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun-x64: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-1-22 563760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-31 18:47:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-31 18:30:01 98816 ----a-w- C:\Windows\sed.exe
2012-07-31 18:30:01 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-31 18:30:01 256000 ----a-w- C:\Windows\PEV.exe
2012-07-31 18:30:01 208896 ----a-w- C:\Windows\MBR.exe
2012-07-31 08:59:09 36864 ----a-w- C:\Windows\SysWow64\agusbsti.dll
2012-07-31 08:58:56 -------- d-----w- C:\Program Files (x86)\Common Files\FotoWire
2012-07-31 08:58:05 306688 ----a-w- C:\Windows\IsUninst.exe
2012-07-30 20:39:34 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6949BE9A-F990-428F-87CF-2F77370CB103}\mpengine.dll
2012-07-29 17:46:41 -------- d-----w- C:\Program Files (x86)\Wyzo
2012-07-29 17:20:33 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-07-29 16:54:28 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-29 16:28:22 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-29 16:26:00 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-29 16:25:56 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-29 16:25:19 -------- d-----w- C:\ProgramData\PC Tools
2012-07-29 16:25:17 -------- d-----w- C:\Users\upstairs\AppData\Roaming\TestApp
2012-07-29 12:00:23 -------- d-----w- C:\Users\upstairs\AppData\Roaming\SUPERAntiSpyware.com
2012-07-27 08:30:18 -------- d-----w- C:\Program Files (x86)\EMCO
2012-07-26 19:50:19 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-26 19:49:02 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-26 19:43:52 -------- d-----w- C:\Users\upstairs\AppData\Roaming\SpeedyPC Software
2012-07-26 19:43:52 -------- d-----w- C:\Users\upstairs\AppData\Roaming\DriverCure
2012-07-26 19:43:20 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-24 19:46:57 -------- d-----w- C:\ProgramData\XoftSpySE
2012-07-11 08:07:48 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 06:27:33 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-05 21:52:52 -------- d-----w- C:\Users\upstairs\AppData\Local\CRE
2012-07-05 21:52:41 -------- d-----w- C:\Users\upstairs\AppData\Local\Vid-Saver
2012-07-05 21:52:35 -------- d-----w- C:\Program Files (x86)\Vid-Saver
2012-07-04 21:53:11 -------- d-----w- C:\Users\upstairs\AppData\Local\WinZip
2012-07-04 21:44:56 -------- d-----w- C:\ProgramData\Premium
2012-07-04 21:44:36 -------- d-----w- C:\ProgramData\InstallMate
2012-07-04 11:36:47 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D0BF393-E1FB-402F-84FB-DF6B616DA082}\gapaengine.dll
2012-07-02 11:21:02 -------- d-----w- C:\PFiles
.
==================== Find3M ====================
.
2012-07-08 14:39:00 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-08 14:39:00 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-05 00:29:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-05 00:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 16:17:20.13 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 AM

Posted 03 August 2012 - 12:58 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 stewartsd

stewartsd
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 04 August 2012 - 01:05 PM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Thunderbird (14.0.)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#4 stewartsd

stewartsd
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 04 August 2012 - 01:30 PM

ComboFix 12-08-04.02 - upstairs 08/04/2012 13:18:46.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1153 [GMT -5:00]
Running from: c:\users\upstairs\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 18:26 . 2012-08-04 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 11:28 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{271B9FD1-0392-482D-B604-361C1A4E8D7F}\mpengine.dll
2012-08-04 11:27 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 08:59 . 2000-06-29 14:00 36864 ----a-w- c:\windows\SysWow64\agusbsti.dll
2012-07-31 08:58 . 2012-07-31 18:13 -------- d-----w- c:\program files (x86)\Common Files\FotoWire
2012-07-31 08:58 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-29 17:46 . 2012-07-29 17:46 -------- d-----w- c:\program files (x86)\Wyzo
2012-07-29 17:20 . 2012-07-29 17:43 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-07-29 16:28 . 2012-07-29 17:15 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-29 16:26 . 2012-06-22 20:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-29 16:25 . 2012-07-29 17:43 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-29 16:25 . 2012-07-29 17:42 -------- d-----w- c:\programdata\PC Tools
2012-07-29 16:25 . 2012-07-29 16:25 -------- d-----w- c:\users\upstairs\AppData\Roaming\TestApp
2012-07-29 12:00 . 2012-07-29 12:00 -------- d-----w- c:\users\upstairs\AppData\Roaming\SUPERAntiSpyware.com
2012-07-27 08:30 . 2012-07-27 08:30 -------- d-----w- c:\program files (x86)\EMCO
2012-07-26 19:50 . 2012-07-26 19:50 -------- d-----w- c:\program files\Enigma Software Group
2012-07-26 19:49 . 2012-07-27 08:44 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-26 19:43 . 2012-07-26 19:43 -------- d-----w- c:\users\upstairs\AppData\Roaming\SpeedyPC Software
2012-07-26 19:43 . 2012-07-26 19:43 -------- d-----w- c:\users\upstairs\AppData\Roaming\DriverCure
2012-07-26 19:43 . 2012-07-26 22:11 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-24 19:46 . 2012-07-24 19:46 -------- d-----w- c:\programdata\XoftSpySE
2012-07-11 08:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:01 . 2012-06-02 12:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-07-11 06:27 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-08 14:38 . 2012-07-08 14:38 -------- d-----w- c:\windows\system32\Macromed
2012-07-05 21:52 . 2012-07-05 21:52 -------- d-----w- c:\users\upstairs\AppData\Local\CRE
2012-07-05 21:52 . 2012-07-05 21:52 -------- d-----w- c:\users\upstairs\AppData\Local\Vid-Saver
2012-07-05 21:52 . 2012-07-05 21:53 -------- d-----w- c:\program files (x86)\Vid-Saver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 08:03 . 2012-03-02 16:33 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-08 14:39 . 2012-06-16 22:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-08 14:39 . 2012-06-16 22:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:19 . 2012-06-22 21:43 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 21:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 21:43 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 21:43 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 21:43 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 21:43 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 21:43 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 21:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 21:42 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_18.40.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-29 18:13 . 2012-08-04 18:16 38614 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-04 18:16 29778 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-29 18:00 . 2012-08-04 18:16 12414 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-899631612-3014446547-3777632968-1001_UserData.bin
+ 2012-08-04 18:14 . 2012-08-04 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-31 18:23 . 2012-07-31 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-31 18:23 . 2012-07-31 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-04 18:14 . 2012-08-04 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-31 18:22 385184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-04 18:13 385184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-01 21:34 . 2012-08-04 18:13 1374432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-01 21:34 . 2012-07-31 18:22 1374432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-29 20:50 . 2012-08-04 18:13 3097492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-899631612-3014446547-3777632968-1001-8192.dat
- 2012-02-29 20:50 . 2012-07-31 18:22 3097492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-899631612-3014446547-3777632968-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-20 08:30 220624 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-20 08:30 220624 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-20 08:30 220624 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SkyDrive"="c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-20 238544]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-06-14 10555904]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"boincmgr"="c:\program files (x86)\BOINC\boincmgr.exe" [2010-09-24 4543232]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2010-09-24 58112]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 6.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-3-15 174064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-28 240232]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-01-23 80944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899631612-3014446547-3777632968-1001Core.job
- c:\users\upstairs\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-08 14:41]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899631612-3014446547-3777632968-1001UA.job
- c:\users\upstairs\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-08 14:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-20 08:30 244688 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-20 08:30 244688 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-20 08:30 244688 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.10.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,34,8e,35,99,63,74,49,be,44,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,34,8e,35,99,63,74,49,be,44,b4,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-04 13:29:14
ComboFix-quarantined-files.txt 2012-08-04 18:29
ComboFix2.txt 2012-08-04 11:24
ComboFix3.txt 2012-07-31 18:43
.
Pre-Run: 71,617,921,024 bytes free
Post-Run: 71,551,934,464 bytes free
.
- - End Of File - - 58564A17C6C5E901B567F97C42883F7A

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 AM

Posted 04 August 2012 - 02:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 stewartsd

stewartsd
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 04 August 2012 - 05:34 PM

16:13:30.0467 3628 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:13:30.0744 3628 ============================================================
16:13:30.0744 3628 Current date / time: 2012/08/04 16:13:30.0744
16:13:30.0744 3628 SystemInfo:
16:13:30.0744 3628
16:13:30.0744 3628 OS Version: 6.1.7601 ServicePack: 1.0
16:13:30.0744 3628 Product type: Workstation
16:13:30.0745 3628 ComputerName: UPSTAIRS-PC
16:13:30.0745 3628 UserName: upstairs
16:13:30.0745 3628 Windows directory: C:\Windows
16:13:30.0745 3628 System windows directory: C:\Windows
16:13:30.0745 3628 Running under WOW64
16:13:30.0745 3628 Processor architecture: Intel x64
16:13:30.0745 3628 Number of processors: 2
16:13:30.0745 3628 Page size: 0x1000
16:13:30.0745 3628 Boot type: Normal boot
16:13:30.0745 3628 ============================================================
16:13:32.0559 3628 Drive \Device\Harddisk0\DR0 - Size: 0x262AD77E00 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:32.0672 3628 ============================================================
16:13:32.0673 3628 \Device\Harddisk0\DR0:
16:13:32.0673 3628 MBR partitions:
16:13:32.0673 3628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1314FF99
16:13:32.0673 3628 ============================================================
16:13:32.0717 3628 C: <-> \Device\Harddisk0\DR0\Partition0
16:13:32.0717 3628 ============================================================
16:13:32.0717 3628 Initialize success
16:13:32.0717 3628 ============================================================
16:14:01.0742 0204 ============================================================
16:14:01.0742 0204 Scan started
16:14:01.0742 0204 Mode: Manual;
16:14:01.0742 0204 ============================================================
16:14:02.0211 0204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:14:02.0226 0204 1394ohci - ok
16:14:02.0283 0204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:14:02.0295 0204 ACPI - ok
16:14:02.0326 0204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:14:02.0327 0204 AcpiPmi - ok
16:14:02.0432 0204 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:14:02.0433 0204 AdobeARMservice - ok
16:14:02.0494 0204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:14:02.0515 0204 adp94xx - ok
16:14:02.0560 0204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:14:02.0574 0204 adpahci - ok
16:14:02.0592 0204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:14:02.0599 0204 adpu320 - ok
16:14:02.0630 0204 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:14:02.0637 0204 AeLookupSvc - ok
16:14:02.0708 0204 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:14:02.0728 0204 AFD - ok
16:14:02.0777 0204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:14:02.0785 0204 agp440 - ok
16:14:02.0820 0204 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:14:02.0827 0204 ALG - ok
16:14:02.0869 0204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:14:02.0870 0204 aliide - ok
16:14:02.0883 0204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:14:02.0884 0204 amdide - ok
16:14:02.0925 0204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:14:02.0933 0204 AmdK8 - ok
16:14:02.0954 0204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:14:02.0961 0204 AmdPPM - ok
16:14:02.0993 0204 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:14:02.0998 0204 amdsata - ok
16:14:03.0033 0204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:14:03.0049 0204 amdsbs - ok
16:14:03.0078 0204 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:14:03.0086 0204 amdxata - ok
16:14:03.0131 0204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:14:03.0138 0204 AppID - ok
16:14:03.0156 0204 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:14:03.0164 0204 AppIDSvc - ok
16:14:03.0210 0204 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:14:03.0218 0204 Appinfo - ok
16:14:03.0328 0204 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:14:03.0329 0204 Apple Mobile Device - ok
16:14:03.0382 0204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:14:03.0390 0204 arc - ok
16:14:03.0410 0204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:14:03.0418 0204 arcsas - ok
16:14:03.0551 0204 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:14:03.0559 0204 aspnet_state - ok
16:14:03.0585 0204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:03.0593 0204 AsyncMac - ok
16:14:03.0632 0204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:14:03.0632 0204 atapi - ok
16:14:03.0707 0204 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:03.0742 0204 AudioEndpointBuilder - ok
16:14:03.0752 0204 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:03.0757 0204 AudioSrv - ok
16:14:03.0825 0204 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:14:03.0832 0204 AxInstSV - ok
16:14:03.0872 0204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:14:03.0892 0204 b06bdrv - ok
16:14:03.0929 0204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:14:03.0943 0204 b57nd60a - ok
16:14:03.0969 0204 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:14:03.0976 0204 BDESVC - ok
16:14:04.0005 0204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:14:04.0007 0204 Beep - ok
16:14:04.0085 0204 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:14:04.0111 0204 BFE - ok
16:14:04.0185 0204 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:14:04.0216 0204 BITS - ok
16:14:04.0325 0204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:14:04.0333 0204 blbdrive - ok
16:14:04.0409 0204 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:14:04.0430 0204 Bonjour Service - ok
16:14:04.0496 0204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:14:04.0503 0204 bowser - ok
16:14:04.0522 0204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:14:04.0523 0204 BrFiltLo - ok
16:14:04.0528 0204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:14:04.0529 0204 BrFiltUp - ok
16:14:04.0562 0204 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:14:04.0564 0204 BridgeMP - ok
16:14:04.0598 0204 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:14:04.0605 0204 Browser - ok
16:14:04.0630 0204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:14:04.0645 0204 Brserid - ok
16:14:04.0651 0204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:14:04.0653 0204 BrSerWdm - ok
16:14:04.0659 0204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:14:04.0660 0204 BrUsbMdm - ok
16:14:04.0666 0204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:14:04.0668 0204 BrUsbSer - ok
16:14:04.0676 0204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:14:04.0679 0204 BTHMODEM - ok
16:14:04.0704 0204 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:14:04.0711 0204 bthserv - ok
16:14:04.0740 0204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:14:04.0747 0204 cdfs - ok
16:14:04.0802 0204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:14:04.0809 0204 cdrom - ok
16:14:04.0855 0204 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:04.0862 0204 CertPropSvc - ok
16:14:04.0883 0204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:14:04.0890 0204 circlass - ok
16:14:04.0925 0204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:14:04.0938 0204 CLFS - ok
16:14:04.0992 0204 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:05.0000 0204 clr_optimization_v2.0.50727_32 - ok
16:14:05.0048 0204 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:14:05.0056 0204 clr_optimization_v2.0.50727_64 - ok
16:14:05.0169 0204 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:05.0176 0204 clr_optimization_v4.0.30319_32 - ok
16:14:05.0222 0204 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:14:05.0238 0204 clr_optimization_v4.0.30319_64 - ok
16:14:05.0270 0204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:14:05.0272 0204 CmBatt - ok
16:14:05.0302 0204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:14:05.0303 0204 cmdide - ok
16:14:05.0352 0204 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
16:14:05.0372 0204 CNG - ok
16:14:05.0390 0204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:14:05.0398 0204 Compbatt - ok
16:14:05.0438 0204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:14:05.0446 0204 CompositeBus - ok
16:14:05.0461 0204 COMSysApp - ok
16:14:05.0482 0204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:14:05.0490 0204 crcdisk - ok
16:14:05.0532 0204 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:14:05.0540 0204 CryptSvc - ok
16:14:05.0600 0204 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:05.0619 0204 DcomLaunch - ok
16:14:05.0660 0204 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:14:05.0675 0204 defragsvc - ok
16:14:05.0712 0204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:14:05.0720 0204 DfsC - ok
16:14:05.0750 0204 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:14:05.0763 0204 Dhcp - ok
16:14:05.0780 0204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:14:05.0788 0204 discache - ok
16:14:05.0828 0204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:14:05.0836 0204 Disk - ok
16:14:05.0880 0204 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:14:05.0894 0204 Dnscache - ok
16:14:05.0937 0204 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:14:05.0951 0204 dot3svc - ok
16:14:05.0990 0204 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:14:06.0005 0204 DPS - ok
16:14:06.0039 0204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:14:06.0041 0204 drmkaud - ok
16:14:06.0090 0204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:14:06.0123 0204 DXGKrnl - ok
16:14:06.0153 0204 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:14:06.0159 0204 EapHost - ok
16:14:06.0318 0204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:14:06.0410 0204 ebdrv - ok
16:14:06.0510 0204 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:14:06.0518 0204 EFS - ok
16:14:06.0574 0204 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:14:06.0601 0204 ehRecvr - ok
16:14:06.0630 0204 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:14:06.0637 0204 ehSched - ok
16:14:06.0703 0204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:14:06.0722 0204 elxstor - ok
16:14:06.0754 0204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:14:06.0755 0204 ErrDev - ok
16:14:06.0849 0204 esgiguard - ok
16:14:06.0897 0204 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:14:06.0910 0204 EventSystem - ok
16:14:06.0936 0204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:14:06.0952 0204 exfat - ok
16:14:06.0970 0204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:14:06.0984 0204 fastfat - ok
16:14:07.0053 0204 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:14:07.0079 0204 Fax - ok
16:14:07.0099 0204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:14:07.0107 0204 fdc - ok
16:14:07.0122 0204 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:14:07.0123 0204 fdPHost - ok
16:14:07.0138 0204 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:14:07.0146 0204 FDResPub - ok
16:14:07.0157 0204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:14:07.0165 0204 FileInfo - ok
16:14:07.0177 0204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:14:07.0185 0204 Filetrace - ok
16:14:07.0204 0204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:14:07.0205 0204 flpydisk - ok
16:14:07.0235 0204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:14:07.0250 0204 FltMgr - ok
16:14:07.0326 0204 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:14:07.0357 0204 FontCache - ok
16:14:07.0441 0204 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:14:07.0449 0204 FontCache3.0.0.0 - ok
16:14:07.0560 0204 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
16:14:07.0579 0204 ForceWare Intelligent Application Manager (IAM) - ok
16:14:07.0686 0204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:14:07.0694 0204 FsDepends - ok
16:14:07.0731 0204 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:14:07.0739 0204 Fs_Rec - ok
16:14:07.0799 0204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:14:07.0814 0204 fvevol - ok
16:14:07.0841 0204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:14:07.0849 0204 gagp30kx - ok
16:14:07.0872 0204 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:14:07.0880 0204 GEARAspiWDM - ok
16:14:07.0947 0204 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:14:07.0989 0204 gpsvc - ok
16:14:08.0066 0204 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:14:08.0074 0204 gusvc - ok
16:14:08.0132 0204 hcmon (b93b24f258441820e575c7983ba47313) C:\Windows\system32\drivers\hcmon.sys
16:14:08.0139 0204 hcmon - ok
16:14:08.0158 0204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:14:08.0166 0204 hcw85cir - ok
16:14:08.0230 0204 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:14:08.0245 0204 HdAudAddService - ok
16:14:08.0270 0204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:14:08.0277 0204 HDAudBus - ok
16:14:08.0296 0204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:14:08.0304 0204 HidBatt - ok
16:14:08.0312 0204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:14:08.0324 0204 HidBth - ok
16:14:08.0330 0204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:14:08.0332 0204 HidIr - ok
16:14:08.0358 0204 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:14:08.0366 0204 hidserv - ok
16:14:08.0390 0204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:14:08.0398 0204 HidUsb - ok
16:14:08.0432 0204 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:14:08.0440 0204 hkmsvc - ok
16:14:08.0487 0204 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:14:08.0502 0204 HomeGroupListener - ok
16:14:08.0555 0204 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:14:08.0570 0204 HomeGroupProvider - ok
16:14:08.0602 0204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:14:08.0609 0204 HpSAMD - ok
16:14:08.0680 0204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:14:08.0715 0204 HTTP - ok
16:14:08.0746 0204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:14:08.0747 0204 hwpolicy - ok
16:14:08.0814 0204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:14:08.0822 0204 i8042prt - ok
16:14:08.0855 0204 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:14:08.0867 0204 iaStorV - ok
16:14:08.0973 0204 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:14:08.0999 0204 idsvc - ok
16:14:09.0035 0204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:14:09.0042 0204 iirsp - ok
16:14:09.0089 0204 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:14:09.0115 0204 IKEEXT - ok
16:14:09.0152 0204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:14:09.0153 0204 intelide - ok
16:14:09.0178 0204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:14:09.0185 0204 intelppm - ok
16:14:09.0210 0204 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:14:09.0218 0204 IPBusEnum - ok
16:14:09.0257 0204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:14:09.0265 0204 IpFilterDriver - ok
16:14:09.0310 0204 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:14:09.0330 0204 iphlpsvc - ok
16:14:09.0369 0204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:14:09.0376 0204 IPMIDRV - ok
16:14:09.0401 0204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:14:09.0408 0204 IPNAT - ok
16:14:09.0499 0204 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
16:14:09.0527 0204 iPod Service - ok
16:14:09.0555 0204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:14:09.0557 0204 IRENUM - ok
16:14:09.0594 0204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:14:09.0603 0204 isapnp - ok
16:14:09.0627 0204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:14:09.0641 0204 iScsiPrt - ok
16:14:09.0663 0204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:14:09.0671 0204 kbdclass - ok
16:14:09.0684 0204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:14:09.0692 0204 kbdhid - ok
16:14:09.0726 0204 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:09.0728 0204 KeyIso - ok
16:14:09.0764 0204 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
16:14:09.0771 0204 KSecDD - ok
16:14:09.0813 0204 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
16:14:09.0819 0204 KSecPkg - ok
16:14:09.0835 0204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:14:09.0843 0204 ksthunk - ok
16:14:09.0882 0204 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:14:09.0895 0204 KtmRm - ok
16:14:09.0958 0204 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:14:09.0973 0204 LanmanServer - ok
16:14:10.0012 0204 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:14:10.0019 0204 LanmanWorkstation - ok
16:14:10.0050 0204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:14:10.0058 0204 lltdio - ok
16:14:10.0098 0204 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:14:10.0114 0204 lltdsvc - ok
16:14:10.0136 0204 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:14:10.0143 0204 lmhosts - ok
16:14:10.0333 0204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:14:10.0383 0204 LSI_FC - ok
16:14:10.0462 0204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:14:10.0470 0204 LSI_SAS - ok
16:14:10.0486 0204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:14:10.0493 0204 LSI_SAS2 - ok
16:14:10.0511 0204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:14:10.0518 0204 LSI_SCSI - ok
16:14:10.0546 0204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:14:10.0553 0204 luafv - ok
16:14:10.0590 0204 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:14:10.0598 0204 Mcx2Svc - ok
16:14:10.0611 0204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:14:10.0619 0204 megasas - ok
16:14:10.0641 0204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:14:10.0654 0204 MegaSR - ok
16:14:10.0715 0204 Microsoft SharePoint Workspace Audit Service - ok
16:14:10.0765 0204 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:10.0773 0204 MMCSS - ok
16:14:10.0788 0204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:14:10.0797 0204 Modem - ok
16:14:10.0812 0204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:14:10.0813 0204 monitor - ok
16:14:10.0870 0204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:14:10.0878 0204 mouclass - ok
16:14:10.0893 0204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:14:10.0895 0204 mouhid - ok
16:14:10.0921 0204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:14:10.0923 0204 mountmgr - ok
16:14:10.0986 0204 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:14:11.0002 0204 MpFilter - ok
16:14:11.0039 0204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:14:11.0046 0204 mpio - ok
16:14:11.0070 0204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:14:11.0077 0204 mpsdrv - ok
16:14:11.0258 0204 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:14:11.0283 0204 MpsSvc - ok
16:14:11.0314 0204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:14:11.0321 0204 MRxDAV - ok
16:14:11.0363 0204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:14:11.0370 0204 mrxsmb - ok
16:14:11.0390 0204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:14:11.0405 0204 mrxsmb10 - ok
16:14:11.0423 0204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:14:11.0430 0204 mrxsmb20 - ok
16:14:11.0460 0204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:14:11.0468 0204 msahci - ok
16:14:11.0535 0204 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
16:14:11.0551 0204 MSCamSvc - ok
16:14:11.0586 0204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:14:11.0593 0204 msdsm - ok
16:14:11.0628 0204 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:14:11.0635 0204 MSDTC - ok
16:14:11.0670 0204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:14:11.0678 0204 Msfs - ok
16:14:11.0690 0204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:14:11.0691 0204 mshidkmdf - ok
16:14:11.0722 0204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:14:11.0724 0204 msisadrv - ok
16:14:11.0762 0204 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:14:11.0777 0204 MSiSCSI - ok
16:14:11.0781 0204 msiserver - ok
16:14:11.0810 0204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:14:11.0811 0204 MSKSSRV - ok
16:14:11.0874 0204 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:14:11.0875 0204 MsMpSvc - ok
16:14:11.0897 0204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:14:11.0898 0204 MSPCLOCK - ok
16:14:11.0910 0204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:14:11.0911 0204 MSPQM - ok
16:14:11.0954 0204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:14:11.0968 0204 MsRPC - ok
16:14:11.0984 0204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:14:11.0985 0204 mssmbios - ok
16:14:12.0023 0204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:14:12.0025 0204 MSTEE - ok
16:14:12.0041 0204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:14:12.0042 0204 MTConfig - ok
16:14:12.0068 0204 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
16:14:12.0070 0204 MTsensor - ok
16:14:12.0091 0204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:14:12.0098 0204 Mup - ok
16:14:12.0151 0204 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:14:12.0172 0204 napagent - ok
16:14:12.0227 0204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:14:12.0240 0204 NativeWifiP - ok
16:14:12.0318 0204 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:14:12.0342 0204 NDIS - ok
16:14:12.0368 0204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:14:12.0376 0204 NdisCap - ok
16:14:12.0398 0204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:14:12.0406 0204 NdisTapi - ok
16:14:12.0447 0204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:14:12.0455 0204 Ndisuio - ok
16:14:12.0489 0204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:14:12.0496 0204 NdisWan - ok
16:14:12.0532 0204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:14:12.0539 0204 NDProxy - ok
16:14:12.0552 0204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:14:12.0560 0204 NetBIOS - ok
16:14:12.0602 0204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:14:12.0616 0204 NetBT - ok
16:14:12.0651 0204 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:12.0653 0204 Netlogon - ok
16:14:12.0689 0204 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:14:12.0702 0204 Netman - ok
16:14:12.0822 0204 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:14:12.0829 0204 NetMsmqActivator - ok
16:14:12.0844 0204 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:14:12.0845 0204 NetPipeActivator - ok
16:14:12.0881 0204 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:14:12.0901 0204 netprofm - ok
16:14:12.0906 0204 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:14:12.0908 0204 NetTcpActivator - ok
16:14:12.0913 0204 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:14:12.0916 0204 NetTcpPortSharing - ok
16:14:12.0977 0204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:14:12.0985 0204 nfrd960 - ok
16:14:13.0028 0204 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:14:13.0035 0204 NisDrv - ok
16:14:13.0115 0204 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:14:13.0131 0204 NisSrv - ok
16:14:13.0200 0204 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:14:13.0213 0204 NlaSvc - ok
16:14:13.0234 0204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:14:13.0242 0204 Npfs - ok
16:14:13.0268 0204 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:14:13.0275 0204 nsi - ok
16:14:13.0283 0204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:14:13.0290 0204 nsiproxy - ok
16:14:13.0350 0204 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
16:14:13.0364 0204 nSvcIp - ok
16:14:13.0454 0204 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:14:13.0496 0204 Ntfs - ok
16:14:13.0589 0204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:14:13.0590 0204 Null - ok
16:14:13.0635 0204 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
16:14:13.0649 0204 NVENETFD - ok
16:14:14.0156 0204 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:14:14.0492 0204 nvlddmkm - ok
16:14:14.0589 0204 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
16:14:14.0602 0204 NVNET - ok
16:14:14.0653 0204 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:14:14.0661 0204 nvraid - ok
16:14:14.0690 0204 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:14:14.0697 0204 nvstor - ok
16:14:14.0730 0204 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
16:14:14.0732 0204 nvstor64 - ok
16:14:14.0797 0204 nvsvc (a6b2c89d0c083f903415d40a5170a719) C:\Windows\system32\nvvsvc.exe
16:14:14.0810 0204 nvsvc - ok
16:14:14.0847 0204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:14:14.0854 0204 nv_agp - ok
16:14:14.0863 0204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:14:14.0871 0204 ohci1394 - ok
16:14:14.0947 0204 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:14:14.0949 0204 ose - ok
16:14:15.0188 0204 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:14:15.0306 0204 osppsvc - ok
16:14:15.0389 0204 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:15.0401 0204 p2pimsvc - ok
16:14:15.0465 0204 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:14:15.0487 0204 p2psvc - ok
16:14:15.0540 0204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:14:15.0547 0204 Parport - ok
16:14:15.0578 0204 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:14:15.0587 0204 partmgr - ok
16:14:15.0606 0204 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:14:15.0621 0204 PcaSvc - ok
16:14:15.0667 0204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:14:15.0682 0204 pci - ok
16:14:15.0696 0204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:14:15.0698 0204 pciide - ok
16:14:15.0721 0204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:14:15.0735 0204 pcmcia - ok
16:14:15.0748 0204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:14:15.0756 0204 pcw - ok
16:14:15.0787 0204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:14:15.0807 0204 PEAUTH - ok
16:14:15.0867 0204 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:14:15.0869 0204 PerfHost - ok
16:14:15.0956 0204 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:14:16.0001 0204 pla - ok
16:14:16.0055 0204 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:14:16.0076 0204 PlugPlay - ok
16:14:16.0099 0204 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:14:16.0107 0204 PNRPAutoReg - ok
16:14:16.0132 0204 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:16.0137 0204 PNRPsvc - ok
16:14:16.0188 0204 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:14:16.0217 0204 PolicyAgent - ok
16:14:16.0250 0204 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:14:16.0254 0204 Power - ok
16:14:16.0318 0204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:14:16.0325 0204 PptpMiniport - ok
16:14:16.0350 0204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:14:16.0358 0204 Processor - ok
16:14:16.0411 0204 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:14:16.0427 0204 ProfSvc - ok
16:14:16.0468 0204 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:16.0470 0204 ProtectedStorage - ok
16:14:16.0518 0204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:14:16.0524 0204 Psched - ok
16:14:16.0600 0204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:14:16.0659 0204 ql2300 - ok
16:14:16.0766 0204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:14:16.0772 0204 ql40xx - ok
16:14:16.0800 0204 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:14:16.0815 0204 QWAVE - ok
16:14:16.0838 0204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:14:16.0846 0204 QWAVEdrv - ok
16:14:16.0890 0204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:14:16.0892 0204 RasAcd - ok
16:14:16.0928 0204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:14:16.0936 0204 RasAgileVpn - ok
16:14:16.0953 0204 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:14:16.0960 0204 RasAuto - ok
16:14:16.0998 0204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:17.0005 0204 Rasl2tp - ok
16:14:17.0046 0204 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:14:17.0059 0204 RasMan - ok
16:14:17.0073 0204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:17.0081 0204 RasPppoe - ok
16:14:17.0113 0204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:14:17.0121 0204 RasSstp - ok
16:14:17.0161 0204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:14:17.0174 0204 rdbss - ok
16:14:17.0189 0204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:14:17.0197 0204 rdpbus - ok
16:14:17.0210 0204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:17.0211 0204 RDPCDD - ok
16:14:17.0230 0204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:14:17.0232 0204 RDPENCDD - ok
16:14:17.0248 0204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:14:17.0249 0204 RDPREFMP - ok
16:14:17.0283 0204 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:14:17.0299 0204 RDPWD - ok
16:14:17.0358 0204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:14:17.0372 0204 rdyboost - ok
16:14:17.0394 0204 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:14:17.0401 0204 RemoteAccess - ok
16:14:17.0438 0204 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:14:17.0479 0204 RemoteRegistry - ok
16:14:17.0504 0204 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:14:17.0512 0204 RpcEptMapper - ok
16:14:17.0530 0204 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:14:17.0532 0204 RpcLocator - ok
16:14:17.0583 0204 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:17.0589 0204 RpcSs - ok
16:14:17.0604 0204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:14:17.0612 0204 rspndr - ok
16:14:17.0643 0204 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:17.0644 0204 SamSs - ok
16:14:17.0685 0204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:14:17.0693 0204 sbp2port - ok
16:14:17.0718 0204 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:14:17.0734 0204 SCardSvr - ok
16:14:17.0763 0204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:14:17.0771 0204 scfilter - ok
16:14:17.0839 0204 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:14:17.0863 0204 Schedule - ok
16:14:17.0904 0204 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:17.0905 0204 SCPolicySvc - ok
16:14:17.0947 0204 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:14:17.0962 0204 SDRSVC - ok
16:14:18.0023 0204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:14:18.0031 0204 secdrv - ok
16:14:18.0066 0204 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:14:18.0074 0204 seclogon - ok
16:14:18.0100 0204 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:14:18.0108 0204 SENS - ok
16:14:18.0133 0204 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:14:18.0141 0204 SensrSvc - ok
16:14:18.0166 0204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:14:18.0174 0204 Serenum - ok
16:14:18.0197 0204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:14:18.0205 0204 Serial - ok
16:14:18.0248 0204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:14:18.0256 0204 sermouse - ok
16:14:18.0311 0204 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:14:18.0319 0204 SessionEnv - ok
16:14:18.0353 0204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:14:18.0355 0204 sffdisk - ok
16:14:18.0367 0204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:14:18.0368 0204 sffp_mmc - ok
16:14:18.0382 0204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:14:18.0384 0204 sffp_sd - ok
16:14:18.0399 0204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:14:18.0400 0204 sfloppy - ok
16:14:18.0451 0204 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:14:18.0464 0204 SharedAccess - ok
16:14:18.0514 0204 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:14:18.0525 0204 ShellHWDetection - ok
16:14:18.0551 0204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:14:18.0559 0204 SiSRaid2 - ok
16:14:18.0572 0204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:14:18.0579 0204 SiSRaid4 - ok
16:14:18.0638 0204 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:14:18.0646 0204 SkypeUpdate - ok
16:14:18.0673 0204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:14:18.0681 0204 Smb - ok
16:14:18.0722 0204 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:14:18.0725 0204 SNMPTRAP - ok
16:14:18.0737 0204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:14:18.0739 0204 spldr - ok
16:14:18.0798 0204 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:14:18.0817 0204 Spooler - ok
16:14:18.0970 0204 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:14:19.0063 0204 sppsvc - ok
16:14:19.0136 0204 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:14:19.0144 0204 sppuinotify - ok
16:14:19.0208 0204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:14:19.0230 0204 srv - ok
16:14:19.0259 0204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:14:19.0271 0204 srv2 - ok
16:14:19.0286 0204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:14:19.0294 0204 srvnet - ok
16:14:19.0325 0204 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:14:19.0337 0204 SSDPSRV - ok
16:14:19.0353 0204 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:14:19.0361 0204 SstpSvc - ok
16:14:19.0444 0204 Stereo Service (55141dbd546f86517d2381522ba0d1f1) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:14:19.0456 0204 Stereo Service - ok
16:14:19.0482 0204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:14:19.0490 0204 stexstor - ok
16:14:19.0565 0204 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:14:19.0585 0204 stisvc - ok
16:14:19.0617 0204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:14:19.0619 0204 swenum - ok
16:14:19.0650 0204 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:14:19.0671 0204 swprv - ok
16:14:19.0764 0204 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:14:19.0815 0204 SysMain - ok
16:14:19.0913 0204 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:14:19.0920 0204 TabletInputService - ok
16:14:19.0943 0204 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:14:19.0956 0204 TapiSrv - ok
16:14:19.0982 0204 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:14:19.0985 0204 TBS - ok
16:14:20.0107 0204 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:14:20.0142 0204 Tcpip - ok
16:14:20.0274 0204 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:14:20.0288 0204 TCPIP6 - ok
16:14:20.0371 0204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:14:20.0380 0204 tcpipreg - ok
16:14:20.0420 0204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:14:20.0421 0204 TDPIPE - ok
16:14:20.0453 0204 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:14:20.0461 0204 TDTCP - ok
16:14:20.0514 0204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:14:20.0520 0204 tdx - ok
16:14:20.0558 0204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:14:20.0565 0204 TermDD - ok
16:14:20.0621 0204 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:14:20.0635 0204 TermService - ok
16:14:20.0660 0204 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:14:20.0668 0204 Themes - ok
16:14:20.0698 0204 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:20.0700 0204 THREADORDER - ok
16:14:20.0719 0204 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:14:20.0726 0204 TrkWks - ok
16:14:20.0786 0204 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:14:20.0802 0204 TrustedInstaller - ok
16:14:20.0836 0204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:20.0844 0204 tssecsrv - ok
16:14:20.0898 0204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:14:20.0906 0204 TsUsbFlt - ok
16:14:20.0952 0204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:14:20.0959 0204 tunnel - ok
16:14:20.0983 0204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:14:20.0991 0204 uagp35 - ok
16:14:21.0037 0204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:14:21.0051 0204 udfs - ok
16:14:21.0138 0204 ufad-ws60 (3f2d08b07cf67cb37e669a93e59a508c) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
16:14:21.0160 0204 ufad-ws60 - ok
16:14:21.0219 0204 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:14:21.0226 0204 UI0Detect - ok
16:14:21.0260 0204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:14:21.0268 0204 uliagpkx - ok
16:14:21.0319 0204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:14:21.0333 0204 umbus - ok
16:14:21.0357 0204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:14:21.0357 0204 UmPass - ok
16:14:21.0393 0204 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:14:21.0407 0204 upnphost - ok
16:14:21.0445 0204 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:14:21.0452 0204 USBAAPL64 - ok
16:14:21.0474 0204 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:14:21.0481 0204 usbaudio - ok
16:14:21.0493 0204 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:21.0501 0204 usbccgp - ok
16:14:21.0533 0204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:14:21.0541 0204 usbcir - ok
16:14:21.0557 0204 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:14:21.0565 0204 usbehci - ok
16:14:21.0585 0204 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:14:21.0600 0204 usbhub - ok
16:14:21.0610 0204 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:14:21.0618 0204 usbohci - ok
16:14:21.0651 0204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:14:21.0659 0204 usbprint - ok
16:14:21.0675 0204 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:21.0694 0204 USBSTOR - ok
16:14:21.0715 0204 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:14:21.0723 0204 usbuhci - ok
16:14:21.0743 0204 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:14:21.0751 0204 UxSms - ok
16:14:21.0784 0204 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:21.0786 0204 VaultSvc - ok
16:14:21.0834 0204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:14:21.0842 0204 vdrvroot - ok
16:14:21.0891 0204 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:14:21.0910 0204 vds - ok
16:14:21.0932 0204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:21.0940 0204 vga - ok
16:14:21.0954 0204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:14:21.0963 0204 VgaSave - ok
16:14:21.0986 0204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:14:22.0001 0204 vhdmp - ok
16:14:22.0033 0204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:14:22.0034 0204 viaide - ok
16:14:22.0122 0204 VMAuthdService (9af896b739e3f34b9cd56eafa84abe60) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:14:22.0129 0204 VMAuthdService - ok
16:14:22.0161 0204 vmci (cc711ed4f3d1987e84745237358ff87c) C:\Windows\system32\drivers\vmci.sys
16:14:22.0168 0204 vmci - ok
16:14:22.0183 0204 vmkbd (98e05ba0c49aa98aa0fd998ebc33d763) C:\Windows\system32\drivers\VMkbd.sys
16:14:22.0191 0204 vmkbd - ok
16:14:22.0212 0204 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:14:22.0214 0204 VMnetAdapter - ok
16:14:22.0236 0204 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:14:22.0244 0204 VMnetBridge - ok
16:14:22.0261 0204 VMnetDHCP - ok
16:14:22.0289 0204 VMnetuserif (3a9ad1d1fcf673b1b7f27140e45aeffd) C:\Windows\system32\drivers\vmnetuserif.sys
16:14:22.0297 0204 VMnetuserif - ok
16:14:22.0311 0204 VMparport (243f106a48c3af953cf2a78dc01a02b8) C:\Windows\system32\drivers\VMparport.sys
16:14:22.0312 0204 VMparport - ok
16:14:22.0353 0204 VMUSBArbService (f38f5e1d9dec6cd1955a91ab141a88fb) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
16:14:22.0380 0204 VMUSBArbService - ok
16:14:22.0389 0204 VMware NAT Service - ok
16:14:22.0424 0204 vmx86 (884737c95b3e1281525d7bc6e9e9d11f) C:\Windows\system32\drivers\vmx86.sys
16:14:22.0432 0204 vmx86 - ok
16:14:22.0467 0204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:14:22.0475 0204 volmgr - ok
16:14:22.0523 0204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:14:22.0536 0204 volmgrx - ok
16:14:22.0555 0204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:14:22.0569 0204 volsnap - ok
16:14:22.0605 0204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:14:22.0612 0204 vsmraid - ok
16:14:22.0695 0204 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:14:22.0746 0204 VSS - ok
16:14:22.0829 0204 vstor2-ws60 (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
16:14:22.0831 0204 vstor2-ws60 - ok
16:14:22.0920 0204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:14:22.0928 0204 vwifibus - ok
16:14:23.0027 0204 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
16:14:23.0084 0204 VX3000 - ok
16:14:23.0166 0204 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:14:23.0189 0204 W32Time - ok
16:14:23.0218 0204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:14:23.0226 0204 WacomPen - ok
16:14:23.0276 0204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:23.0284 0204 WANARP - ok
16:14:23.0298 0204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:23.0299 0204 Wanarpv6 - ok
16:14:23.0399 0204 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:14:23.0451 0204 WatAdminSvc - ok
16:14:23.0528 0204 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:14:23.0571 0204 wbengine - ok
16:14:23.0628 0204 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:14:23.0642 0204 WbioSrvc - ok
16:14:23.0682 0204 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:14:23.0696 0204 wcncsvc - ok
16:14:23.0714 0204 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:14:23.0722 0204 WcsPlugInService - ok
16:14:23.0765 0204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:14:23.0774 0204 Wd - ok
16:14:23.0813 0204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:14:23.0831 0204 Wdf01000 - ok
16:14:23.0849 0204 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:23.0858 0204 WdiServiceHost - ok
16:14:23.0862 0204 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:23.0866 0204 WdiSystemHost - ok
16:14:23.0904 0204 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:14:23.0918 0204 WebClient - ok
16:14:23.0938 0204 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:14:23.0953 0204 Wecsvc - ok
16:14:23.0970 0204 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:14:23.0977 0204 wercplsupport - ok
16:14:24.0005 0204 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:14:24.0013 0204 WerSvc - ok
16:14:24.0052 0204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:24.0053 0204 WfpLwf - ok
16:14:24.0072 0204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:14:24.0080 0204 WIMMount - ok
16:14:24.0122 0204 WinDefend - ok
16:14:24.0136 0204 WinHttpAutoProxySvc - ok
16:14:24.0210 0204 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:14:24.0225 0204 Winmgmt - ok
16:14:24.0332 0204 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:14:24.0389 0204 WinRM - ok
16:14:24.0515 0204 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:14:24.0523 0204 WinUsb - ok
16:14:24.0580 0204 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:14:24.0613 0204 Wlansvc - ok
16:14:24.0781 0204 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:24.0811 0204 wlidsvc - ok
16:14:24.0901 0204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:14:24.0903 0204 WmiAcpi - ok
16:14:24.0959 0204 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:14:24.0974 0204 wmiApSrv - ok
16:14:25.0010 0204 WMPNetworkSvc - ok
16:14:25.0024 0204 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:14:25.0027 0204 WPCSvc - ok
16:14:25.0070 0204 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:14:25.0077 0204 WPDBusEnum - ok
16:14:25.0105 0204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:14:25.0113 0204 ws2ifsl - ok
16:14:25.0123 0204 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:14:25.0131 0204 wscsvc - ok
16:14:25.0135 0204 WSearch - ok
16:14:25.0262 0204 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:14:25.0331 0204 wuauserv - ok
16:14:25.0442 0204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:14:25.0449 0204 WudfPf - ok
16:14:25.0481 0204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:25.0496 0204 WUDFRd - ok
16:14:25.0537 0204 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:14:25.0553 0204 wudfsvc - ok
16:14:25.0584 0204 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:14:25.0599 0204 WwanSvc - ok
16:14:25.0730 0204 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:14:25.0740 0204 YahooAUService - ok
16:14:25.0774 0204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:14:25.0925 0204 \Device\Harddisk0\DR0 - ok
16:14:25.0929 0204 Boot (0x1200) (7b3ad04198daf9f07d4d27ab0e46200c) \Device\Harddisk0\DR0\Partition0
16:14:25.0931 0204 \Device\Harddisk0\DR0\Partition0 - ok
16:14:25.0933 0204 ============================================================
16:14:25.0933 0204 Scan finished
16:14:25.0933 0204 ============================================================
16:14:25.0950 4468 Detected object count: 0
16:14:25.0950 4468 Actual detected object count: 0
16:15:43.0376 0736 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 16:17:44
-----------------------------
16:17:44.846 OS Version: Windows x64 6.1.7601 Service Pack 1
16:17:44.847 Number of processors: 2 586 0x4303
16:17:44.848 ComputerName: UPSTAIRS-PC UserName: upstairs
16:17:45.757 Initialize success
16:18:59.902 AVAST engine defs: 12080401
16:19:24.942 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
16:19:24.944 Disk 0 Vendor: Maxtor_6 YAR5 Size: 156333MB BusType: 3
16:19:24.950 Disk 0 MBR read successfully
16:19:24.953 Disk 0 MBR scan
16:19:24.966 Disk 0 Windows 7 default MBR code
16:19:24.970 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 156319 MB offset 63
16:19:25.096 Disk 0 scanning C:\Windows\system32\drivers
16:19:39.847 Service scanning
16:20:17.816 Modules scanning
16:20:17.824 Disk 0 trace - called modules:
16:20:17.838 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
16:20:17.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80029e8060]
16:20:17.848 3 CLASSPNP.SYS[fffff88001b5943f] -> nt!IofCallDriver -> [0xfffffa800229cb00]
16:20:18.186 5 ACPI.sys[fffff88000efe7a1] -> nt!IofCallDriver -> \Device\00000061[0xfffffa80022a5490]
16:20:18.703 AVAST engine scan C:\Windows
16:20:23.728 AVAST engine scan C:\Windows\system32
16:26:36.574 AVAST engine scan C:\Windows\system32\drivers
16:26:54.442 AVAST engine scan C:\Users\upstairs
16:36:27.336 AVAST engine scan C:\ProgramData
16:37:33.737 Scan finished successfully
17:33:52.015 Disk 0 MBR has been saved successfully to "C:\Users\upstairs\Desktop\MBR.dat"
17:33:52.022 The log file has been saved successfully to "C:\Users\upstairs\Desktop\aswMBR.txt"



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 AM

Posted 04 August 2012 - 07:07 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 stewartsd

stewartsd
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 05 August 2012 - 06:53 AM

OTL Extras logfile created on: 8/5/2012 6:35:34 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\upstairs\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.06% Memory free
4.00 Gb Paging File | 2.07 Gb Available in Paging File | 51.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 152.66 Gb Total Space | 66.36 Gb Free Space | 43.47% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRS-PC | User Name: upstairs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AB2081F-4AEF-4547-A2EC-9BCBF0E393B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D863DD8-80E8-4E8B-BB50-108B5D0CAEF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29E3D29E-37A3-4D29-9F39-73E9E83DD794}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E3CD84-4A59-4B97-9417-1EAADDA4D778}" = lport=445 | protocol=6 | dir=in | app=system |
"{57959D07-6861-4332-8888-4E3B19EE4533}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C63248A-1FD3-4EA8-8086-B77828E8E521}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8547490A-9667-45D0-8E9D-CF3AA3309906}" = rport=137 | protocol=17 | dir=out | app=system |
"{A9EC51FC-D851-4FFC-8EAF-1F03591D63BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF5B6B9A-C560-444D-8377-358579CF32A9}" = lport=137 | protocol=17 | dir=in | app=system |
"{B2B9037D-CD05-4F7F-9A27-26741F85FFD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3E1DF8D-C677-4E5F-BDFE-340028BB502A}" = rport=445 | protocol=6 | dir=out | app=system |
"{B817F2E0-BB73-471E-B2E0-15C2C6ED62C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9CAB605-DE06-4896-A3A1-A9744FD08A84}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C02A4016-DB9E-43AF-93A9-1FFB243F0E6B}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2CB5784-BD9D-4542-A68B-1D4A85876E10}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D49D59C5-3F35-4EA0-BDC9-51FAB14C5341}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D781C179-39A1-4706-95F3-75726E7B12B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3859F0B-5912-4D67-9230-6144A47D5BE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E59AAD0F-A5FB-464F-8172-35C1BB99F47A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB5DEA95-49E6-40CC-84E9-B366B4D2ACC8}" = rport=139 | protocol=6 | dir=out | app=system |
"{EDC65B70-FCF1-4126-B4A2-781DFA0F93A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{EEB24C06-3FC2-44A7-9D99-277E588025C6}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF649857-19D7-4F84-BDF3-63C191828B44}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009B917F-42AD-40D3-85B7-FC6F801FABDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{00FA7A20-155F-4BAF-9393-E9853D448C10}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{01A7C514-4E32-498C-880E-3F71F35DE92F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{12D26AA6-C5DE-48D3-96EC-BCBC4E131AC5}" = protocol=17 | dir=in | app=c:\users\upstairs\appdata\local\google\chrome\application\chrome.exe |
"{17E76878-B426-411B-A6CB-DCFB51381D5B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1B989FFB-E4B1-45B4-BD8A-34042DC78F53}" = protocol=6 | dir=out | app=system |
"{1C77907A-EA27-478C-A034-FD63579E178D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{2482AC3C-0FEB-43CC-891A-68985551B170}" = protocol=17 | dir=in | app=c:\users\upstairs\appdata\local\microsoft\skydrive\skydrive.exe |
"{2D883564-7474-4BC4-A591-CB57B1DF88AB}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3108F1CB-D1D7-4040-AD88-2E25A3D0C0AF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{334A2900-24A7-45A1-A5EE-514EFDD2B2D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{34FE054D-DECF-4787-9C11-F8609E522932}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{374DABE5-7B57-4C1D-92A2-EDD8B5BDB2F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{389D6601-673F-4F1F-9738-516DC787D3EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3CB2337C-C683-48C3-9CFB-87D843305A39}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3FC2FE59-F4D7-47F5-AFAF-FA2FD566CA67}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B302396-DB2E-42EC-A15C-5B4FDA906A47}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{4DDE7F27-96E9-4817-AE3C-3B894F31F89D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{55827CB2-8A9C-471F-B42B-7F5E514061D1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{61D7CA78-42C6-4D95-BC55-BED10A9E8203}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{63B67E85-B0DF-427C-B1EE-57BC9DA99F50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{67D598E1-D257-42A3-94DE-364922EF3EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A3DD7EC-B207-4D74-8413-7182AB5BBF44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70F0896C-39C0-4ED0-BA3C-B3A915C3382D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7189E5E9-0A30-4616-AE24-D73DC4A83A75}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72EAFAD1-F98D-40CD-BA46-5983BD7808F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{734B73A7-0A8F-40F1-80B9-55A909CB571E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7577FEF2-123A-4B3C-883E-6EE125719597}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{7AA1ACFF-6F20-4353-A62D-A994970EDF93}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{7B52BADF-EAA4-4A37-9F03-B68255CD2EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{7CF49E2D-DD3D-4399-AD7C-E2B81D1C59D8}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{7E7BBA33-CB51-4D02-BEB8-8B53B1FAADDD}" = protocol=6 | dir=in | app=c:\users\upstairs\appdata\local\google\chrome\application\chrome.exe |
"{7FBB6F7B-D4B6-4BE4-8EBC-0E93EFF2AD59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81320D4D-F347-4940-8E9C-0A33FF5BFC9F}" = protocol=17 | dir=in | app=c:\users\upstairs\downloads\urbanterror\iourtded.exe |
"{81DEDF05-B92D-4D0C-B85F-5C3119EB7963}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe |
"{8E6D479D-D894-4D28-85BF-8E5A02B587F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94E864E5-3E62-4E30-9327-031A9F7BBE93}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9653F008-30B0-44A5-AF23-C9EF4F5EE6EC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{98264EB4-76C0-487F-A01E-9DD721DB4955}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9D094907-276F-4909-A9D5-5F69A1F29BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A5B182BA-5503-4E06-9CBA-6777997DC05C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACCBD997-BCBA-4BAE-8004-52979B2DE58C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{C58A5FF3-0F14-44D6-AE45-530E119BFB30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CB5A8062-DCEC-43E0-8CC9-9441FCBF58E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBA80AC4-6BE5-479F-9A2F-0708B5877869}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{D0FDBE17-0470-403B-A56C-0C147C05AD38}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E1D85C9E-1945-452A-B288-A33ABD4D7137}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{EA1CDCDE-5746-455A-A0F3-C515490E4F6C}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{EC6E5253-B966-420A-9115-5E64871D538E}" = protocol=6 | dir=in | app=c:\users\upstairs\downloads\urbanterror\iourtded.exe |
"{EFE773B4-D6CF-4CC7-B2C4-9B2DADD37956}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F10E1343-83AE-4E35-8F16-EED9F55796C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F29BDDCE-792D-4FB8-BCA2-1C90CA749763}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F650B0AF-AA6D-4802-B356-9052BEAACB38}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FFD53A73-930F-4ACD-AFC8-59BE15530266}" = protocol=6 | dir=in | app=c:\users\upstairs\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{10047F6E-1499-45CF-ACFB-644BCC6C603F}C:\users\upstairs\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\upstairs\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{56A210E2-69BC-42E3-95B4-518AC003FFF6}C:\users\upstairs\downloads\urbanterror\iourtded.exe" = protocol=6 | dir=in | app=c:\users\upstairs\downloads\urbanterror\iourtded.exe |
"TCP Query User{9FEBE598-30A4-4ED3-BC45-50A9E4572856}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{0AB74962-A546-4BEC-BEA7-14BE5AE49BE8}C:\users\upstairs\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\upstairs\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{818A1680-D684-4FFC-8AA1-57C723FC58F0}C:\users\upstairs\downloads\urbanterror\iourtded.exe" = protocol=17 | dir=in | app=c:\users\upstairs\downloads\urbanterror\iourtded.exe |
"UDP Query User{CC4192EB-9A4D-432A-B015-B7264B86758D}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{5ADC0761-2120-4E9A-860E-1D3F139F7FF2}" = One-click CD/DVD Copy 64-bit module
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"jEdit_is1" = jEdit 4.5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{31B25CCC-C459-4A7B-8059-0D9913D4FAA1}" = World Community Grid
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69C827F2-10B8-4DE4-BCC2-4B2FF4DADB86}_is1" = Secure Data Eraser
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E4B89BA1-01F4-4C81-B849-EA2A94EDB594}_is1" = GM Service Manual v09
"{E7C0D6C0-9BE3-486E-8F66-C5788CD704B9}" = One-click CD/DVD Copy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.2.4.8
"4Media ISO Creator" = 4Media ISO Creator
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
"DVD-Cloner 9_is1" = DVD-Cloner V9.20 Build 1104
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"HandBrake" = HandBrake 0.9.6
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Software Informer_is1" = Software Informer 1.1
"Stamps.com" = Stamps.com
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VMware_Player" = VMware Player
"WinGimp-2.0_is1" = GIMP 2.6.12-2
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6A2EF989-A524-48bf-985F-9D076B334980}" = ArcadeCandy
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2012 5:47:25 PM | Computer Name = upstairs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.2.12.0, time stamp:
0x4fad5a61 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0x810 Faulting application start time: 0x01cd71c1708f5990 Faulting application path:
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: cf61b3a0-ddb4-11e1-8d15-005056c00008

Error - 8/4/2012 5:32:06 AM | Computer Name = upstairs-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 8/4/2012 5:32:08 AM | Computer Name = upstairs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.2.12.0, time stamp:
0x4fad5a61 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0x9c0 Faulting application start time: 0x01cd7223dbd4a360 Faulting application path:
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 41fd8f80-de17-11e1-b825-005056c00008

Error - 8/4/2012 5:51:50 AM | Computer Name = upstairs-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 8/4/2012 5:51:51 AM | Computer Name = upstairs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.2.12.0, time stamp:
0x4fad5a61 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0x824 Faulting application start time: 0x01cd7226b1e9f520 Faulting application path:
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 038de3a0-de1a-11e1-9902-005056c00008

Error - 8/4/2012 1:56:37 PM | Computer Name = upstairs-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 8/4/2012 1:56:41 PM | Computer Name = upstairs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.2.12.0, time stamp:
0x4fad5a61 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0x924 Faulting application start time: 0x01cd726a5355dbc0 Faulting application path:
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: be3a15a0-de5d-11e1-8779-005056c00008

Error - 8/4/2012 2:11:08 PM | Computer Name = upstairs-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 8/4/2012 2:11:10 PM | Computer Name = upstairs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.2.12.0, time stamp:
0x4fad5a61 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0x8b4 Faulting application start time: 0x01cd726c5e30df20 Faulting application path:
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: c46db100-de5f-11e1-b33a-005056c00008

Error - 8/4/2012 2:15:29 PM | Computer Name = upstairs-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 8/4/2012 2:15:29 PM | Computer Name = upstairs-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.2.12.0, time stamp:
0x4fad5a61 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id:
0x8c0 Faulting application start time: 0x01cd726d04ecc540 Faulting application path:
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 5ecc9cc0-de60-11e1-ba49-005056c00008

[ System Events ]
Error - 8/3/2012 5:46:03 PM | Computer Name = upstairs-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:43:50 PM on ?8/?3/?2012 was unexpected.

Error - 8/3/2012 6:51:01 PM | Computer Name = upstairs-PC | Source = BROWSER | ID = 8032
Description =

Error - 8/4/2012 5:47:03 AM | Computer Name = upstairs-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 8/4/2012 5:47:04 AM | Computer Name = upstairs-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 8/4/2012 5:47:05 AM | Computer Name = upstairs-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 8/4/2012 5:47:05 AM | Computer Name = upstairs-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 8/4/2012 7:18:42 AM | Computer Name = upstairs-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/4/2012 7:21:51 AM | Computer Name = upstairs-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/4/2012 2:23:13 PM | Computer Name = upstairs-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/4/2012 2:26:13 PM | Computer Name = upstairs-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

OTL logfile created on: 8/5/2012 6:35:34 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\upstairs\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.06% Memory free
4.00 Gb Paging File | 2.07 Gb Available in Paging File | 51.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 152.66 Gb Total Space | 66.36 Gb Free Space | 43.47% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRS-PC | User Name: upstairs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\upstairs\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Users\upstairs\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\BOINC\boincmgr.exe (World Community Grid)
PRC - C:\Program Files (x86)\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Program Files (x86)\BOINC\boinc.exe (World Community Grid)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll ()
MOD - C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll ()
MOD - C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll ()
MOD - C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll ()
MOD - C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll ()
MOD - C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97dccc257e6729c8bc2450a5caf030e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e51b389e6d470d6920df51e7bbee6977\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Program Files (x86)\BOINC\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 29 30 7C 9D FC CC 01 [binary data]
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{081FE558-4C7C-4EFF-A1E4-5C5D611C22C7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source=12fe24cf&tbp=rbox&toolbarid=searchcom_004&u=20120409DCB04FA49335D67A2FF8998A&q={searchTerms}
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={26F040E3-1F6F-4882-A6D8-9DA4C8E49D99}&mid=a5b9156ee2284afcaa1e695b49ef73d8-f56dec39a21fbaeb69a6fca5f694347d92cb44a6&lang=en&ds=pl011&pr=sa&d=2012-07-27 03:29:33&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{C78BA293-73CE-4688-BF60-B17E2FB72118}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{FC9A0EBE-050D-4136-952F-11858D19E748}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\upstairs\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\upstairs\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\upstairs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/01 09:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com: C:\Users\upstairs\AppData\Local\ArcadeCandy\games@acandy.com [2012/04/29 07:09:53 | 000,000,000 | ---D | M]

[2012/02/29 13:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\upstairs\AppData\Roaming\Mozilla\Extensions
[2012/07/05 16:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\upstairs\AppData\Roaming\Mozilla\Firefox\extensions
[2012/07/05 16:52:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\upstairs\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/07/19 04:14:17 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\UPSTAIRS\APPDATA\ROAMING\THUNDERBIRD\PROFILES\QYYTH098.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2012/06/25 05:28:23 | 000,000,000 | ---D | M] ("Sun Cult") -- C:\USERS\UPSTAIRS\APPDATA\ROAMING\THUNDERBIRD\PROFILES\QYYTH098.DEFAULT\EXTENSIONS\SUNCULT@SF.NET
[2012/05/02 03:21:37 | 000,564,732 | ---- | M] () (No name found) -- C:\USERS\UPSTAIRS\APPDATA\ROAMING\THUNDERBIRD\PROFILES\QYYTH098.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI

========== Chrome ==========

CHR - homepage: http://www.google.com/ig
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/ig
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\upstairs\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: ArcadeCandy Textlinks Plugin (Enabled) = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.8.301_0\npCandyx.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\upstairs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\upstairs\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Entanglement = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Shredder Chess Free = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelpbbhpcpelmnfablcbcianelefnnbg\1.0.1_0\
CHR - Extension: Angry Birds = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Conveyor = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\baijekkfedgoapgaafkbhoajfpaenpdb\1.0.2_0\
CHR - Extension: YouTube = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Tetris = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfpkpcnigdggonhlcmbekffepnaflofk\13.2334.9140_0\
CHR - Extension: Google Search = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Holiday calendar = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfbcdklgpgkjoenodcokafcbknnmogoi\2.6.1_1\
CHR - Extension: Pool = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\elpllolimgdplahhfppjkplanncepfnh\1.0_0\
CHR - Extension: Full Screen Weather = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Balloono = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmggmlpijnjmhdekfigfbkookpdfodhf\1.4_0\
CHR - Extension: Xero Accounting Software = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikembjdgdkgobgiejjfpmhoeebmabnkm\0.0.0.1_0\
CHR - Extension: Cargo Bridge = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Tetris Arcade = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kephoeibgbfhhkbndabbemchfdojhlij\13.4073.4386_0\
CHR - Extension: Poppit = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Quick Note = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.1_0\
CHR - Extension: ArcadeCandy Games = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.8.301_0\
CHR - Extension: Vid-Saver = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_0\
CHR - Extension: Gmail = C:\Users\upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files (x86)\BOINC\boincmgr.exe (World Community Grid)
O4 - HKLM..\Run: [boinctray] C:\Program Files (x86)\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-899631612-3014446547-3777632968-1001..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKU\S-1-5-21-899631612-3014446547-3777632968-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-899631612-3014446547-3777632968-1001..\Run: [SkyDrive] C:\Users\upstairs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD5E626-9AAD-46B9-97CA-420300FD534B}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 06:34:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\upstairs\Desktop\OTL.exe
[2012/08/04 16:17:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\upstairs\Desktop\aswMBR.exe
[2012/08/04 16:13:12 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\upstairs\Desktop\tdsskiller.exe
[2012/07/31 13:30:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/31 13:30:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/31 13:30:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/31 13:29:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/31 13:29:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/31 13:28:16 | 004,724,408 | R--- | C] (Swearware) -- C:\Users\upstairs\Desktop\ComboFix.exe
[2012/07/31 03:59:09 | 000,036,864 | ---- | C] (Agfa-Gevaert N.V.) -- C:\Windows\SysWow64\agusbsti.dll
[2012/07/31 03:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGFAnet
[2012/07/31 03:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\FotoWire
[2012/07/31 03:58:05 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012/07/29 12:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wyzo
[2012/07/29 12:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/07/29 11:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/07/29 11:26:00 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/07/29 11:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/07/29 11:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/29 11:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/29 11:25:17 | 000,000,000 | ---D | C] -- C:\Users\upstairs\AppData\Roaming\TestApp
[2012/07/29 07:00:23 | 000,000,000 | ---D | C] -- C:\Users\upstairs\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/27 03:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMCO
[2012/07/26 14:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/26 14:43:52 | 000,000,000 | ---D | C] -- C:\Users\upstairs\AppData\Roaming\SpeedyPC Software
[2012/07/26 14:43:52 | 000,000,000 | ---D | C] -- C:\Users\upstairs\AppData\Roaming\DriverCure
[2012/07/26 14:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/24 14:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2012/07/11 03:02:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 03:02:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 03:02:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 03:02:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 03:02:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 03:02:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 03:02:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 03:02:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 03:01:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 03:01:58 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 03:01:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 03:01:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 03:01:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 01:27:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 01:27:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 01:27:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 01:27:19 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 01:27:17 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/08 09:42:25 | 000,000,000 | ---D | C] -- C:\Users\upstairs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/08 09:38:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 06:34:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\upstairs\Desktop\OTL.exe
[2012/08/05 05:51:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-899631612-3014446547-3777632968-1001UA.job
[2012/08/04 21:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-899631612-3014446547-3777632968-1001Core.job
[2012/08/04 18:54:00 | 000,076,866 | ---- | M] () -- C:\Users\upstairs\Desktop\487220_3810879828144_1005101573_n.jpg
[2012/08/04 17:33:52 | 000,000,512 | ---- | M] () -- C:\Users\upstairs\Desktop\MBR.dat
[2012/08/04 16:17:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\upstairs\Desktop\aswMBR.exe
[2012/08/04 16:13:11 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\upstairs\Desktop\tdsskiller.exe
[2012/08/04 13:22:18 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 13:22:18 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 13:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 13:14:18 | 1610,051,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 06:11:35 | 004,724,408 | R--- | M] (Swearware) -- C:\Users\upstairs\Desktop\ComboFix.exe
[2012/08/04 05:56:37 | 000,881,494 | ---- | M] () -- C:\Users\upstairs\Desktop\SecurityCheck.exe
[2012/08/01 09:15:03 | 1787,964,086 | ---- | M] () -- C:\Users\upstairs\Documents\Picts Aug 1 2012.zip
[2012/07/31 16:15:10 | 000,000,000 | ---- | M] () -- C:\Users\upstairs\defogger_reenable
[2012/07/31 13:13:58 | 000,786,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/31 13:13:58 | 000,665,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/31 13:13:58 | 000,123,418 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/31 11:55:59 | 000,000,017 | ---- | M] () -- C:\Users\upstairs\AppData\Local\resmon.resmoncfg
[2012/07/29 11:27:14 | 001,904,465 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/11 03:27:44 | 000,000,900 | ---- | M] () -- C:\Users\upstairs\Desktop\Downloads.lnk
[2012/07/11 03:27:02 | 000,416,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/08 09:39:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/08 09:39:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 18:54:06 | 000,076,866 | ---- | C] () -- C:\Users\upstairs\Desktop\487220_3810879828144_1005101573_n.jpg
[2012/08/04 17:33:52 | 000,000,512 | ---- | C] () -- C:\Users\upstairs\Desktop\MBR.dat
[2012/08/04 05:56:42 | 000,881,494 | ---- | C] () -- C:\Users\upstairs\Desktop\SecurityCheck.exe
[2012/08/01 09:15:03 | 1787,964,086 | ---- | C] () -- C:\Users\upstairs\Documents\Picts Aug 1 2012.zip
[2012/07/31 16:15:10 | 000,000,000 | ---- | C] () -- C:\Users\upstairs\defogger_reenable
[2012/07/31 13:30:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/31 13:30:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/31 13:30:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/31 13:30:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/31 13:30:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/31 11:55:59 | 000,000,017 | ---- | C] () -- C:\Users\upstairs\AppData\Local\resmon.resmoncfg
[2012/07/29 11:26:11 | 001,904,465 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/08 09:41:42 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-899631612-3014446547-3777632968-1001UA.job
[2012/07/08 09:41:41 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-899631612-3014446547-3777632968-1001Core.job
[2012/06/27 17:00:38 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
[2012/04/02 16:54:34 | 000,002,744 | ---- | C] () -- C:\Users\upstairs\.recently-used.xbel
[2012/03/15 14:50:39 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/03/15 14:50:39 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/03/15 14:50:39 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/03/15 14:50:39 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/03/15 14:50:39 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/03/15 14:50:39 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/03/15 14:50:39 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012/03/15 14:50:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/03/15 14:50:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/03/15 14:50:39 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/03/15 14:50:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/03/15 14:50:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/03/15 14:50:39 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012/03/15 14:50:39 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012/03/15 14:50:39 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/03/15 14:50:39 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/03/15 14:50:38 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/03/15 14:50:38 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/03/15 14:50:38 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/03/13 18:40:54 | 000,611,840 | ---- | C] () -- C:\Windows\SysWow64\DVD43.dll
[2012/03/05 07:37:46 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/03/03 17:58:54 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT11.ini
[2012/02/29 15:49:36 | 000,780,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/29 13:00:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/29 13:00:26 | 000,012,310 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/09/28 20:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 AM

Posted 05 August 2012 - 12:16 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\URLSearchHook: - No CLSID value found
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O3 - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
    IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{081FE558-4C7C-4EFF-A1E4-5C5D611C22C7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source=12fe24cf&tbp=rbox&toolbarid=searchcom_004&u=20120409DCB04FA49335D67A2FF8998A&q={searchTerms}
    IE - HKU\S-1-5-21-899631612-3014446547-3777632968-1001\..\SearchScopes\{FC9A0EBE-050D-4136-952F-11858D19E748}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    [2012/07/26 14:43:52 | 000,000,000 | ---D | C] -- C:\Users\upstairs\AppData\Roaming\SpeedyPC Software
    [2012/07/26 14:43:52 | 000,000,000 | ---D | C] -- C:\Users\upstairs\AppData\Roaming\DriverCure
    [2012/07/26 14:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 stewartsd

stewartsd
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 05 August 2012 - 04:39 PM

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_USERS\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-899631612-3014446547-3777632968-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Microsoft\Internet Explorer\SearchScopes\{081FE558-4C7C-4EFF-A1E4-5C5D611C22C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081FE558-4C7C-4EFF-A1E4-5C5D611C22C7}\ not found.
Registry key HKEY_USERS\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-899631612-3014446547-3777632968-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FC9A0EBE-050D-4136-952F-11858D19E748}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC9A0EBE-050D-4136-952F-11858D19E748}\ not found.
C:\Users\upstairs\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\upstairs\AppData\Roaming\SpeedyPC Software folder moved successfully.
C:\Users\upstairs\AppData\Roaming\DriverCure folder moved successfully.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\upstairs\Desktop\Bleeping\cmd.bat deleted successfully.
C:\Users\upstairs\Desktop\Bleeping\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Steve and Jane

User: upstairs
->Java cache emptied: 974942 bytes

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Steve and Jane

User: upstairs
->Flash cache emptied: 5111 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08052012_163907

#11 stewartsd

stewartsd
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 05 August 2012 - 04:46 PM

Apparently fixed. THANK YOU!!!! WTF was it? What was it called? Those GD popups annoyed and worried me. THANK YOU! I will donate. THANK YOU.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 AM

Posted 05 August 2012 - 04:53 PM

Greetings stewartsd

You several things going on but what I have seen nothing was very serious just as you said very annoying

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 stewartsd

stewartsd
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 05 August 2012 - 05:53 PM

My Computer seems fixed. I did not get any UncoverTheNet popups on Chrome, that was the only symptom of infection or malware. Wonder how I got the infection. Any recommended security measures I should take? Thanks again.


ComboFix 12-08-05.02 - upstairs 08/05/2012 17:28:12.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1127 [GMT -5:00]
Running from: c:\users\upstairs\Desktop\ComboFix.exe
Command switches used :: c:\users\upstairs\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 22:35 . 2012-08-05 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 21:39 . 2012-08-05 21:39 -------- d-----w- C:\_OTL
2012-08-05 18:27 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14E96300-393F-487C-8857-1ED129219038}\mpengine.dll
2012-08-04 18:36 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 08:59 . 2000-06-29 14:00 36864 ----a-w- c:\windows\SysWow64\agusbsti.dll
2012-07-31 08:58 . 2012-07-31 18:13 -------- d-----w- c:\program files (x86)\Common Files\FotoWire
2012-07-31 08:58 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-29 17:46 . 2012-07-29 17:46 -------- d-----w- c:\program files (x86)\Wyzo
2012-07-29 17:20 . 2012-07-29 17:43 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-07-29 16:28 . 2012-07-29 17:15 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-29 16:26 . 2012-06-22 20:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-29 16:25 . 2012-07-29 17:43 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-29 16:25 . 2012-07-29 17:42 -------- d-----w- c:\programdata\PC Tools
2012-07-29 16:25 . 2012-07-29 16:25 -------- d-----w- c:\users\upstairs\AppData\Roaming\TestApp
2012-07-29 12:00 . 2012-07-29 12:00 -------- d-----w- c:\users\upstairs\AppData\Roaming\SUPERAntiSpyware.com
2012-07-27 08:30 . 2012-07-27 08:30 -------- d-----w- c:\program files (x86)\EMCO
2012-07-26 19:50 . 2012-07-26 19:50 -------- d-----w- c:\program files\Enigma Software Group
2012-07-26 19:49 . 2012-07-27 08:44 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-24 19:46 . 2012-07-24 19:46 -------- d-----w- c:\programdata\XoftSpySE
2012-07-11 08:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:01 . 2012-06-02 12:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-07-11 06:27 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-08 14:38 . 2012-07-08 14:38 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 08:03 . 2012-03-02 16:33 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-08 14:39 . 2012-06-16 22:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-08 14:39 . 2012-06-16 22:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:19 . 2012-06-22 21:43 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 21:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 21:43 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 21:43 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 21:43 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 21:43 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 21:43 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 21:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 21:42 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_18.40.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-29 18:13 . 2012-08-04 18:16 38614 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-05 22:23 29802 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-29 18:00 . 2012-08-05 22:23 12438 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-899631612-3014446547-3777632968-1001_UserData.bin
- 2012-07-31 18:23 . 2012-07-31 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 22:20 . 2012-08-05 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-31 18:23 . 2012-07-31 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-05 22:20 . 2012-08-05 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-31 18:13 665064 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-05 18:44 665064 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-05 18:44 123418 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-31 18:13 123418 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-31 18:22 385184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-05 22:19 385184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-01 21:34 . 2012-08-05 22:19 1374432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-01 21:34 . 2012-07-31 18:22 1374432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-29 20:50 . 2012-08-05 22:19 3097492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-899631612-3014446547-3777632968-1001-8192.dat
- 2012-02-29 20:50 . 2012-07-31 18:22 3097492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-899631612-3014446547-3777632968-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-20 08:30 220624 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-20 08:30 220624 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-20 08:30 220624 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SkyDrive"="c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-20 238544]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-06-14 10555904]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"boincmgr"="c:\program files (x86)\BOINC\boincmgr.exe" [2010-09-24 4543232]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2010-09-24 58112]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 6.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-3-15 174064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-28 240232]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-01-23 80944]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899631612-3014446547-3777632968-1001Core.job
- c:\users\upstairs\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-08 14:41]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899631612-3014446547-3777632968-1001UA.job
- c:\users\upstairs\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-08 14:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-20 08:30 244688 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-20 08:30 244688 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-20 08:30 244688 ----a-w- c:\users\upstairs\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.10.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=hex:51,66,7a,6c,4c,1d,38,12,d7,7b,66,
6c,00,3f,14,0f,ff,f2,73,ae,34,57,da,17
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,34,8e,35,99,63,74,49,be,44,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,34,8e,35,99,63,74,49,be,44,b4,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 17:39:04
ComboFix-quarantined-files.txt 2012-08-05 22:39
ComboFix2.txt 2012-08-05 22:18
ComboFix3.txt 2012-08-04 18:29
ComboFix4.txt 2012-08-04 11:24
ComboFix5.txt 2012-08-05 22:26
.
Pre-Run: 70,987,165,696 bytes free
Post-Run: 70,690,279,424 bytes free
.
- - End Of File - - 4A087AC2DE821DE6A7BF1B9A6E53228D

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 AM

Posted 05 August 2012 - 06:52 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 stewartsd

stewartsd
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 06 August 2012 - 05:53 AM

I'll reply next weekend. Thanks for your help. I may have had a couple of popups. Thanks for your help. I'll run the tests and post later. Thanks for your help. Did i mention, thanks for your help?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users