Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Google Redirect (http://63.209.69.107 / Scour / Butterfly)


  • This topic is locked This topic is locked
22 replies to this topic

#1 brhbrh

brhbrh

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 09 September 2012 - 03:30 PM

I've been infected with a Google redirect virus. At random times, links I click on from Google redirect to advertisements or fake search engines like Butterfly. This isn't for every link I click on Google. Just one out of every five or so. This occurs on both Firefox and IE. I tried following a few guides on how to remove it myself, but had no luck. I've run the programs Spybot Search & Destroy, Malwarebytes Anti-Malware, TDSSKiller, FixTDSS, and Combofix (sorry, one of the guides recommended it. I see this site says to only use it when instructed). None of them have fixed the problem. If it makes a difference, I did some searches on Yahoo and Bing to see if they were also affected. Yahoo is, but I didn't experience any redirects using Bing. Here is the DDS report. I did not run GMER since the Preparation Guide for these forums said not to on a 64-bit system.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Ben at 15:02:26 on 2012-09-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5569 [GMT -5:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files\Razer\Arctosa\razerhid.exe
C:\Users\Ben\Desktop\Games\Shortcuts\changepaper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Razer\Arctosa\razertra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://kotaku.com/
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Facebook Update] "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [RunAIShell] C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
mRun: [Arctosa] "C:\Program Files\Razer\Arctosa\razerhid.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Ben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RANDOM~1.LNK - C:\Users\Ben\Desktop\Games\Shortcuts\changepaper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{6BEFA00E-8A4C-4393-BA36-E7F11AC1A886} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8FB02647-45FD-4B43-B5F5-5B9831FA5700} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RunAIShell] C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [Arctosa] "C:\Program Files\Razer\Arctosa\razerhid.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\
FF - prefs.js: browser.startup.homepage - hxxp://blog.kotaku.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=110806
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 06293fc60000000000000025d3142a17
FF - user.js: extensions.BabylonToolbar_i.hardId - 06293fc60000000000000025d3142a17
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15430
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:38:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-9-9 67584]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2009-5-15 196608]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-9-13 308656]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-9 1153368]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]
R3 Arctosa;Arctosa Keyboard;C:\Windows\system32\drivers\Arctosa.sys --> C:\Windows\system32\drivers\Arctosa.sys [?]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 McciCMService64;McciCMService64;"C:\Program Files\Common Files\Motive\McciCMService.exe" --> C:\Program Files\Common Files\Motive\McciCMService.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-8-1 593864]
S2 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-8-1 900360]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 114144]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-09 19:38:12 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-09-09 18:12:14 -------- d-----w- C:\Windows\pss
2012-09-09 09:33:11 -------- d-----w- C:\Users\Ben\AppData\Roaming\Malwarebytes
2012-09-09 09:32:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-09 09:32:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-09 09:32:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-09 06:28:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-09 06:28:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-09 06:13:32 -------- d-----w- C:\Users\Ben\AppData\Local\temp
2012-09-09 06:05:56 -------- d-----w- C:\$RECYCLE.BIN
2012-09-09 05:45:03 98816 ----a-w- C:\Windows\sed.exe
2012-09-09 05:45:03 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-09 05:45:03 256000 ----a-w- C:\Windows\PEV.exe
2012-09-09 05:45:03 208896 ----a-w- C:\Windows\MBR.exe
2012-09-08 20:52:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 23:34:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-08-22 02:11:52 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-08-22 02:11:51 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-08-17 09:48:31 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-15 08:04:15 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 23:27:17 788480 ----a-w- C:\Windows\System32\localspl.dll
2012-08-14 23:27:17 623616 ----a-w- C:\Windows\SysWow64\localspl.dll
2012-08-13 22:43:43 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
.
==================== Find3M ====================
.
2012-08-29 01:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-22 02:11:49 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 02:11:49 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 20:01:23 1 ----a-w- C:\Windows\SysWow64\SI.bin
2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-14 21:11:26 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-14 21:11:26 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
.
============= FINISH: 15:02:50.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 10 September 2012 - 12:14 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 brhbrh

brhbrh
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 10 September 2012 - 06:26 PM

Both Security Check and Combofix ran without any problems. After running both of them, I am still being randomly redirected from links on both Google and Yahoo. Bing still appears to be unaffected.

Here are the contents of checkup.txt:


Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Trend Micro Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 20
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Internet Security SfCtlCom.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

and here is the Combofix log:

ComboFix 12-09-10.04 - Ben 09/10/2012 17:49:40.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6280 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\bitsadmin.exe . . . is infected!!
.
c:\windows\SysWOW64\bitsadmin.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-10 23:04 . 2012-09-10 23:07 -------- d-----w- c:\users\Ben\AppData\Local\temp
2012-09-10 23:04 . 2012-09-10 23:04 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-09-10 23:04 . 2012-09-10 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 19:38 . 2012-09-09 19:38 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-09-09 09:33 . 2012-09-09 09:33 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2012-09-09 09:32 . 2012-09-09 09:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-09 09:32 . 2012-09-09 09:32 -------- d-----w- c:\programdata\Malwarebytes
2012-09-09 09:32 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-09 09:06 . 2012-09-09 09:06 -------- d-----w- c:\programdata\Motive
2012-09-09 06:28 . 2012-09-09 06:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-09 06:28 . 2012-09-09 06:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-08 20:52 . 2012-09-08 20:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 23:34 . 2012-08-30 23:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-22 02:11 . 2012-08-22 02:11 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-22 02:11 . 2012-08-23 03:51 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-08-17 09:48 . 2012-08-29 01:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-17 09:47 . 2012-08-17 09:47 -------- d-----w- c:\programdata\McAfee
2012-08-15 08:04 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:27 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 23:27 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-14 23:27 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-08-13 22:43 . 2012-08-13 22:43 -------- d-----w- c:\program files (x86)\Microsoft XNA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 01:24 . 2010-05-12 19:54 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-22 02:11 . 2012-03-30 23:24 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 02:11 . 2011-06-14 19:00 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 08:00 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-06-14 21:11 . 2011-12-16 17:23 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-14 21:11 . 2011-12-16 17:23 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-09_06.06.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-09-10 23:08 68780 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-09-10 22:43 91956 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-02 04:17 . 2012-09-10 22:43 19248 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2913236317-814230174-4002188810-1000_UserData.bin
+ 2012-09-10 23:05 . 2012-09-10 23:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 06:05 . 2012-09-09 06:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 06:05 . 2012-09-09 06:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-10 23:05 . 2012-09-10 23:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2012-09-10 21:38 640620 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-09-06 08:17 640620 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-09-10 21:38 118872 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-09-06 08:17 118872 c:\windows\system32\perfc009.dat
- 2010-05-13 09:42 . 2012-09-09 06:04 411220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-13 09:42 . 2012-09-10 23:04 411220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-13 09:42 . 2012-09-10 23:04 3432928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2913236317-814230174-4002188810-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-07 1353080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files\ASUS\AI Manager\AsShellApplication.exe" [2009-02-19 225280]
"Arctosa"="c:\program files\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\MpcStar\Codecs\QuickTime\QTTask.exe" [2012-04-19 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-14 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Random Wallpaper Changer.lnk - c:\users\Ben\Desktop\Games\Shortcuts\changepaper.exe [2011-11-1 399360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-2-12 394856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-03 6975520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 16247840]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-16 989432]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://kotaku.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\
FF - prefs.js: browser.startup.homepage - hxxp://blog.kotaku.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=110806
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 06293fc60000000000000025d3142a17
FF - user.js: extensions.BabylonToolbar_i.hardId - 06293fc60000000000000025d3142a17
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15430
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Facebook Update - c:\users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Episode 205 - What's New, Beelzebub? - c:\program files (x86)\Telltale Games\Sam and Max - Season Two\Uninstall Episode 205 - What's New
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2913236317-814230174-4002188810-1000\Software\SecuROM\License information*]
"datasecu"=hex:ff,96,37,74,44,e4,4f,89,6d,8a,18,45,64,08,c4,b6,7f,63,0f,c8,76,
41,0f,3e,69,5e,85,d2,a1,7a,5a,06,14,07,c5,c9,ac,d3,87,ed,bc,90,f7,bc,f3,f2,\
"rkeysecu"=hex:87,92,01,b5,85,7c,cd,ea,54,04,9b,92,6c,cc,51,85
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\AsHookDevice.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files\Razer\Arctosa\razertra.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-09-10 18:13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-10 23:13
ComboFix2.txt 2012-09-09 06:13
.
Pre-Run: 19,555,516,416 bytes free
Post-Run: 19,363,024,896 bytes free
.
- - End Of File - - 7E18933EC7DC2711C1C52774B0C56414

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 10 September 2012 - 08:26 PM

Greetings brhbrh

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 brhbrh

brhbrh
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 10 September 2012 - 11:08 PM

Hey Gringo.

Here is the report from TDSSKiller:

22:56:28.0748 3612 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:56:29.0169 3612 ============================================================
22:56:29.0169 3612 Current date / time: 2012/09/10 22:56:29.0169
22:56:29.0169 3612 SystemInfo:
22:56:29.0169 3612
22:56:29.0169 3612 OS Version: 6.0.6002 ServicePack: 2.0
22:56:29.0169 3612 Product type: Workstation
22:56:29.0169 3612 ComputerName: BENCITY
22:56:29.0169 3612 UserName: Ben
22:56:29.0169 3612 Windows directory: C:\Windows
22:56:29.0169 3612 System windows directory: C:\Windows
22:56:29.0169 3612 Running under WOW64
22:56:29.0169 3612 Processor architecture: Intel x64
22:56:29.0169 3612 Number of processors: 4
22:56:29.0169 3612 Page size: 0x1000
22:56:29.0169 3612 Boot type: Normal boot
22:56:29.0169 3612 ============================================================
22:56:30.0714 3612 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:56:30.0729 3612 ============================================================
22:56:30.0729 3612 \Device\Harddisk0\DR0:
22:56:30.0729 3612 MBR partitions:
22:56:30.0729 3612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x22EEAD41
22:56:30.0729 3612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x242ED1DB, BlocksNum 0x33258126
22:56:30.0729 3612 ============================================================
22:56:30.0776 3612 C: <-> \Device\Harddisk0\DR0\Partition1
22:56:30.0807 3612 D: <-> \Device\Harddisk0\DR0\Partition2
22:56:30.0807 3612 ============================================================
22:56:30.0807 3612 Initialize success
22:56:30.0807 3612 ============================================================
22:56:34.0848 5640 ============================================================
22:56:34.0848 5640 Scan started
22:56:34.0848 5640 Mode: Manual;
22:56:34.0848 5640 ============================================================
22:56:35.0877 5640 ================ Scan system memory ========================
22:56:35.0877 5640 System memory - ok
22:56:35.0877 5640 ================ Scan services =============================
22:56:36.0002 5640 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:56:36.0002 5640 ACPI - ok
22:56:36.0033 5640 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:56:36.0033 5640 adfs - ok
22:56:36.0065 5640 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:56:36.0065 5640 adp94xx - ok
22:56:36.0080 5640 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:56:36.0096 5640 adpahci - ok
22:56:36.0096 5640 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:56:36.0111 5640 adpu160m - ok
22:56:36.0127 5640 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:56:36.0127 5640 adpu320 - ok
22:56:36.0158 5640 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:56:36.0158 5640 AeLookupSvc - ok
22:56:36.0174 5640 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
22:56:36.0189 5640 AFD - ok
22:56:36.0221 5640 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:56:36.0221 5640 agp440 - ok
22:56:36.0236 5640 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:56:36.0236 5640 aic78xx - ok
22:56:36.0236 5640 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
22:56:36.0236 5640 ALG - ok
22:56:36.0252 5640 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
22:56:36.0252 5640 aliide - ok
22:56:36.0267 5640 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
22:56:36.0267 5640 amdide - ok
22:56:36.0283 5640 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:56:36.0283 5640 AmdK8 - ok
22:56:36.0314 5640 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
22:56:36.0314 5640 Appinfo - ok
22:56:36.0408 5640 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:56:36.0408 5640 Apple Mobile Device - ok
22:56:36.0439 5640 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
22:56:36.0439 5640 arc - ok
22:56:36.0439 5640 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:56:36.0439 5640 arcsas - ok
22:56:36.0486 5640 [ E71382EB3E2BEEC22B2516DF3ADC1C3F ] Arctosa C:\Windows\system32\drivers\Arctosa.sys
22:56:36.0486 5640 Arctosa - ok
22:56:36.0533 5640 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
22:56:36.0533 5640 ASInsHelp - ok
22:56:36.0548 5640 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:56:36.0548 5640 AsIO - ok
22:56:36.0626 5640 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:56:36.0626 5640 aspnet_state - ok
22:56:36.0657 5640 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:56:36.0657 5640 AsyncMac - ok
22:56:36.0689 5640 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
22:56:36.0689 5640 atapi - ok
22:56:36.0720 5640 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:56:36.0720 5640 AudioEndpointBuilder - ok
22:56:36.0735 5640 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:56:36.0735 5640 AudioSrv - ok
22:56:36.0735 5640 Beep - ok
22:56:36.0798 5640 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
22:56:36.0798 5640 BFE - ok
22:56:36.0829 5640 BITCOMET_HELPER_SERVICE - ok
22:56:36.0876 5640 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
22:56:36.0876 5640 BITS - ok
22:56:36.0891 5640 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:56:36.0891 5640 blbdrive - ok
22:56:36.0969 5640 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:56:36.0969 5640 Bonjour Service - ok
22:56:37.0001 5640 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:56:37.0016 5640 bowser - ok
22:56:37.0032 5640 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:56:37.0032 5640 BrFiltLo - ok
22:56:37.0047 5640 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:56:37.0047 5640 BrFiltUp - ok
22:56:37.0079 5640 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
22:56:37.0079 5640 Browser - ok
22:56:37.0110 5640 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
22:56:37.0110 5640 Brserid - ok
22:56:37.0125 5640 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:56:37.0125 5640 BrSerWdm - ok
22:56:37.0141 5640 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:56:37.0141 5640 BrUsbMdm - ok
22:56:37.0157 5640 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:56:37.0157 5640 BrUsbSer - ok
22:56:37.0172 5640 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:56:37.0172 5640 BTHMODEM - ok
22:56:37.0188 5640 catchme - ok
22:56:37.0235 5640 [ 58BF7714A312698108A96D0DE2BB6825 ] cbVSCService11 C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
22:56:37.0250 5640 cbVSCService11 - ok
22:56:37.0250 5640 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:56:37.0250 5640 cdfs - ok
22:56:37.0281 5640 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:56:37.0281 5640 cdrom - ok
22:56:37.0313 5640 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
22:56:37.0313 5640 CertPropSvc - ok
22:56:37.0328 5640 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
22:56:37.0328 5640 circlass - ok
22:56:37.0359 5640 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
22:56:37.0359 5640 CLFS - ok
22:56:37.0406 5640 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:37.0406 5640 clr_optimization_v2.0.50727_32 - ok
22:56:37.0437 5640 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:56:37.0453 5640 clr_optimization_v2.0.50727_64 - ok
22:56:37.0500 5640 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:56:37.0500 5640 clr_optimization_v4.0.30319_32 - ok
22:56:37.0531 5640 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:56:37.0531 5640 clr_optimization_v4.0.30319_64 - ok
22:56:37.0547 5640 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:56:37.0547 5640 cmdide - ok
22:56:37.0562 5640 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:56:37.0562 5640 Compbatt - ok
22:56:37.0562 5640 COMSysApp - ok
22:56:37.0578 5640 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:56:37.0578 5640 crcdisk - ok
22:56:37.0625 5640 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:56:37.0625 5640 CryptSvc - ok
22:56:37.0656 5640 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:56:37.0656 5640 DcomLaunch - ok
22:56:37.0687 5640 [ 78F378CB735B0B7561A7036E282B0DEC ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
22:56:37.0687 5640 Device Handle Service - ok
22:56:37.0703 5640 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:56:37.0718 5640 DfsC - ok
22:56:37.0796 5640 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
22:56:37.0843 5640 DFSR - ok
22:56:37.0890 5640 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:56:37.0890 5640 Dhcp - ok
22:56:37.0905 5640 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
22:56:37.0905 5640 disk - ok
22:56:37.0952 5640 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:56:37.0952 5640 Dnscache - ok
22:56:37.0968 5640 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
22:56:37.0968 5640 dot3svc - ok
22:56:37.0999 5640 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
22:56:37.0999 5640 DPS - ok
22:56:38.0015 5640 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:56:38.0015 5640 drmkaud - ok
22:56:38.0061 5640 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:56:38.0061 5640 DXGKrnl - ok
22:56:38.0077 5640 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:56:38.0077 5640 E1G60 - ok
22:56:38.0093 5640 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
22:56:38.0093 5640 EapHost - ok
22:56:38.0108 5640 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
22:56:38.0108 5640 Ecache - ok
22:56:38.0155 5640 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:56:38.0155 5640 ehRecvr - ok
22:56:38.0171 5640 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
22:56:38.0171 5640 ehSched - ok
22:56:38.0186 5640 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
22:56:38.0186 5640 ehstart - ok
22:56:38.0202 5640 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:56:38.0217 5640 elxstor - ok
22:56:38.0249 5640 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:56:38.0249 5640 EMDMgmt - ok
22:56:38.0264 5640 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:56:38.0264 5640 ErrDev - ok
22:56:38.0311 5640 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
22:56:38.0311 5640 EventSystem - ok
22:56:38.0342 5640 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
22:56:38.0358 5640 exfat - ok
22:56:38.0373 5640 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:56:38.0373 5640 fastfat - ok
22:56:38.0389 5640 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:56:38.0389 5640 fdc - ok
22:56:38.0405 5640 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
22:56:38.0405 5640 fdPHost - ok
22:56:38.0420 5640 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
22:56:38.0420 5640 FDResPub - ok
22:56:38.0420 5640 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:56:38.0420 5640 FileInfo - ok
22:56:38.0451 5640 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:56:38.0451 5640 Filetrace - ok
22:56:38.0514 5640 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:56:38.0514 5640 FLEXnet Licensing Service - ok
22:56:38.0529 5640 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:56:38.0529 5640 flpydisk - ok
22:56:38.0545 5640 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:56:38.0545 5640 FltMgr - ok
22:56:38.0607 5640 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
22:56:38.0623 5640 FontCache - ok
22:56:38.0654 5640 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:56:38.0654 5640 FontCache3.0.0.0 - ok
22:56:38.0685 5640 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:56:38.0779 5640 fssfltr - ok
22:56:39.0060 5640 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:56:39.0091 5640 fsssvc - ok
22:56:39.0122 5640 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:56:39.0122 5640 Fs_Rec - ok
22:56:39.0153 5640 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:56:39.0153 5640 gagp30kx - ok
22:56:39.0169 5640 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:56:39.0169 5640 GEARAspiWDM - ok
22:56:39.0200 5640 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
22:56:39.0216 5640 gpsvc - ok
22:56:39.0231 5640 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
22:56:39.0231 5640 hamachi - ok
22:56:39.0309 5640 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
22:56:39.0325 5640 Hamachi2Svc - ok
22:56:39.0341 5640 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:56:39.0356 5640 HdAudAddService - ok
22:56:39.0372 5640 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:56:39.0387 5640 HDAudBus - ok
22:56:39.0403 5640 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:56:39.0403 5640 HidBth - ok
22:56:39.0419 5640 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:56:39.0434 5640 HidIr - ok
22:56:39.0450 5640 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
22:56:39.0450 5640 hidserv - ok
22:56:39.0450 5640 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:56:39.0450 5640 HidUsb - ok
22:56:39.0481 5640 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
22:56:39.0481 5640 hkmsvc - ok
22:56:39.0497 5640 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:56:39.0497 5640 HpCISSs - ok
22:56:39.0543 5640 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:56:39.0543 5640 HTTP - ok
22:56:39.0559 5640 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:56:39.0559 5640 i2omp - ok
22:56:39.0590 5640 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:56:39.0590 5640 i8042prt - ok
22:56:39.0637 5640 [ D8AE64DC0924E9E4B532B4E700AF35FA ] ialm C:\Windows\system32\DRIVERS\igdkmd64.sys
22:56:39.0668 5640 ialm - ok
22:56:39.0699 5640 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:56:39.0699 5640 iaStorV - ok
22:56:39.0762 5640 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:56:39.0762 5640 IDriverT - ok
22:56:39.0824 5640 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:56:39.0824 5640 idsvc - ok
22:56:39.0855 5640 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:56:39.0855 5640 iirsp - ok
22:56:39.0918 5640 [ A06EFD4965F8A3F97A8C9A291D032678 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:56:39.0918 5640 IJPLMSVC - ok
22:56:39.0933 5640 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
22:56:39.0949 5640 IKEEXT - ok
22:56:39.0996 5640 [ E28EDF74900E68184F44CFCDD66F1BC3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:56:40.0011 5640 IntcAzAudAddService - ok
22:56:40.0043 5640 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
22:56:40.0043 5640 intelide - ok
22:56:40.0058 5640 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:56:40.0058 5640 intelppm - ok
22:56:40.0089 5640 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:56:40.0089 5640 IPBusEnum - ok
22:56:40.0105 5640 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:56:40.0105 5640 IpFilterDriver - ok
22:56:40.0136 5640 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:56:40.0136 5640 iphlpsvc - ok
22:56:40.0136 5640 IpInIp - ok
22:56:40.0152 5640 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:56:40.0167 5640 IPMIDRV - ok
22:56:40.0183 5640 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:56:40.0183 5640 IPNAT - ok
22:56:40.0245 5640 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:56:40.0245 5640 iPod Service - ok
22:56:40.0261 5640 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:56:40.0261 5640 IRENUM - ok
22:56:40.0292 5640 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:56:40.0308 5640 isapnp - ok
22:56:40.0339 5640 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:56:40.0339 5640 iScsiPrt - ok
22:56:40.0355 5640 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:56:40.0355 5640 iteatapi - ok
22:56:40.0370 5640 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:56:40.0370 5640 iteraid - ok
22:56:40.0386 5640 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:56:40.0386 5640 kbdclass - ok
22:56:40.0417 5640 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:56:40.0417 5640 kbdhid - ok
22:56:40.0448 5640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
22:56:40.0448 5640 KeyIso - ok
22:56:40.0511 5640 [ 1A8D8CB042E2724385227F1A19A8DECC ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
22:56:40.0511 5640 Kodak AiO Network Discovery Service - ok
22:56:40.0557 5640 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:56:40.0557 5640 KSecDD - ok
22:56:40.0573 5640 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:56:40.0573 5640 ksthunk - ok
22:56:40.0589 5640 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
22:56:40.0589 5640 KtmRm - ok
22:56:40.0635 5640 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:56:40.0651 5640 LanmanServer - ok
22:56:40.0682 5640 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:56:40.0682 5640 LanmanWorkstation - ok
22:56:40.0698 5640 libusb0 - ok
22:56:40.0698 5640 libusbd - ok
22:56:40.0713 5640 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:56:40.0713 5640 lltdio - ok
22:56:40.0729 5640 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:56:40.0745 5640 lltdsvc - ok
22:56:40.0745 5640 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:56:40.0745 5640 lmhosts - ok
22:56:40.0760 5640 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:56:40.0776 5640 LSI_FC - ok
22:56:40.0791 5640 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:56:40.0791 5640 LSI_SAS - ok
22:56:40.0807 5640 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:56:40.0807 5640 LSI_SCSI - ok
22:56:40.0823 5640 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
22:56:40.0823 5640 luafv - ok
22:56:40.0838 5640 McciCMService64 - ok
22:56:40.0901 5640 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
22:56:40.0901 5640 McComponentHostService - ok
22:56:40.0901 5640 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:56:40.0901 5640 Mcx2Svc - ok
22:56:40.0916 5640 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
22:56:40.0916 5640 megasas - ok
22:56:40.0947 5640 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:56:40.0963 5640 MegaSR - ok
22:56:40.0963 5640 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
22:56:40.0979 5640 MMCSS - ok
22:56:40.0994 5640 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
22:56:40.0994 5640 Modem - ok
22:56:41.0010 5640 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:56:41.0010 5640 monitor - ok
22:56:41.0025 5640 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:56:41.0025 5640 mouclass - ok
22:56:41.0041 5640 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:56:41.0041 5640 mouhid - ok
22:56:41.0057 5640 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:56:41.0057 5640 MountMgr - ok
22:56:41.0103 5640 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:56:41.0103 5640 MozillaMaintenance - ok
22:56:41.0135 5640 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
22:56:41.0135 5640 mpio - ok
22:56:41.0150 5640 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:56:41.0150 5640 mpsdrv - ok
22:56:41.0181 5640 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
22:56:41.0181 5640 MpsSvc - ok
22:56:41.0197 5640 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:56:41.0197 5640 Mraid35x - ok
22:56:41.0213 5640 MREMP50 - ok
22:56:41.0228 5640 MREMP50a64 - ok
22:56:41.0228 5640 MREMPR5 - ok
22:56:41.0228 5640 MRENDIS5 - ok
22:56:41.0244 5640 MRESP50 - ok
22:56:41.0259 5640 MRESP50a64 - ok
22:56:41.0291 5640 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:56:41.0291 5640 MRxDAV - ok
22:56:41.0337 5640 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:56:41.0337 5640 mrxsmb - ok
22:56:41.0369 5640 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:56:41.0369 5640 mrxsmb10 - ok
22:56:41.0384 5640 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:56:41.0400 5640 mrxsmb20 - ok
22:56:41.0415 5640 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
22:56:41.0415 5640 msahci - ok
22:56:41.0431 5640 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:56:41.0447 5640 msdsm - ok
22:56:41.0462 5640 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
22:56:41.0462 5640 MSDTC - ok
22:56:41.0478 5640 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:56:41.0478 5640 Msfs - ok
22:56:41.0493 5640 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:56:41.0493 5640 msisadrv - ok
22:56:41.0525 5640 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:56:41.0525 5640 MSiSCSI - ok
22:56:41.0540 5640 msiserver - ok
22:56:41.0556 5640 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:56:41.0571 5640 MSKSSRV - ok
22:56:41.0571 5640 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:56:41.0587 5640 MSPCLOCK - ok
22:56:41.0587 5640 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:56:41.0587 5640 MSPQM - ok
22:56:41.0618 5640 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:56:41.0618 5640 MsRPC - ok
22:56:41.0634 5640 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:56:41.0634 5640 mssmbios - ok
22:56:41.0649 5640 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:56:41.0649 5640 MSTEE - ok
22:56:41.0681 5640 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:56:41.0681 5640 MTsensor - ok
22:56:41.0681 5640 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
22:56:41.0696 5640 Mup - ok
22:56:41.0712 5640 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
22:56:41.0712 5640 napagent - ok
22:56:41.0743 5640 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:56:41.0743 5640 NativeWifiP - ok
22:56:41.0774 5640 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:56:41.0790 5640 NDIS - ok
22:56:41.0790 5640 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:56:41.0790 5640 NdisTapi - ok
22:56:41.0790 5640 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:56:41.0790 5640 Ndisuio - ok
22:56:41.0821 5640 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:56:41.0821 5640 NdisWan - ok
22:56:41.0837 5640 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:56:41.0837 5640 NDProxy - ok
22:56:41.0852 5640 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:56:41.0852 5640 NetBIOS - ok
22:56:41.0852 5640 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:56:41.0868 5640 netbt - ok
22:56:41.0883 5640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
22:56:41.0883 5640 Netlogon - ok
22:56:41.0899 5640 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
22:56:41.0899 5640 Netman - ok
22:56:41.0946 5640 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:56:41.0946 5640 NetMsmqActivator - ok
22:56:41.0961 5640 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:56:41.0961 5640 NetPipeActivator - ok
22:56:41.0977 5640 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
22:56:41.0977 5640 netprofm - ok
22:56:42.0024 5640 [ 653A267797A4DE4A69014ED61945067A ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
22:56:42.0039 5640 netr28x - ok
22:56:42.0039 5640 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:56:42.0039 5640 NetTcpActivator - ok
22:56:42.0039 5640 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:56:42.0039 5640 NetTcpPortSharing - ok
22:56:42.0071 5640 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:56:42.0071 5640 nfrd960 - ok
22:56:42.0086 5640 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
22:56:42.0086 5640 NlaSvc - ok
22:56:42.0102 5640 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:56:42.0102 5640 Npfs - ok
22:56:42.0102 5640 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
22:56:42.0102 5640 nsi - ok
22:56:42.0117 5640 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:56:42.0117 5640 nsiproxy - ok
22:56:42.0180 5640 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:56:42.0180 5640 Ntfs - ok
22:56:42.0227 5640 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
22:56:42.0227 5640 Null - ok
22:56:42.0242 5640 NVHDA - ok
22:56:42.0429 5640 [ B9A2682CAA3A7A5DCE1B1F6A863C8F73 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:56:42.0476 5640 nvlddmkm - ok
22:56:42.0492 5640 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:56:42.0492 5640 nvraid - ok
22:56:42.0523 5640 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:56:42.0523 5640 nvstor - ok
22:56:42.0554 5640 [ F6DD35823052EFE613A0A204DC3A4332 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:56:42.0570 5640 nvsvc - ok
22:56:42.0585 5640 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:56:42.0585 5640 nv_agp - ok
22:56:42.0585 5640 NwlnkFlt - ok
22:56:42.0585 5640 NwlnkFwd - ok
22:56:42.0679 5640 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:56:42.0679 5640 odserv - ok
22:56:42.0695 5640 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:56:42.0695 5640 ohci1394 - ok
22:56:42.0726 5640 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:56:42.0726 5640 ose - ok
22:56:42.0773 5640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:56:42.0773 5640 p2pimsvc - ok
22:56:42.0788 5640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
22:56:42.0788 5640 p2psvc - ok
22:56:42.0804 5640 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:56:42.0804 5640 Parport - ok
22:56:42.0851 5640 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:56:42.0851 5640 partmgr - ok
22:56:42.0851 5640 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
22:56:42.0851 5640 PcaSvc - ok
22:56:42.0882 5640 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
22:56:42.0882 5640 pci - ok
22:56:42.0897 5640 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
22:56:42.0897 5640 pciide - ok
22:56:42.0913 5640 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:56:42.0913 5640 pcmcia - ok
22:56:42.0944 5640 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:56:42.0944 5640 PEAUTH - ok
22:56:42.0991 5640 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:56:42.0991 5640 PerfHost - ok
22:56:43.0038 5640 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
22:56:43.0069 5640 pla - ok
22:56:43.0085 5640 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:56:43.0085 5640 PlugPlay - ok
22:56:43.0100 5640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:56:43.0100 5640 PNRPAutoReg - ok
22:56:43.0116 5640 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:56:43.0116 5640 PNRPsvc - ok
22:56:43.0163 5640 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:56:43.0163 5640 PolicyAgent - ok
22:56:43.0178 5640 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:56:43.0178 5640 PptpMiniport - ok
22:56:43.0194 5640 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
22:56:43.0194 5640 Processor - ok
22:56:43.0225 5640 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
22:56:43.0225 5640 ProfSvc - ok
22:56:43.0225 5640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
22:56:43.0241 5640 ProtectedStorage - ok
22:56:43.0256 5640 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:56:43.0256 5640 PSched - ok
22:56:43.0287 5640 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:56:43.0303 5640 ql2300 - ok
22:56:43.0319 5640 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:56:43.0319 5640 ql40xx - ok
22:56:43.0350 5640 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
22:56:43.0350 5640 QWAVE - ok
22:56:43.0365 5640 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:56:43.0365 5640 QWAVEdrv - ok
22:56:43.0381 5640 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:56:43.0381 5640 RasAcd - ok
22:56:43.0397 5640 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
22:56:43.0397 5640 RasAuto - ok
22:56:43.0412 5640 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:56:43.0412 5640 Rasl2tp - ok
22:56:43.0428 5640 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
22:56:43.0428 5640 RasMan - ok
22:56:43.0443 5640 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:56:43.0443 5640 RasPppoe - ok
22:56:43.0475 5640 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:56:43.0475 5640 RasSstp - ok
22:56:43.0475 5640 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:56:43.0490 5640 rdbss - ok
22:56:43.0490 5640 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:56:43.0490 5640 RDPCDD - ok
22:56:43.0506 5640 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:56:43.0506 5640 rdpdr - ok
22:56:43.0521 5640 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:56:43.0521 5640 RDPENCDD - ok
22:56:43.0537 5640 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:56:43.0537 5640 RDPWD - ok
22:56:43.0568 5640 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:56:43.0568 5640 RemoteAccess - ok
22:56:43.0584 5640 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:56:43.0584 5640 RemoteRegistry - ok
22:56:43.0599 5640 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
22:56:43.0599 5640 RpcLocator - ok
22:56:43.0631 5640 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
22:56:43.0631 5640 RpcSs - ok
22:56:43.0646 5640 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:56:43.0646 5640 rspndr - ok
22:56:43.0677 5640 [ D53C84EC99AB4D78A90001E5CE5386EC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
22:56:43.0677 5640 RTL8169 - ok
22:56:43.0693 5640 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
22:56:43.0693 5640 SamSs - ok
22:56:43.0709 5640 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:56:43.0709 5640 sbp2port - ok
22:56:43.0787 5640 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:56:43.0787 5640 SBSDWSCService - ok
22:56:43.0802 5640 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:56:43.0802 5640 SCardSvr - ok
22:56:43.0849 5640 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
22:56:43.0849 5640 Schedule - ok
22:56:43.0880 5640 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:56:43.0880 5640 SCPolicySvc - ok
22:56:43.0896 5640 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:56:43.0911 5640 SDRSVC - ok
22:56:43.0989 5640 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:56:43.0989 5640 SeaPort - ok
22:56:44.0005 5640 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:56:44.0005 5640 secdrv - ok
22:56:44.0005 5640 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
22:56:44.0005 5640 seclogon - ok
22:56:44.0021 5640 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
22:56:44.0021 5640 SENS - ok
22:56:44.0036 5640 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:56:44.0036 5640 Serenum - ok
22:56:44.0067 5640 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:56:44.0130 5640 Serial - ok
22:56:44.0177 5640 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:56:44.0208 5640 sermouse - ok
22:56:44.0239 5640 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
22:56:44.0239 5640 SessionEnv - ok
22:56:44.0395 5640 [ 25BF1AD162AA28A787BE59C59760F874 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
22:56:44.0395 5640 SfCtlCom - ok
22:56:44.0411 5640 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:56:44.0411 5640 sffdisk - ok
22:56:44.0426 5640 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:56:44.0426 5640 sffp_mmc - ok
22:56:44.0442 5640 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:56:44.0442 5640 sffp_sd - ok
22:56:44.0457 5640 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:56:44.0457 5640 sfloppy - ok
22:56:44.0489 5640 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:56:44.0489 5640 SharedAccess - ok
22:56:44.0520 5640 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:56:44.0535 5640 ShellHWDetection - ok
22:56:44.0535 5640 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:56:44.0551 5640 SiSRaid2 - ok
22:56:44.0567 5640 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:56:44.0567 5640 SiSRaid4 - ok
22:56:44.0629 5640 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:56:44.0629 5640 SkypeUpdate - ok
22:56:44.0691 5640 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
22:56:44.0707 5640 slsvc - ok
22:56:44.0723 5640 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:56:44.0723 5640 SLUINotify - ok
22:56:44.0738 5640 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:56:44.0738 5640 Smb - ok
22:56:44.0754 5640 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:56:44.0754 5640 SNMPTRAP - ok
22:56:44.0769 5640 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
22:56:44.0769 5640 spldr - ok
22:56:44.0801 5640 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
22:56:44.0801 5640 Spooler - ok
22:56:44.0847 5640 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
22:56:44.0847 5640 srv - ok
22:56:44.0879 5640 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:56:44.0879 5640 srv2 - ok
22:56:44.0910 5640 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:56:44.0910 5640 srvnet - ok
22:56:44.0941 5640 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:56:44.0941 5640 SSDPSRV - ok
22:56:44.0957 5640 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:56:44.0972 5640 SstpSvc - ok
22:56:44.0988 5640 Steam Client Service - ok
22:56:45.0019 5640 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
22:56:45.0019 5640 stisvc - ok
22:56:45.0035 5640 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:56:45.0035 5640 swenum - ok
22:56:45.0050 5640 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
22:56:45.0050 5640 swprv - ok
22:56:45.0066 5640 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:56:45.0066 5640 Symc8xx - ok
22:56:45.0081 5640 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:56:45.0081 5640 Sym_hi - ok
22:56:45.0081 5640 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:56:45.0081 5640 Sym_u3 - ok
22:56:45.0128 5640 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
22:56:45.0128 5640 SysMain - ok
22:56:45.0144 5640 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:56:45.0144 5640 TabletInputService - ok
22:56:45.0175 5640 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:56:45.0175 5640 TapiSrv - ok
22:56:45.0191 5640 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
22:56:45.0191 5640 TBS - ok
22:56:45.0237 5640 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:56:45.0253 5640 Tcpip - ok
22:56:45.0269 5640 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:56:45.0284 5640 Tcpip6 - ok
22:56:45.0300 5640 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:56:45.0300 5640 tcpipreg - ok
22:56:45.0315 5640 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:56:45.0315 5640 TDPIPE - ok
22:56:45.0347 5640 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:56:45.0347 5640 TDTCP - ok
22:56:45.0347 5640 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:56:45.0347 5640 tdx - ok
22:56:45.0378 5640 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:56:45.0378 5640 TermDD - ok
22:56:45.0393 5640 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
22:56:45.0393 5640 TermService - ok
22:56:45.0425 5640 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
22:56:45.0425 5640 Themes - ok
22:56:45.0456 5640 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
22:56:45.0456 5640 THREADORDER - ok
22:56:45.0487 5640 [ 5868DA3C4C678D82BE43B62908265E7E ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
22:56:45.0503 5640 TMBMServer - ok
22:56:45.0518 5640 [ DE4646F17ED18C418A9A92E2E0B422CB ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys
22:56:45.0518 5640 tmlwf - ok
22:56:45.0534 5640 [ EC9D9CD7A5552B3534707CF868D4C382 ] TmPfw C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
22:56:45.0534 5640 TmPfw - ok
22:56:45.0565 5640 [ 9394FD63BEAEA93D82D261B5F3080209 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
22:56:45.0565 5640 tmpreflt - ok
22:56:45.0596 5640 [ F06885E70F0746F082CFC196288B3412 ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
22:56:45.0596 5640 TmProxy - ok
22:56:45.0612 5640 [ C12D4E5E96A8CE0FD6F74F9C43191CFE ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
22:56:45.0612 5640 tmtdi - ok
22:56:45.0627 5640 [ D21C06BAC748FAC933C817E8E312E316 ] tmwfp C:\Windows\system32\DRIVERS\tmwfp.sys
22:56:45.0627 5640 tmwfp - ok
22:56:45.0627 5640 [ 01B58EECC23D54F25A936EBB43A0F1EE ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
22:56:45.0643 5640 tmxpflt - ok
22:56:45.0659 5640 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
22:56:45.0659 5640 TrkWks - ok
22:56:45.0690 5640 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:56:45.0690 5640 TrustedInstaller - ok
22:56:45.0690 5640 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:56:45.0690 5640 tssecsrv - ok
22:56:45.0721 5640 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:56:45.0721 5640 tunmp - ok
22:56:45.0752 5640 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:56:45.0752 5640 tunnel - ok
22:56:45.0768 5640 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:56:45.0768 5640 uagp35 - ok
22:56:45.0783 5640 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:56:45.0799 5640 udfs - ok
22:56:45.0799 5640 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:56:45.0799 5640 UI0Detect - ok
22:56:45.0815 5640 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:56:45.0815 5640 uliagpkx - ok
22:56:45.0830 5640 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:56:45.0846 5640 uliahci - ok
22:56:45.0861 5640 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:56:45.0861 5640 UlSata - ok
22:56:45.0877 5640 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:56:45.0877 5640 ulsata2 - ok
22:56:45.0893 5640 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:56:45.0893 5640 umbus - ok
22:56:45.0908 5640 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
22:56:45.0908 5640 UMPass - ok
22:56:45.0939 5640 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
22:56:45.0939 5640 upnphost - ok
22:56:45.0986 5640 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:56:45.0986 5640 USBAAPL64 - ok
22:56:46.0017 5640 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:56:46.0017 5640 usbaudio - ok
22:56:46.0033 5640 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:56:46.0049 5640 usbccgp - ok
22:56:46.0049 5640 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:56:46.0049 5640 usbcir - ok
22:56:46.0064 5640 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:56:46.0064 5640 usbehci - ok
22:56:46.0080 5640 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:56:46.0080 5640 usbhub - ok
22:56:46.0095 5640 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:56:46.0095 5640 usbohci - ok
22:56:46.0127 5640 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:56:46.0127 5640 usbprint - ok
22:56:46.0142 5640 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:56:46.0142 5640 usbscan - ok
22:56:46.0173 5640 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:56:46.0189 5640 USBSTOR - ok
22:56:46.0189 5640 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:56:46.0189 5640 usbuhci - ok
22:56:46.0220 5640 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
22:56:46.0220 5640 UxSms - ok
22:56:46.0251 5640 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
22:56:46.0251 5640 vds - ok
22:56:46.0267 5640 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:56:46.0267 5640 vga - ok
22:56:46.0267 5640 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:56:46.0267 5640 VgaSave - ok
22:56:46.0283 5640 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
22:56:46.0283 5640 viaide - ok
22:56:46.0298 5640 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:56:46.0298 5640 volmgr - ok
22:56:46.0314 5640 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:56:46.0314 5640 volmgrx - ok
22:56:46.0329 5640 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:56:46.0329 5640 volsnap - ok
22:56:46.0376 5640 [ 69650CBF9D56F3F439989D79727CE4AF ] vsapint C:\Windows\system32\DRIVERS\vsapint.sys
22:56:46.0392 5640 vsapint - ok
22:56:46.0407 5640 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:56:46.0407 5640 vsmraid - ok
22:56:46.0454 5640 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
22:56:46.0470 5640 VSS - ok
22:56:46.0517 5640 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
22:56:46.0517 5640 W32Time - ok
22:56:46.0532 5640 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:56:46.0532 5640 WacomPen - ok
22:56:46.0532 5640 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:56:46.0532 5640 Wanarp - ok
22:56:46.0548 5640 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:56:46.0548 5640 Wanarpv6 - ok
22:56:46.0563 5640 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:56:46.0563 5640 wcncsvc - ok
22:56:46.0579 5640 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:56:46.0595 5640 WcsPlugInService - ok
22:56:46.0610 5640 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
22:56:46.0610 5640 Wd - ok
22:56:46.0657 5640 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:56:46.0657 5640 Wdf01000 - ok
22:56:46.0673 5640 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:56:46.0673 5640 WdiServiceHost - ok
22:56:46.0688 5640 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:56:46.0688 5640 WdiSystemHost - ok
22:56:46.0704 5640 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
22:56:46.0704 5640 WebClient - ok
22:56:46.0735 5640 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:56:46.0751 5640 Wecsvc - ok
22:56:46.0751 5640 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:56:46.0751 5640 wercplsupport - ok
22:56:46.0782 5640 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
22:56:46.0782 5640 WerSvc - ok
22:56:46.0813 5640 WinDefend - ok
22:56:46.0829 5640 WinHttpAutoProxySvc - ok
22:56:46.0860 5640 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:56:46.0860 5640 Winmgmt - ok
22:56:46.0922 5640 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
22:56:46.0953 5640 WinRM - ok
22:56:46.0985 5640 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
22:56:47.0000 5640 WinUSB - ok
22:56:47.0031 5640 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:56:47.0031 5640 Wlansvc - ok
22:56:47.0094 5640 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:56:47.0109 5640 wlidsvc - ok
22:56:47.0141 5640 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:56:47.0141 5640 WmiAcpi - ok
22:56:47.0156 5640 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:56:47.0156 5640 wmiApSrv - ok
22:56:47.0156 5640 WMPNetworkSvc - ok
22:56:47.0203 5640 [ 45DE51DB0950A4B8595520EF0BAFCFF1 ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
22:56:47.0219 5640 WMZuneComm - ok
22:56:47.0234 5640 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:56:47.0234 5640 WPCSvc - ok
22:56:47.0265 5640 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:56:47.0265 5640 WPDBusEnum - ok
22:56:47.0281 5640 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:56:47.0297 5640 WpdUsb - ok
22:56:47.0390 5640 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:56:47.0390 5640 WPFFontCache_v0400 - ok
22:56:47.0421 5640 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:56:47.0421 5640 ws2ifsl - ok
22:56:47.0453 5640 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
22:56:47.0453 5640 wscsvc - ok
22:56:47.0453 5640 WSearch - ok
22:56:47.0515 5640 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:56:47.0531 5640 wuauserv - ok
22:56:47.0546 5640 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:56:47.0546 5640 WudfPf - ok
22:56:47.0562 5640 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:56:47.0562 5640 WUDFRd - ok
22:56:47.0577 5640 [ 3DCC7BF5AFA921B479E622BD999121F3 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:56:47.0577 5640 wudfsvc - ok
22:56:47.0624 5640 [ DA1C23F65EF1894AB5B6FF79D81F544A ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
22:56:47.0640 5640 xnacc - ok
22:56:47.0640 5640 XPADFL02 - ok
22:56:47.0671 5640 [ 47AEA795C67B7440E60D1F7542CB3D38 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:56:47.0671 5640 xusb21 - ok
22:56:47.0811 5640 [ B79C2CE5340A5ECA38CA1F74AA445D2B ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
22:56:47.0936 5640 ZuneNetworkSvc - ok
22:56:47.0967 5640 [ E2859AEA054422FE40517179AE867C2D ] ZuneWlanCfgSvc C:\Windows\system32\ZuneWlanCfgSvc.exe
22:56:47.0967 5640 ZuneWlanCfgSvc - ok
22:56:47.0999 5640 ================ Scan global ===============================
22:56:48.0030 5640 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
22:56:48.0061 5640 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:56:48.0077 5640 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:56:48.0092 5640 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
22:56:48.0108 5640 [Global] - ok
22:56:48.0108 5640 ================ Scan MBR ==================================
22:56:48.0108 5640 [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk0\DR0
22:56:48.0248 5640 \Device\Harddisk0\DR0 - ok
22:56:48.0248 5640 ================ Scan VBR ==================================
22:56:48.0248 5640 [ 517BF6AE9B3FD489DAC53EA93A94AEE8 ] \Device\Harddisk0\DR0\Partition1
22:56:48.0248 5640 \Device\Harddisk0\DR0\Partition1 - ok
22:56:48.0264 5640 [ FBF4C80020EED71E81A0A3D3BCE9B4F3 ] \Device\Harddisk0\DR0\Partition2
22:56:48.0264 5640 \Device\Harddisk0\DR0\Partition2 - ok
22:56:48.0264 5640 ============================================================
22:56:48.0264 5640 Scan finished
22:56:48.0264 5640 ============================================================
22:56:48.0279 5284 Detected object count: 0
22:56:48.0279 5284 Actual detected object count: 0


Here is the report from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-10 22:59:02
-----------------------------
22:59:02.542 OS Version: Windows x64 6.0.6002 Service Pack 2
22:59:02.542 Number of processors: 4 586 0x170A
22:59:02.543 ComputerName: BENCITY UserName: Ben
22:59:05.109 Initialize success
23:03:07.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:03:07.946 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
23:03:07.957 Disk 0 MBR read successfully
23:03:07.959 Disk 0 MBR scan
23:03:07.961 Disk 0 unknown MBR code
23:03:07.963 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 10244 MB offset 63
23:03:07.973 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286165 MB offset 20980890
23:03:07.989 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 418992 MB offset 607048155
23:03:08.011 Disk 0 scanning C:\Windows\system32\drivers
23:03:14.035 Service scanning
23:03:24.657 Modules scanning
23:03:24.663 Disk 0 trace - called modules:
23:03:24.681 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:03:24.684 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008cde790]
23:03:24.688 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa800793e930]
23:03:24.692 5 acpi.sys[fffffa60008c2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800794b060]
23:03:24.696 Scan finished successfully
23:03:33.263 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
23:03:33.267 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 10 September 2012 - 11:38 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 brhbrh

brhbrh
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 September 2012 - 12:11 AM

OTL logfile created on: 9/11/2012 12:02:24 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Ben\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.67 Gb Available Physical Memory | 70.92% Memory free
16.05 Gb Paging File | 13.88 Gb Available in Paging File | 86.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 17.34 Gb Free Space | 6.20% Space Free | Partition Type: NTFS
Drive D: | 409.17 Gb Total Space | 269.97 Gb Free Space | 65.98% Space Free | Partition Type: NTFS

Computer Name: BENCITY | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ben\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Program Files\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe ()
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files\Razer\Arctosa\razertra.exe ()
PRC - C:\Users\Ben\Desktop\Games\Shortcuts\changepaper.exe (RJL Software, Inc.)
PRC - C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK)
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\Program Files\Razer\Arctosa\razertra.exe ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.82\cpuutil.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.82\PowerDll.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (McciCMService64) -- C:\Program Files\Common Files\Motive\McciCMService.exe File not found
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (cbVSCService11) -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (CobianSoft, Luis Cobian)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (BITCOMET_HELPER_SERVICE) -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Device Handle Service) -- C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK)
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (Arctosa) -- C:\Windows\SysNative\drivers\Arctosa.sys (Razer USA Ltd.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (ialm) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()
DRV - (XPADFL02) -- C:\Windows\SysWOW64\drivers\xPADFL02.sys (Compuware Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kotaku.com/
IE - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
IE - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://blog.kotaku.com/"
FF - prefs.js..extensions.enabledAddons: bxdzeqjtnv@bxdzeqjtnv.org:1.0
FF - prefs.js..extensions.enabledAddons: {82BC70E0-FE85-11DA-A899-3A655C103D30}:1.0.3.9
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {82BC70E0-FE85-11DA-A899-3A655C103D30}:1.0.3.8
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.70351: C:\Program Files (x86)\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/14 16:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/14 16:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 18:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/08 18:46:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 18:46:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/08 18:46:39 | 000,000,000 | ---D | M]

[2012/07/19 15:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2012/08/27 15:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions
[2010/04/27 15:08:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/04 13:02:41 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions\add-to-searchbox@maltekraus.de
[1624/02/25 23:39:28 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions\bxdzeqjtnv@bxdzeqjtnv.org.xpi
[2012/08/27 15:58:35 | 000,300,037 | ---- | M] () (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions\jid1-NdFvHAkquJrpvA@jetpack.xpi
[2012/02/07 05:25:45 | 000,086,309 | ---- | M] () (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions\{82BC70E0-FE85-11DA-A899-3A655C103D30}.xpi
[2012/08/25 18:37:55 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2009/08/25 20:14:53 | 000,000,921 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\dictionarycom.xml
[2012/09/05 16:18:52 | 000,002,556 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\gamefaqs.xml
[2010/02/04 13:03:19 | 000,001,121 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\gamerankings.xml
[2009/08/25 20:16:26 | 000,004,868 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\google-images.xml
[2011/07/22 13:57:13 | 000,002,497 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\SearchResults.xml
[2010/07/30 00:19:51 | 000,001,465 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\the-pirate-bay.xml
[2009/08/25 20:14:32 | 000,000,952 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\youtube-video-search.xml
[2012/09/08 18:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/08 18:46:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/09/08 18:46:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/08 18:46:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/07/17 03:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012/06/14 16:11:38 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/03/30 22:38:40 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/30 15:35:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/07/22 13:57:13 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/08/30 15:35:52 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/10 18:07:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arctosa] C:\Program Files\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2913236317-814230174-4002188810-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Random Wallpaper Changer.lnk = C:\Users\Ben\Desktop\Games\Shortcuts\changepaper.exe (RJL Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BEFA00E-8A4C-4393-BA36-E7F11AC1A886}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FB02647-45FD-4B43-B5F5-5B9831FA5700}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ben\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ben\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/11 00:00:08 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/09/10 22:57:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ben\Desktop\aswMBR.exe
[2012/09/10 22:55:55 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ben\Desktop\tdsskiller.exe
[2012/09/10 18:13:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/10 18:13:51 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\temp
[2012/09/10 18:08:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/10 15:35:08 | 004,748,983 | R--- | C] (Swearware) -- C:\Users\Ben\Desktop\ComboFix.exe
[2012/09/09 14:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11
[2012/09/09 13:44:45 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Ben\Desktop\FixTDSS.exe
[2012/09/09 13:12:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/09/09 04:33:11 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Malwarebytes
[2012/09/09 04:32:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/09 04:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/09 04:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/09 04:31:15 | 010,651,816 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ben\Desktop\mbam-setup.exe
[2012/09/09 04:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2012/09/09 01:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/09 01:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/09 01:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/09/09 00:45:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/09 00:45:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/09 00:45:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/09 00:44:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/09 00:44:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/08 18:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/08 16:01:18 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/09/08 16:01:18 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/09/08 16:01:18 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/09/08 15:52:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/08 15:49:39 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ben\Desktop\455.com
[2012/08/30 18:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/08/30 18:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/08/22 22:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/21 21:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/08/21 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/08/17 04:48:31 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/08/17 04:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/15 03:05:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 03:05:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 03:05:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 03:05:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 03:05:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 03:05:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 03:05:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 03:05:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 03:05:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 03:05:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 03:05:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 03:05:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 03:05:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/14 18:27:17 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 18:27:17 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/14 18:27:15 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/13 17:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/11 00:05:51 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 00:05:51 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 00:00:09 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/09/10 23:03:33 | 000,000,512 | ---- | M] () -- C:\Users\Ben\Desktop\MBR.dat
[2012/09/10 22:58:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ben\Desktop\aswMBR.exe
[2012/09/10 22:56:05 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ben\Desktop\tdsskiller.exe
[2012/09/10 18:09:27 | 000,238,724 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/10 18:07:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/10 18:07:14 | 000,238,724 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/10 18:05:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/10 17:23:53 | 000,854,156 | ---- | M] () -- C:\Users\Ben\Desktop\SecurityCheck.exe
[2012/09/10 17:18:15 | 000,223,744 | ---- | M] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/10 17:12:27 | 000,002,736 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\wklnhst.dat
[2012/09/10 16:38:00 | 000,756,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/10 16:38:00 | 000,640,620 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/10 16:38:00 | 000,118,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/10 15:35:18 | 004,748,983 | R--- | M] (Swearware) -- C:\Users\Ben\Desktop\ComboFix.exe
[2012/09/09 14:06:54 | 000,000,000 | ---- | M] () -- C:\Users\Ben\defogger_reenable
[2012/09/09 14:05:45 | 000,050,477 | ---- | M] () -- C:\Users\Ben\Desktop\Defogger.exe
[2012/09/09 13:44:47 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Ben\Desktop\FixTDSS.exe
[2012/09/09 04:32:51 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/09 04:31:52 | 010,651,816 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ben\Desktop\mbam-setup.exe
[2012/09/09 01:28:37 | 000,001,065 | ---- | M] () -- C:\Users\Ben\Desktop\Spybot - Search & Destroy.lnk
[2012/09/09 00:28:42 | 000,026,187 | ---- | M] () -- C:\Users\Ben\.recently-used.xbel
[2012/09/08 15:49:54 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ben\Desktop\455.com
[2012/09/06 06:05:37 | 000,001,356 | ---- | M] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2012/09/05 03:27:16 | 000,447,340 | ---- | M] () -- C:\Users\Ben\Desktop\magic timeline.xcf
[2012/09/02 17:46:53 | 000,000,854 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Random Wallpaper Changer.lnk
[2012/08/28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/08/28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/08/28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/08/28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/08/25 18:26:48 | 000,000,475 | ---- | M] () -- C:\Users\Ben\Desktop\Album Battle - Shortcut.lnk
[2012/08/22 22:51:17 | 000,001,969 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/21 21:11:49 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/21 21:11:49 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 03:24:25 | 002,933,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/10 23:03:33 | 000,000,512 | ---- | C] () -- C:\Users\Ben\Desktop\MBR.dat
[2012/09/10 17:23:53 | 000,854,156 | ---- | C] () -- C:\Users\Ben\Desktop\SecurityCheck.exe
[2012/09/09 14:06:54 | 000,000,000 | ---- | C] () -- C:\Users\Ben\defogger_reenable
[2012/09/09 14:05:44 | 000,050,477 | ---- | C] () -- C:\Users\Ben\Desktop\Defogger.exe
[2012/09/09 04:32:51 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/09 01:28:37 | 000,001,065 | ---- | C] () -- C:\Users\Ben\Desktop\Spybot - Search & Destroy.lnk
[2012/09/09 00:45:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/09 00:45:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/09 00:45:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/09 00:45:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/09 00:45:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/09 00:28:42 | 000,026,187 | ---- | C] () -- C:\Users\Ben\.recently-used.xbel
[2012/09/04 23:54:42 | 000,447,340 | ---- | C] () -- C:\Users\Ben\Desktop\magic timeline.xcf
[2012/08/25 18:26:48 | 000,000,475 | ---- | C] () -- C:\Users\Ben\Desktop\Album Battle - Shortcut.lnk
[2012/08/21 21:11:51 | 000,001,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/11 15:01:23 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012/06/14 16:09:16 | 000,000,732 | ---- | C] () -- C:\Users\Ben\AppData\Local\d3d9caps64.dat
[2012/03/30 22:38:44 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/22 06:07:57 | 000,001,356 | ---- | C] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2011/12/21 06:38:11 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/20 06:32:30 | 000,751,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/23 17:12:23 | 001,887,939 | ---- | C] () -- C:\Users\Ben\drawer.jpg
[2011/01/23 16:44:05 | 013,159,883 | ---- | C] () -- C:\Users\Ben\drawer.xcf
[2011/01/23 15:49:54 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/02 19:27:41 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini
[2010/09/14 05:13:18 | 000,000,530 | ---- | C] () -- C:\Users\Ben\xbox.xpadderprofile
[2010/09/14 04:59:56 | 000,592,183 | ---- | C] () -- C:\Users\Ben\My MadCatz GamePad (Controller).xpaddercontroller
[2010/08/24 04:25:24 | 000,015,364 | -H-- | C] () -- C:\Users\Ben\.DS_Store
[2010/04/03 22:52:53 | 000,011,028 | ---- | C] () -- C:\Users\Ben\dbh.jpg
[2010/03/01 03:19:53 | 000,030,366 | ---- | C] () -- C:\Users\Ben\title page.jpg
[2009/08/31 01:56:18 | 000,002,736 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\wklnhst.dat
[2009/08/04 00:38:51 | 000,223,744 | ---- | C] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/15 18:50:21 | 000,238,724 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/15 18:50:20 | 000,238,724 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 11 September 2012 - 07:14 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2913236317-814230174-4002188810-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8  
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&q={searchTerms}
    [1624/02/25 23:39:28 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions\bxdzeqjtnv@bxdzeqjtnv.org.xpi
    [2011/07/22 13:57:13 | 000,002,497 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\SearchResults.xml
    [2012/03/30 22:38:40 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2011/07/22 13:57:13 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 brhbrh

brhbrh
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 September 2012 - 01:18 PM

Hello

After running the script I haven't experienced any redirects. I tested multiple searches using both Firefox and IE, and I tested Google, Yahoo, and Bing on both of them. There were no redirects. Everything seemed like it was back in normal working order.

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2913236317-814230174-4002188810-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2913236317-814230174-4002188810-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\extensions\bxdzeqjtnv@bxdzeqjtnv.org.xpi moved successfully.
C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\searchplugins\SearchResults.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ben\Desktop\cmd.bat deleted successfully.
C:\Users\Ben\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Ben
->Java cache emptied: 22250279 bytes

User: Default

User: Default User

User: Mcx1

User: Public

Total Java Files Cleaned = 21.00 mb


[EMPTYFLASH]

User: All Users

User: Ben
->Flash cache emptied: 72389 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.3 log created on 09112012_130239

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 11 September 2012 - 03:10 PM

Hello

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 brhbrh

brhbrh
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 September 2012 - 03:32 PM

# AdwCleaner v2.001 - Logfile created 09/11/2012 at 15:28:05
# Updated 09/09/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Ben - BENCITY
# Boot Mode : Normal
# Running from : C:\Users\Ben\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\Users\Ben\AppData\LocalLow\searchquband
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\prefs.js

C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110806");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "06293fc60000000000000025d3142a17");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "06293fc60000000000000025d3142a17");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15430");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:38:42");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[S1].txt - [2980 octets] - [11/09/2012 15:28:05]

########## EOF - C:\AdwCleaner[S1].txt - [3040 octets] ##########

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 11 September 2012 - 04:05 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 brhbrh

brhbrh
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 September 2012 - 06:15 PM

I still haven't experienced any redirects today. It seems that everything is continuing to run normal. I don't think this was a problem, but when I dragged CFSript.txt into Combofix, a message box popped up informing there was a new version of Combofix and asking me to update. I clicked Yes, and after that the program ran normally.

ComboFix 12-09-11.02 - Ben 09/11/2012 16:24:33.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6437 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\CFScript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\bitsadmin.exe . . . is infected!!
.
c:\windows\SysWOW64\bitsadmin.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))))
.
.
2012-09-11 21:42 . 2012-09-11 21:50 -------- d-----w- c:\users\Ben\AppData\Local\temp
2012-09-11 21:42 . 2012-09-11 21:42 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-09-11 21:42 . 2012-09-11 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-11 18:02 . 2012-09-11 18:02 -------- d-----w- C:\_OTL
2012-09-09 19:38 . 2012-09-09 19:38 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-09-09 09:33 . 2012-09-09 09:33 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2012-09-09 09:32 . 2012-09-09 09:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-09 09:32 . 2012-09-09 09:32 -------- d-----w- c:\programdata\Malwarebytes
2012-09-09 09:32 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-09 09:06 . 2012-09-09 09:06 -------- d-----w- c:\programdata\Motive
2012-09-09 06:28 . 2012-09-09 06:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-09 06:28 . 2012-09-09 06:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-08 20:52 . 2012-09-08 20:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-30 23:34 . 2012-08-30 23:34 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-22 02:11 . 2012-08-22 02:11 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-22 02:11 . 2012-08-23 03:51 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-08-17 09:48 . 2012-08-29 01:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-17 09:47 . 2012-08-17 09:47 -------- d-----w- c:\programdata\McAfee
2012-08-15 08:04 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:27 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 23:27 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-14 23:27 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-08-13 22:43 . 2012-08-13 22:43 -------- d-----w- c:\program files (x86)\Microsoft XNA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 01:24 . 2010-05-12 19:54 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-22 02:11 . 2012-03-30 23:24 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 02:11 . 2011-06-14 19:00 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 08:00 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-06-14 21:11 . 2011-12-16 17:23 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-14 21:11 . 2011-12-16 17:23 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-09_06.06.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-09-11 20:31 68916 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-09-11 20:31 92076 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-02 04:17 . 2012-09-11 20:31 19372 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2913236317-814230174-4002188810-1000_UserData.bin
+ 2012-09-11 21:43 . 2012-09-11 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 06:05 . 2012-09-09 06:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 06:05 . 2012-09-09 06:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-11 21:43 . 2012-09-11 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2012-09-10 21:38 640620 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-09-06 08:17 640620 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-09-10 21:38 118872 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-09-06 08:17 118872 c:\windows\system32\perfc009.dat
+ 2010-05-13 09:42 . 2012-09-11 21:42 411220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-13 09:42 . 2012-09-09 06:04 411220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-05-13 09:42 . 2012-09-11 21:43 3432928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2913236317-814230174-4002188810-1000-8192.dat
+ 2011-05-20 06:27 . 2012-09-11 18:23 14353039 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2913236317-814230174-4002188810-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-07 1353080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files\ASUS\AI Manager\AsShellApplication.exe" [2009-02-19 225280]
"Arctosa"="c:\program files\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\MpcStar\Codecs\QuickTime\QTTask.exe" [2012-04-19 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-14 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Random Wallpaper Changer.lnk - c:\users\Ben\Desktop\Games\Shortcuts\changepaper.exe [2011-11-1 399360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-2-12 394856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-03 6975520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 16247840]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-16 989432]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://kotaku.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\oqe2j3ft.default\
FF - prefs.js: browser.startup.homepage - hxxp://blog.kotaku.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Episode 205 - What's New, Beelzebub? - c:\program files (x86)\Telltale Games\Sam and Max - Season Two\Uninstall Episode 205 - What's New
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2913236317-814230174-4002188810-1000\Software\SecuROM\License information*]
"datasecu"=hex:ff,96,37,74,44,e4,4f,89,6d,8a,18,45,64,08,c4,b6,7f,63,0f,c8,76,
41,0f,3e,69,5e,85,d2,a1,7a,5a,06,14,07,c5,c9,ac,d3,87,ed,bc,90,f7,bc,f3,f2,\
"rkeysecu"=hex:87,92,01,b5,85,7c,cd,ea,54,04,9b,92,6c,cc,51,85
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\AsHookDevice.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files\Razer\Arctosa\razertra.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-09-11 16:55:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-11 21:55
ComboFix2.txt 2012-09-10 23:13
ComboFix3.txt 2012-09-09 06:13
.
Pre-Run: 17,671,159,808 bytes free
Post-Run: 17,504,632,832 bytes free
.
- - End Of File - - CDBF42EBF038B10437488DE808FCAD66

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 11 September 2012 - 08:46 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.3.1
BitComet 1.29
Java™ 6 Update 20
Java™ 6 Update 35
jZip
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 brhbrh

brhbrh
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 13 September 2012 - 01:35 PM

My computer is still running well. I have not experienced any new redirects. When I ran MBAM, I could not find a "Show Results" option. Once the scan was finished it said that no Malware had been detected and opened straight up to the log.

MBAM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ben :: BENCITY [administrator]

9/13/2012 1:17:03 PM
mbam-log-2012-09-13 (13-17-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224140
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijack This


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:28:23 PM, on 9/13/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Users\Ben\Desktop\Games\Shortcuts\changepaper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files\Razer\Arctosa\razerhid.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Arctosa\razertra.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Ben\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kotaku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [Arctosa] "C:\Program Files\Razer\Arctosa\razerhid.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Random Wallpaper Changer.lnk = Ben\Desktop\Games\Shortcuts\changepaper.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Device Handle Service - ASUSTeK - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: McciCMService64 - Unknown owner - C:\Program Files\Common Files\Motive\McciCMService.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 11193 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users