Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Brower Keeps Redirecting to Random Webpages


  • This topic is locked This topic is locked
14 replies to this topic

#1 John Basedow

John Basedow

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 21 September 2012 - 12:02 PM

Hi. Im running Windows Vista Home Premium (64-bit). Whenever I try to do an internet search, I get sent to random pages like scour.com. I updated SUPER Anti-Spyware, Malwarebytes Anti-Malware, Avast Antivirus. I've done a boot time scan with Avast. I ran both Malwarebytes and SUPER Anti-Spyware while in safe mode and came up witha bunch of infected files. I reran the scans but it says I have no infections, yet Im still getting redirected.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Mary Grace at 9:46:19 on 2012-09-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.1679 [GMT -4:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Mary Grace\AppData\Local\Akamai\netsession_win.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Users\Mary Grace\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Mary Grace\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=113543&tt=2912_2&babsrc=HP_ss&mntrId=909362110000000000000021706f215b
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081122
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081122
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uInternet Settings,ProxyServer = http=127.0.0.1:62424
uURLSearchHooks: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Mary Grace\AppData\Local\Akamai\netsession_win.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\Users\MARYGR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mary Grace\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AB42FE40-B1CA-4DBF-9871-B6B6A58BB9C7} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mary Grace\AppData\Roaming\Mozilla\Firefox\Profiles\i1v9gszp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - component: C:\Users\Mary Grace\AppData\Roaming\Mozilla\Firefox\Profiles\i1v9gszp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Mary Grace\AppData\Roaming\Mozilla\Firefox\Profiles\i1v9gszp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, a2f9700b-3f2d-4939-b3f4-97bd72a2d28c
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113543&tt=2912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 909362110000000000000021706f215b
FF - user.js: extensions.BabylonToolbar_i.hardId - 909362110000000000000021706f215b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:03:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-23 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-4-23 134920]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys --> C:\Windows\system32\DRIVERS\livecamv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9bb9e70fc0eea;Google Update Service (gupdate1c9bb9e70fc0eea);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-12 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 250288]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-12 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 114144]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-21 11:16:50 -------- d-----w- C:\Users\Mary Grace\AppData\Roaming\SUPERAntiSpyware.com
2012-09-21 11:16:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-20 01:20:08 -------- d-----w- C:\Users\Mary Grace\AppData\Local\blekkotb_001
2012-09-18 18:00:28 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F4BB169-B737-4AB0-84FF-DFF8381E122F}\mpengine.dll
2012-09-03 19:55:16 -------- d-s---w- C:\Users\Mary Grace\Google Drive
.
==================== Find3M ====================
.
2012-09-20 20:11:58 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 20:11:58 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:47:14.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 22 September 2012 - 10:41 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 John Basedow

John Basedow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 25 September 2012 - 11:51 AM

It never asked me if I wanted to use Avast for scanning. I tried to do a C:/ scan but the computer kept restarting. It would only allow me to perform a quick scan:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-25 11:59:22
-----------------------------
11:59:22.137 OS Version: Windows x64 6.0.6002 Service Pack 2
11:59:22.137 Number of processors: 4 586 0xF0B
11:59:22.137 ComputerName: MARYGRACE-PC UserName: Mary Grace
11:59:24.399 Initialize success
11:59:24.508 AVAST engine defs: 12080301
11:59:36.428 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:59:36.428 Disk 0 Vendor: ST3750630AS DE12 Size: 715404MB BusType: 3
11:59:36.475 Disk 0 MBR read successfully
11:59:36.475 Disk 0 MBR scan
11:59:36.475 Disk 0 Windows VISTA default MBR code
11:59:36.475 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
11:59:36.506 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 112640
11:59:36.522 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 699988 MB offset 31569920
11:59:36.616 Disk 0 scanning C:\Windows\system32\drivers
12:00:03.842 Service scanning
12:00:18.633 Modules scanning
12:00:18.633 Disk 0 trace - called modules:
12:00:18.680 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
12:00:18.695 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005a451b0]
12:00:18.695 3 CLASSPNP.SYS[fffffa6000dc9c33] -> nt!IofCallDriver -> [0xfffffa800492f930]
12:00:18.695 5 acpi.sys[fffffa60008fefde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800493c940]
12:00:20.474 AVAST engine scan C:\Windows
12:00:57.764 AVAST engine scan C:\Windows\system32
12:03:28.888 AVAST engine scan C:\Windows\system32\drivers
12:04:00.371 AVAST engine scan C:\Users\Mary Grace
12:28:28.590 AVAST engine scan C:\ProgramData
12:31:17.064 Scan finished successfully
12:47:59.234 Disk 0 MBR has been saved successfully to "C:\Users\Mary Grace\Desktop\MBR.dat"
12:47:59.249 The log file has been saved successfully to "C:\Users\Mary Grace\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 25 September 2012 - 01:37 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 John Basedow

John Basedow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 25 September 2012 - 04:56 PM

17:25:40.0270 4760 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:25:40.0645 4760 ============================================================
17:25:40.0645 4760 Current date / time: 2012/09/25 17:25:40.0645
17:25:40.0645 4760 SystemInfo:
17:25:40.0645 4760
17:25:40.0645 4760 OS Version: 6.0.6002 ServicePack: 2.0
17:25:40.0645 4760 Product type: Workstation
17:25:40.0645 4760 ComputerName: MARYGRACE-PC
17:25:40.0645 4760 UserName: Mary Grace
17:25:40.0645 4760 Windows directory: C:\Windows
17:25:40.0645 4760 System windows directory: C:\Windows
17:25:40.0645 4760 Running under WOW64
17:25:40.0645 4760 Processor architecture: Intel x64
17:25:40.0645 4760 Number of processors: 4
17:25:40.0645 4760 Page size: 0x1000
17:25:40.0645 4760 Boot type: Normal boot
17:25:40.0645 4760 ============================================================
17:25:42.0641 4760 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:42.0735 4760 ============================================================
17:25:42.0735 4760 \Device\Harddisk0\DR0:
17:25:42.0735 4760 MBR partitions:
17:25:42.0735 4760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
17:25:42.0735 4760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x5572A000
17:25:42.0735 4760 ============================================================
17:25:42.0766 4760 C: <-> \Device\Harddisk0\DR0\Partition2
17:25:42.0797 4760 D: <-> \Device\Harddisk0\DR0\Partition1
17:25:42.0797 4760 ============================================================
17:25:42.0797 4760 Initialize success
17:25:42.0797 4760 ============================================================
17:26:27.0133 5020 ============================================================
17:26:27.0133 5020 Scan started
17:26:27.0133 5020 Mode: Manual; TDLFS;
17:26:27.0133 5020 ============================================================
17:26:27.0630 5020 ================ Scan system memory ========================
17:26:27.0630 5020 System memory - ok
17:26:27.0630 5020 ================ Scan services =============================
17:26:27.0710 5020 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:26:27.0710 5020 !SASCORE - ok
17:26:27.0860 5020 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:26:27.0870 5020 ACPI - ok
17:26:27.0890 5020 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
17:26:27.0900 5020 adfs - ok
17:26:28.0050 5020 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:26:28.0050 5020 AdobeARMservice - ok
17:26:28.0200 5020 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:26:28.0200 5020 AdobeFlashPlayerUpdateSvc - ok
17:26:28.0250 5020 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:26:28.0340 5020 adp94xx - ok
17:26:28.0370 5020 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:26:28.0380 5020 adpahci - ok
17:26:28.0400 5020 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:26:28.0400 5020 adpu160m - ok
17:26:28.0420 5020 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:26:28.0420 5020 adpu320 - ok
17:26:28.0490 5020 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:26:28.0490 5020 AeLookupSvc - ok
17:26:28.0530 5020 [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters C:\Windows\system32\AERTSr64.exe
17:26:28.0530 5020 AERTFilters - ok
17:26:28.0610 5020 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:26:28.0610 5020 AFD - ok
17:26:28.0630 5020 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:26:28.0630 5020 agp440 - ok
17:26:28.0650 5020 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:26:28.0650 5020 aic78xx - ok
17:26:28.0780 5020 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
17:26:28.0780 5020 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
17:26:28.0781 5020 Akamai ( HiddenFile.Multi.Generic ) - warning
17:26:28.0781 5020 Akamai - detected HiddenFile.Multi.Generic (1)
17:26:28.0787 5020 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:26:28.0790 5020 ALG - ok
17:26:28.0801 5020 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
17:26:28.0803 5020 aliide - ok
17:26:28.0830 5020 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
17:26:28.0830 5020 amdide - ok
17:26:28.0841 5020 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:26:28.0843 5020 AmdK8 - ok
17:26:28.0857 5020 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:26:28.0858 5020 Appinfo - ok
17:26:28.0915 5020 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:26:28.0916 5020 Apple Mobile Device - ok
17:26:29.0032 5020 [ 52AD9ED5BD05E7801AF5EFD99652C74F ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
17:26:29.0038 5020 Application Updater - ok
17:26:29.0062 5020 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:26:29.0072 5020 arc - ok
17:26:29.0088 5020 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:26:29.0091 5020 arcsas - ok
17:26:29.0114 5020 [ B9DA213B5271DB5FCE962D827E6D620D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:26:29.0116 5020 aswFsBlk - ok
17:26:29.0165 5020 [ FFE56AC75A257141561DAF42C3F7D16B ] aswFW C:\Windows\system32\drivers\aswFW.sys
17:26:29.0168 5020 aswFW - ok
17:26:29.0225 5020 [ 316271CC32FDFFFCDB30677684906D5E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
17:26:29.0227 5020 aswKbd - ok
17:26:29.0292 5020 [ 21C9835D0E5AD2FF0F16134BCB32CC71 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:26:29.0295 5020 aswMonFlt - ok
17:26:29.0306 5020 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
17:26:29.0306 5020 aswNdis - ok
17:26:29.0346 5020 [ 36DBCB80E0AF1DC228F495FAF00A4BC8 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
17:26:29.0351 5020 aswNdis2 - ok
17:26:29.0367 5020 [ EE1E8FEA9D6DFE066ABA3A8EA455A1F2 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
17:26:29.0368 5020 aswRdr - ok
17:26:29.0449 5020 [ 6E98BB288696777A3A8A07A52B0EAEE9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:26:29.0466 5020 aswSnx - ok
17:26:29.0488 5020 [ D9FB49F16E4EB02EFECAE8CBFE4BCB4C ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:26:29.0494 5020 aswSP - ok
17:26:29.0506 5020 [ 7352BB9A564B94BBD7C9CBF165F55006 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:26:29.0508 5020 aswTdi - ok
17:26:29.0526 5020 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:26:29.0531 5020 AsyncMac - ok
17:26:29.0567 5020 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:26:29.0568 5020 atapi - ok
17:26:29.0607 5020 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:26:29.0611 5020 AudioEndpointBuilder - ok
17:26:29.0640 5020 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:26:29.0644 5020 AudioSrv - ok
17:26:29.0690 5020 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:26:29.0691 5020 avast! Antivirus - ok
17:26:29.0718 5020 [ 7D465549DFB0ECA6601E9609C72CD20A ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
17:26:29.0720 5020 avast! Firewall - ok
17:26:29.0759 5020 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
17:26:29.0768 5020 BFE - ok
17:26:29.0844 5020 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
17:26:29.0856 5020 BITS - ok
17:26:29.0868 5020 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:26:29.0870 5020 blbdrive - ok
17:26:29.0943 5020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:26:29.0951 5020 Bonjour Service - ok
17:26:29.0997 5020 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:26:30.0001 5020 bowser - ok
17:26:30.0019 5020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:26:30.0021 5020 BrFiltLo - ok
17:26:30.0035 5020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:26:30.0035 5020 BrFiltUp - ok
17:26:30.0069 5020 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:26:30.0072 5020 Browser - ok
17:26:30.0092 5020 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:26:30.0095 5020 Brserid - ok
17:26:30.0110 5020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:26:30.0112 5020 BrSerWdm - ok
17:26:30.0125 5020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:26:30.0125 5020 BrUsbMdm - ok
17:26:30.0138 5020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:26:30.0139 5020 BrUsbSer - ok
17:26:30.0152 5020 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:26:30.0153 5020 BTHMODEM - ok
17:26:30.0222 5020 [ 6C2DD66A3DB32450D661BA89B18B1941 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
17:26:30.0231 5020 CAXHWBS2 - ok
17:26:30.0247 5020 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:26:30.0249 5020 cdfs - ok
17:26:30.0285 5020 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:26:30.0287 5020 cdrom - ok
17:26:30.0308 5020 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:26:30.0311 5020 CertPropSvc - ok
17:26:30.0325 5020 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
17:26:30.0327 5020 circlass - ok
17:26:30.0355 5020 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:26:30.0363 5020 CLFS - ok
17:26:30.0427 5020 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:30.0430 5020 clr_optimization_v2.0.50727_32 - ok
17:26:30.0481 5020 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:26:30.0485 5020 clr_optimization_v2.0.50727_64 - ok
17:26:30.0554 5020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:30.0559 5020 clr_optimization_v4.0.30319_32 - ok
17:26:30.0624 5020 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:26:30.0628 5020 clr_optimization_v4.0.30319_64 - ok
17:26:30.0645 5020 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:26:30.0647 5020 cmdide - ok
17:26:30.0661 5020 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:26:30.0663 5020 Compbatt - ok
17:26:30.0681 5020 COMSysApp - ok
17:26:30.0688 5020 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:26:30.0689 5020 crcdisk - ok
17:26:30.0733 5020 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:26:30.0737 5020 CryptSvc - ok
17:26:30.0778 5020 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:26:30.0787 5020 DcomLaunch - ok
17:26:30.0820 5020 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:26:30.0823 5020 DfsC - ok
17:26:30.0919 5020 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:26:30.0974 5020 DFSR - ok
17:26:31.0004 5020 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:26:31.0014 5020 Dhcp - ok
17:26:31.0044 5020 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:26:31.0044 5020 disk - ok
17:26:31.0104 5020 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:26:31.0104 5020 Dnscache - ok
17:26:31.0134 5020 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:26:31.0144 5020 dot3svc - ok
17:26:31.0164 5020 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:26:31.0174 5020 Dot4 - ok
17:26:31.0184 5020 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:26:31.0184 5020 Dot4Print - ok
17:26:31.0194 5020 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:26:31.0194 5020 dot4usb - ok
17:26:31.0224 5020 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:26:31.0234 5020 DPS - ok
17:26:31.0254 5020 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:26:31.0254 5020 drmkaud - ok
17:26:31.0304 5020 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:26:31.0334 5020 DXGKrnl - ok
17:26:31.0374 5020 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
17:26:31.0374 5020 e1express - ok
17:26:31.0404 5020 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:26:31.0404 5020 E1G60 - ok
17:26:31.0444 5020 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:26:31.0454 5020 EapHost - ok
17:26:31.0474 5020 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:26:31.0474 5020 Ecache - ok
17:26:31.0534 5020 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:26:31.0594 5020 ehRecvr - ok
17:26:31.0604 5020 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:26:31.0604 5020 ehSched - ok
17:26:31.0664 5020 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:26:31.0664 5020 ehstart - ok
17:26:31.0694 5020 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:26:31.0694 5020 elxstor - ok
17:26:31.0724 5020 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:26:31.0724 5020 EMDMgmt - ok
17:26:31.0744 5020 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:26:31.0744 5020 ErrDev - ok
17:26:31.0774 5020 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:26:31.0784 5020 EventSystem - ok
17:26:31.0804 5020 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:26:31.0814 5020 exfat - ok
17:26:31.0824 5020 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:26:31.0834 5020 fastfat - ok
17:26:31.0854 5020 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:26:31.0854 5020 fdc - ok
17:26:31.0874 5020 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:26:31.0874 5020 fdPHost - ok
17:26:31.0884 5020 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:26:31.0884 5020 FDResPub - ok
17:26:31.0904 5020 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:26:31.0904 5020 FileInfo - ok
17:26:31.0924 5020 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:26:31.0924 5020 Filetrace - ok
17:26:31.0944 5020 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:26:31.0944 5020 flpydisk - ok
17:26:32.0004 5020 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:26:32.0014 5020 FltMgr - ok
17:26:32.0164 5020 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
17:26:32.0184 5020 FontCache - ok
17:26:32.0234 5020 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:32.0244 5020 FontCache3.0.0.0 - ok
17:26:32.0254 5020 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:26:32.0254 5020 Fs_Rec - ok
17:26:32.0274 5020 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:26:32.0274 5020 gagp30kx - ok
17:26:32.0294 5020 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:26:32.0294 5020 GEARAspiWDM - ok
17:26:32.0324 5020 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:26:32.0344 5020 gpsvc - ok
17:26:32.0394 5020 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9bb9e70fc0eea C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:32.0394 5020 gupdate1c9bb9e70fc0eea - ok
17:26:32.0434 5020 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:32.0444 5020 gupdatem - ok
17:26:32.0524 5020 [ 98405343D7DCD330FE1B08C8F4C3900C ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
17:26:32.0554 5020 HCW85BDA - ok
17:26:32.0614 5020 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:26:32.0634 5020 HDAudBus - ok
17:26:32.0654 5020 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:26:32.0654 5020 HidBth - ok
17:26:32.0684 5020 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:26:32.0684 5020 HidIr - ok
17:26:32.0714 5020 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
17:26:32.0724 5020 hidserv - ok
17:26:32.0734 5020 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:26:32.0734 5020 HidUsb - ok
17:26:32.0764 5020 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:26:32.0764 5020 hkmsvc - ok
17:26:32.0784 5020 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:26:32.0784 5020 HpCISSs - ok
17:26:32.0815 5020 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:26:32.0822 5020 hpqcxs08 - ok
17:26:32.0852 5020 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:26:32.0856 5020 hpqddsvc - ok
17:26:32.0924 5020 [ 60F1D0EDE7AE2B92B3A8886E825B7147 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
17:26:32.0957 5020 HSF_DPV - ok
17:26:33.0019 5020 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:26:33.0036 5020 HTTP - ok
17:26:33.0047 5020 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:26:33.0049 5020 i2omp - ok
17:26:33.0062 5020 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:33.0064 5020 i8042prt - ok
17:26:33.0144 5020 [ 07FB761600EFF44AF02C35B8B57E5863 ] iaStor C:\Windows\system32\drivers\iastor.sys
17:26:33.0151 5020 iaStor - ok
17:26:33.0176 5020 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:26:33.0183 5020 iaStorV - ok
17:26:33.0253 5020 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:26:33.0256 5020 IDriverT - ok
17:26:33.0328 5020 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:33.0353 5020 idsvc - ok
17:26:33.0570 5020 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:26:33.0752 5020 igfx - ok
17:26:33.0774 5020 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:26:33.0776 5020 iirsp - ok
17:26:33.0801 5020 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:26:33.0806 5020 IKEEXT - ok
17:26:33.0853 5020 [ 0DD17D4B59D0EC40E3C86A505BB0B6DD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:26:33.0887 5020 IntcAzAudAddService - ok
17:26:33.0903 5020 [ BD37227C07179B1040A8896B9C0C146B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
17:26:33.0907 5020 IntcHdmiAddService - ok
17:26:33.0930 5020 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:26:33.0932 5020 intelide - ok
17:26:33.0974 5020 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:26:33.0974 5020 intelppm - ok
17:26:33.0989 5020 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:26:34.0020 5020 IPBusEnum - ok
17:26:34.0052 5020 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:34.0052 5020 IpFilterDriver - ok
17:26:34.0098 5020 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:26:34.0098 5020 iphlpsvc - ok
17:26:34.0098 5020 IpInIp - ok
17:26:34.0130 5020 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:26:34.0130 5020 IPMIDRV - ok
17:26:34.0145 5020 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:26:34.0145 5020 IPNAT - ok
17:26:34.0223 5020 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:26:34.0239 5020 iPod Service - ok
17:26:34.0254 5020 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:26:34.0254 5020 IRENUM - ok
17:26:34.0270 5020 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:26:34.0270 5020 isapnp - ok
17:26:34.0301 5020 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:26:34.0301 5020 iScsiPrt - ok
17:26:34.0317 5020 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:26:34.0317 5020 iteatapi - ok
17:26:34.0332 5020 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:26:34.0332 5020 iteraid - ok
17:26:34.0348 5020 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:34.0348 5020 kbdclass - ok
17:26:34.0426 5020 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:26:34.0426 5020 kbdhid - ok
17:26:34.0457 5020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:26:34.0457 5020 KeyIso - ok
17:26:34.0504 5020 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:26:34.0520 5020 KSecDD - ok
17:26:34.0551 5020 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:26:34.0613 5020 ksthunk - ok
17:26:34.0691 5020 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:26:34.0707 5020 KtmRm - ok
17:26:34.0738 5020 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:26:34.0738 5020 LanmanServer - ok
17:26:34.0769 5020 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:26:34.0785 5020 LanmanWorkstation - ok
17:26:34.0800 5020 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:26:34.0800 5020 lltdio - ok
17:26:34.0847 5020 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:26:34.0847 5020 lltdsvc - ok
17:26:34.0863 5020 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:26:34.0863 5020 lmhosts - ok
17:26:34.0894 5020 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:26:34.0894 5020 LSI_FC - ok
17:26:34.0910 5020 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:26:34.0910 5020 LSI_SAS - ok
17:26:34.0925 5020 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:26:34.0925 5020 LSI_SCSI - ok
17:26:34.0941 5020 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:26:34.0941 5020 luafv - ok
17:26:34.0956 5020 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:26:34.0956 5020 Mcx2Svc - ok
17:26:34.0988 5020 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:26:34.0988 5020 mdmxsdk - ok
17:26:35.0003 5020 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:26:35.0034 5020 megasas - ok
17:26:35.0050 5020 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:26:35.0066 5020 MegaSR - ok
17:26:35.0112 5020 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:26:35.0128 5020 Microsoft Office Groove Audit Service - ok
17:26:35.0144 5020 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:26:35.0144 5020 MMCSS - ok
17:26:35.0159 5020 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:26:35.0159 5020 Modem - ok
17:26:35.0175 5020 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:26:35.0175 5020 monitor - ok
17:26:35.0190 5020 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:26:35.0190 5020 mouclass - ok
17:26:35.0190 5020 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:26:35.0190 5020 mouhid - ok
17:26:35.0222 5020 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:26:35.0222 5020 MountMgr - ok
17:26:35.0268 5020 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:26:35.0284 5020 MozillaMaintenance - ok
17:26:35.0284 5020 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:26:35.0300 5020 mpio - ok
17:26:35.0315 5020 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:26:35.0315 5020 mpsdrv - ok
17:26:35.0346 5020 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
17:26:35.0362 5020 MpsSvc - ok
17:26:35.0393 5020 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:26:35.0393 5020 Mraid35x - ok
17:26:35.0424 5020 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:26:35.0440 5020 MRxDAV - ok
17:26:35.0471 5020 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:35.0471 5020 mrxsmb - ok
17:26:35.0502 5020 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:35.0502 5020 mrxsmb10 - ok
17:26:35.0518 5020 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:35.0518 5020 mrxsmb20 - ok
17:26:35.0534 5020 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
17:26:35.0549 5020 msahci - ok
17:26:35.0565 5020 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:26:35.0612 5020 msdsm - ok
17:26:35.0627 5020 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:26:35.0627 5020 MSDTC - ok
17:26:35.0674 5020 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:26:35.0674 5020 Msfs - ok
17:26:35.0674 5020 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:26:35.0674 5020 msisadrv - ok
17:26:35.0721 5020 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:26:35.0721 5020 MSiSCSI - ok
17:26:35.0721 5020 msiserver - ok
17:26:35.0736 5020 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:26:35.0736 5020 MSKSSRV - ok
17:26:35.0768 5020 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:35.0768 5020 MSPCLOCK - ok
17:26:35.0783 5020 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:26:35.0783 5020 MSPQM - ok
17:26:35.0814 5020 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:26:35.0814 5020 MsRPC - ok
17:26:35.0830 5020 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:26:35.0830 5020 mssmbios - ok
17:26:35.0846 5020 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:26:35.0846 5020 MSTEE - ok
17:26:35.0877 5020 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:26:35.0877 5020 Mup - ok
17:26:35.0908 5020 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:26:35.0924 5020 napagent - ok
17:26:35.0955 5020 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:26:35.0955 5020 NativeWifiP - ok
17:26:35.0970 5020 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:26:35.0986 5020 NDIS - ok
17:26:36.0002 5020 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:36.0017 5020 NdisTapi - ok
17:26:36.0033 5020 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:36.0033 5020 Ndisuio - ok
17:26:36.0064 5020 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:36.0064 5020 NdisWan - ok
17:26:36.0080 5020 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:26:36.0080 5020 NDProxy - ok
17:26:36.0173 5020 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:26:36.0173 5020 Net Driver HPZ12 - ok
17:26:36.0189 5020 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:26:36.0189 5020 NetBIOS - ok
17:26:36.0236 5020 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:26:36.0251 5020 netbt - ok
17:26:36.0251 5020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:26:36.0251 5020 Netlogon - ok
17:26:36.0314 5020 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:26:36.0314 5020 Netman - ok
17:26:36.0329 5020 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:26:36.0345 5020 netprofm - ok
17:26:36.0360 5020 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:36.0407 5020 NetTcpPortSharing - ok
17:26:36.0438 5020 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:26:36.0438 5020 nfrd960 - ok
17:26:36.0470 5020 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:26:36.0485 5020 NlaSvc - ok
17:26:36.0501 5020 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:26:36.0501 5020 Npfs - ok
17:26:36.0516 5020 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:26:36.0516 5020 nsi - ok
17:26:36.0532 5020 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:26:36.0532 5020 nsiproxy - ok
17:26:36.0594 5020 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:26:36.0657 5020 Ntfs - ok
17:26:36.0719 5020 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
17:26:36.0719 5020 NuidFltr - ok
17:26:36.0735 5020 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:26:36.0735 5020 Null - ok
17:26:36.0750 5020 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:26:36.0750 5020 nvraid - ok
17:26:36.0766 5020 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:26:36.0766 5020 nvstor - ok
17:26:36.0782 5020 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:26:36.0797 5020 nv_agp - ok
17:26:36.0797 5020 NwlnkFlt - ok
17:26:36.0797 5020 NwlnkFwd - ok
17:26:36.0828 5020 [ 226D2C0E1AA9040646D6B158FD344046 ] OA002Afx C:\Windows\system32\Drivers\OA002Afx.sys
17:26:36.0828 5020 OA002Afx - ok
17:26:36.0860 5020 [ 706F5504AF9F28C8641DAB5EDDFDE03B ] OA002Ufd C:\Windows\system32\DRIVERS\OA002Ufd.sys
17:26:36.0875 5020 OA002Ufd - ok
17:26:36.0891 5020 [ 2CE066ADCA145892715F1DF163D879DA ] OA002Vid C:\Windows\system32\DRIVERS\OA002Vid.sys
17:26:36.0891 5020 OA002Vid - ok
17:26:36.0938 5020 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:26:36.0953 5020 odserv - ok
17:26:37.0000 5020 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:26:37.0000 5020 ohci1394 - ok
17:26:37.0031 5020 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:37.0062 5020 ose - ok
17:26:37.0125 5020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:26:37.0156 5020 p2pimsvc - ok
17:26:37.0172 5020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:26:37.0187 5020 p2psvc - ok
17:26:37.0203 5020 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:26:37.0203 5020 Parport - ok
17:26:37.0218 5020 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:26:37.0218 5020 partmgr - ok
17:26:37.0250 5020 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:26:37.0250 5020 PcaSvc - ok
17:26:37.0265 5020 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:26:37.0265 5020 pci - ok
17:26:37.0281 5020 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
17:26:37.0281 5020 pciide - ok
17:26:37.0312 5020 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:26:37.0312 5020 pcmcia - ok
17:26:37.0343 5020 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:26:37.0359 5020 PEAUTH - ok
17:26:37.0421 5020 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:26:37.0421 5020 PerfHost - ok
17:26:37.0468 5020 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:26:37.0499 5020 pla - ok
17:26:37.0530 5020 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:26:37.0546 5020 PlugPlay - ok
17:26:37.0640 5020 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:26:37.0655 5020 Pml Driver HPZ12 - ok
17:26:37.0671 5020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:26:37.0686 5020 PNRPAutoReg - ok
17:26:37.0733 5020 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:26:37.0749 5020 PNRPsvc - ok
17:26:37.0780 5020 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:26:37.0780 5020 PolicyAgent - ok
17:26:37.0811 5020 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:26:37.0811 5020 PptpMiniport - ok
17:26:37.0842 5020 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:26:37.0842 5020 Processor - ok
17:26:37.0874 5020 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:26:37.0874 5020 ProfSvc - ok
17:26:37.0889 5020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:26:37.0889 5020 ProtectedStorage - ok
17:26:37.0920 5020 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:26:37.0920 5020 PSched - ok
17:26:37.0936 5020 [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:26:37.0952 5020 PxHlpa64 - ok
17:26:37.0983 5020 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:26:38.0030 5020 ql2300 - ok
17:26:38.0045 5020 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:26:38.0108 5020 ql40xx - ok
17:26:38.0139 5020 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:26:38.0139 5020 QWAVE - ok
17:26:38.0154 5020 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:26:38.0170 5020 QWAVEdrv - ok
17:26:38.0246 5020 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
17:26:38.0306 5020 R300 - ok
17:26:38.0346 5020 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:26:38.0346 5020 RasAcd - ok
17:26:38.0366 5020 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:26:38.0376 5020 RasAuto - ok
17:26:38.0396 5020 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:38.0396 5020 Rasl2tp - ok
17:26:38.0416 5020 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:26:38.0426 5020 RasMan - ok
17:26:38.0446 5020 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:38.0446 5020 RasPppoe - ok
17:26:38.0476 5020 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:26:38.0476 5020 RasSstp - ok
17:26:38.0526 5020 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:26:38.0526 5020 rdbss - ok
17:26:38.0536 5020 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:38.0536 5020 RDPCDD - ok
17:26:38.0576 5020 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:26:38.0576 5020 rdpdr - ok
17:26:38.0586 5020 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:26:38.0586 5020 RDPENCDD - ok
17:26:38.0626 5020 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:26:38.0636 5020 RDPWD - ok
17:26:38.0686 5020 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:26:38.0686 5020 RemoteAccess - ok
17:26:38.0716 5020 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:26:38.0726 5020 RemoteRegistry - ok
17:26:38.0736 5020 RimUsb - ok
17:26:38.0766 5020 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:26:38.0766 5020 RimVSerPort - ok
17:26:38.0786 5020 [ CF1EEE81FD32238FC51ADCA9F2266B7D ] RLDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\livecamv.sys
17:26:38.0786 5020 RLDesignVirtualAudioCableWdm - ok
17:26:38.0806 5020 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:26:38.0806 5020 ROOTMODEM - ok
17:26:38.0826 5020 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:26:38.0826 5020 RpcLocator - ok
17:26:38.0866 5020 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
17:26:38.0876 5020 RpcSs - ok
17:26:38.0896 5020 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:26:38.0896 5020 rspndr - ok
17:26:38.0936 5020 [ B263B3AEBCDE2210D1CC25756601B8EA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
17:26:38.0946 5020 RTL8169 - ok
17:26:38.0976 5020 [ 5532C4BF15173270757A75B46BAEB960 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
17:26:38.0986 5020 RtNdPt60 - ok
17:26:38.0986 5020 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:26:38.0996 5020 SamSs - ok
17:26:39.0096 5020 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:26:39.0096 5020 SASDIFSV - ok
17:26:39.0116 5020 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:26:39.0126 5020 SASKUTIL - ok
17:26:39.0156 5020 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:26:39.0156 5020 sbp2port - ok
17:26:39.0206 5020 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:26:39.0216 5020 SCardSvr - ok
17:26:39.0286 5020 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:26:39.0296 5020 Schedule - ok
17:26:39.0316 5020 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:26:39.0316 5020 SCPolicySvc - ok
17:26:39.0346 5020 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:26:39.0356 5020 SDRSVC - ok
17:26:39.0376 5020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:26:39.0376 5020 secdrv - ok
17:26:39.0386 5020 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:26:39.0396 5020 seclogon - ok
17:26:39.0416 5020 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
17:26:39.0426 5020 SENS - ok
17:26:39.0446 5020 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:26:39.0446 5020 Serenum - ok
17:26:39.0456 5020 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:26:39.0466 5020 Serial - ok
17:26:39.0476 5020 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:26:39.0476 5020 sermouse - ok
17:26:39.0536 5020 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:26:39.0536 5020 SessionEnv - ok
17:26:39.0566 5020 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:26:39.0566 5020 sffdisk - ok
17:26:39.0576 5020 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:26:39.0576 5020 sffp_mmc - ok
17:26:39.0596 5020 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:26:39.0596 5020 sffp_sd - ok
17:26:39.0626 5020 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:26:39.0626 5020 sfloppy - ok
17:26:39.0676 5020 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:26:39.0686 5020 SharedAccess - ok
17:26:39.0716 5020 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:26:39.0716 5020 ShellHWDetection - ok
17:26:39.0736 5020 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:26:39.0736 5020 SiSRaid2 - ok
17:26:39.0756 5020 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:26:39.0756 5020 SiSRaid4 - ok
17:26:39.0826 5020 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:26:39.0857 5020 slsvc - ok
17:26:39.0881 5020 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:26:39.0887 5020 SLUINotify - ok
17:26:39.0913 5020 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:26:39.0917 5020 Smb - ok
17:26:39.0945 5020 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:26:39.0951 5020 SNMPTRAP - ok
17:26:40.0002 5020 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:26:40.0004 5020 spldr - ok
17:26:40.0038 5020 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:26:40.0079 5020 Spooler - ok
17:26:40.0109 5020 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:26:40.0118 5020 srv - ok
17:26:40.0158 5020 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:26:40.0163 5020 srv2 - ok
17:26:40.0178 5020 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:26:40.0182 5020 srvnet - ok
17:26:40.0212 5020 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:26:40.0220 5020 SSDPSRV - ok
17:26:40.0274 5020 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:26:40.0274 5020 SstpSvc - ok
17:26:40.0321 5020 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:26:40.0336 5020 stisvc - ok
17:26:40.0399 5020 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:26:40.0399 5020 stllssvr - ok
17:26:40.0430 5020 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:26:40.0430 5020 swenum - ok
17:26:40.0461 5020 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:26:40.0477 5020 swprv - ok
17:26:40.0477 5020 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:26:40.0492 5020 Symc8xx - ok
17:26:40.0492 5020 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:26:40.0508 5020 Sym_hi - ok
17:26:40.0508 5020 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:26:40.0523 5020 Sym_u3 - ok
17:26:40.0555 5020 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:26:40.0570 5020 SysMain - ok
17:26:40.0586 5020 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:26:40.0648 5020 TabletInputService - ok
17:26:40.0695 5020 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:26:40.0695 5020 TapiSrv - ok
17:26:40.0711 5020 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:26:40.0726 5020 TBS - ok
17:26:40.0773 5020 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:26:40.0789 5020 Tcpip - ok
17:26:40.0820 5020 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:26:40.0835 5020 Tcpip6 - ok
17:26:40.0867 5020 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:26:40.0867 5020 tcpipreg - ok
17:26:40.0882 5020 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:26:40.0882 5020 TDPIPE - ok
17:26:40.0898 5020 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:26:40.0898 5020 TDTCP - ok
17:26:40.0929 5020 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:26:40.0929 5020 tdx - ok
17:26:40.0976 5020 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:26:40.0976 5020 TermDD - ok
17:26:40.0991 5020 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:26:41.0007 5020 TermService - ok
17:26:41.0023 5020 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:26:41.0038 5020 Themes - ok
17:26:41.0054 5020 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:26:41.0054 5020 THREADORDER - ok
17:26:41.0069 5020 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:26:41.0085 5020 TrkWks - ok
17:26:41.0131 5020 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:26:41.0131 5020 TrustedInstaller - ok
17:26:41.0181 5020 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:41.0181 5020 tssecsrv - ok
17:26:41.0201 5020 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:26:41.0201 5020 tunmp - ok
17:26:41.0221 5020 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:26:41.0231 5020 tunnel - ok
17:26:41.0251 5020 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:26:41.0251 5020 uagp35 - ok
17:26:41.0291 5020 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:26:41.0301 5020 udfs - ok
17:26:41.0331 5020 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:26:41.0331 5020 UI0Detect - ok
17:26:41.0361 5020 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:26:41.0361 5020 uliagpkx - ok
17:26:41.0381 5020 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:26:41.0391 5020 uliahci - ok
17:26:41.0401 5020 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:26:41.0401 5020 UlSata - ok
17:26:41.0441 5020 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:26:41.0451 5020 ulsata2 - ok
17:26:41.0461 5020 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:26:41.0461 5020 umbus - ok
17:26:41.0481 5020 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:26:41.0501 5020 upnphost - ok
17:26:41.0501 5020 upperdev - ok
17:26:41.0531 5020 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:26:41.0531 5020 USBAAPL64 - ok
17:26:41.0561 5020 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:26:41.0561 5020 usbaudio - ok
17:26:41.0611 5020 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:41.0621 5020 usbccgp - ok
17:26:41.0651 5020 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:26:41.0651 5020 usbcir - ok
17:26:41.0671 5020 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:26:41.0741 5020 usbehci - ok
17:26:41.0771 5020 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:26:41.0781 5020 usbhub - ok
17:26:41.0801 5020 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:26:41.0801 5020 usbohci - ok
17:26:41.0841 5020 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:26:41.0841 5020 usbprint - ok
17:26:41.0861 5020 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:26:41.0871 5020 usbscan - ok
17:26:41.0891 5020 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:41.0891 5020 USBSTOR - ok
17:26:41.0931 5020 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:26:41.0941 5020 usbuhci - ok
17:26:41.0971 5020 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:26:41.0971 5020 usbvideo - ok
17:26:41.0991 5020 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:26:42.0001 5020 UxSms - ok
17:26:42.0031 5020 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:26:42.0041 5020 vds - ok
17:26:42.0061 5020 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:42.0071 5020 vga - ok
17:26:42.0101 5020 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:26:42.0101 5020 VgaSave - ok
17:26:42.0121 5020 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
17:26:42.0121 5020 viaide - ok
17:26:42.0131 5020 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:26:42.0141 5020 volmgr - ok
17:26:42.0181 5020 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:26:42.0181 5020 volmgrx - ok
17:26:42.0201 5020 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:26:42.0201 5020 volsnap - ok
17:26:42.0221 5020 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:26:42.0231 5020 vsmraid - ok
17:26:42.0271 5020 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:26:42.0301 5020 VSS - ok
17:26:42.0351 5020 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:26:42.0371 5020 W32Time - ok
17:26:42.0401 5020 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:26:42.0401 5020 WacomPen - ok
17:26:42.0421 5020 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:26:42.0421 5020 Wanarp - ok
17:26:42.0431 5020 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:26:42.0431 5020 Wanarpv6 - ok
17:26:42.0451 5020 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:26:42.0471 5020 wcncsvc - ok
17:26:42.0541 5020 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:26:42.0541 5020 WcsPlugInService - ok
17:26:42.0561 5020 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:26:42.0561 5020 Wd - ok
17:26:42.0591 5020 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:26:42.0641 5020 Wdf01000 - ok
17:26:42.0661 5020 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:26:42.0671 5020 WdiServiceHost - ok
17:26:42.0681 5020 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:26:42.0691 5020 WdiSystemHost - ok
17:26:42.0711 5020 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:26:42.0721 5020 WebClient - ok
17:26:42.0741 5020 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:26:42.0751 5020 Wecsvc - ok
17:26:42.0761 5020 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:26:42.0771 5020 wercplsupport - ok
17:26:42.0781 5020 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:26:42.0791 5020 WerSvc - ok
17:26:42.0831 5020 [ A53CDE6BEEA165FE9B430476EEDE3C54 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
17:26:42.0841 5020 winachsf - ok
17:26:42.0842 5020 WinDefend - ok
17:26:42.0849 5020 WinHttpAutoProxySvc - ok
17:26:42.0956 5020 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:26:42.0961 5020 Winmgmt - ok
17:26:43.0018 5020 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
17:26:43.0060 5020 WinRM - ok
17:26:43.0140 5020 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:26:43.0155 5020 Wlansvc - ok
17:26:43.0187 5020 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:26:43.0187 5020 WmiAcpi - ok
17:26:43.0202 5020 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:26:43.0202 5020 wmiApSrv - ok
17:26:43.0218 5020 WMPNetworkSvc - ok
17:26:43.0249 5020 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:26:43.0265 5020 WPCSvc - ok
17:26:43.0296 5020 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:26:43.0296 5020 WPDBusEnum - ok
17:26:43.0327 5020 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:26:43.0327 5020 WpdUsb - ok
17:26:43.0421 5020 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:26:43.0436 5020 WPFFontCache_v0400 - ok
17:26:43.0499 5020 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:26:43.0499 5020 ws2ifsl - ok
17:26:43.0530 5020 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
17:26:43.0530 5020 wscsvc - ok
17:26:43.0545 5020 WSearch - ok
17:26:43.0623 5020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:26:43.0701 5020 wuauserv - ok
17:26:43.0717 5020 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:26:43.0717 5020 WUDFRd - ok
17:26:43.0733 5020 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:26:43.0733 5020 wudfsvc - ok
17:26:43.0764 5020 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
17:26:43.0764 5020 XAudio - ok
17:26:43.0795 5020 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
17:26:43.0795 5020 XAudioService - ok
17:26:43.0795 5020 ================ Scan global ===============================
17:26:43.0889 5020 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:26:43.0935 5020 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:26:43.0967 5020 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:26:44.0013 5020 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:26:44.0029 5020 [Global] - ok
17:26:44.0029 5020 ================ Scan MBR ==================================
17:26:44.0045 5020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:26:44.0388 5020 \Device\Harddisk0\DR0 - ok
17:26:44.0388 5020 ================ Scan VBR ==================================
17:26:44.0419 5020 [ E8D1C29A154FB2FD3BB8247E9C36E720 ] \Device\Harddisk0\DR0\Partition1
17:26:44.0419 5020 \Device\Harddisk0\DR0\Partition1 - ok
17:26:44.0419 5020 [ 4027D537ADF0C2F1007E42B6317C2526 ] \Device\Harddisk0\DR0\Partition2
17:26:44.0419 5020 \Device\Harddisk0\DR0\Partition2 - ok
17:26:44.0419 5020 ============================================================
17:26:44.0419 5020 Scan finished
17:26:44.0419 5020 ============================================================
17:26:44.0435 2780 Detected object count: 1
17:26:44.0435 2780 Actual detected object count: 1
17:27:20.0743 2780 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:27:20.0743 2780 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:27:52.0395 1232 Deinitialize success

ComboFix 12-09-24.03 - Mary Grace 09/25/2012 17:34:19.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2144 [GMT -4:00]
Running from: c:\users\Mary Grace\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\_ctypes.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\_elementtree.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\_hashlib.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\_socket.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\_ssl.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\pyexpat.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\pysqlite2._sqlite.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\python26.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\pythoncom26.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\pywintypes26.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\select.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\unicodedata.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32api.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32com.shell.shell.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32crypt.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32event.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32file.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32inet.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32pdh.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32process.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\win32security.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\windows._cacheinvalidation.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wx._controls_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wx._core_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wx._gdi_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wx._html2.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wx._misc_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wx._windows_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wx._wizard.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wxbase293u_net_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wxbase293u_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wxmsw293u_adv_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wxmsw293u_core_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wxmsw293u_html_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI32322\wxmsw293u_webview_vc.dll
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\Mary Grace\Documents\~WRL0003.tmp
c:\users\Mary Grace\Documents\~WRL0005.tmp
c:\users\Mary Grace\Documents\~WRL0006.tmp
c:\users\Mary Grace\Documents\~WRL0007.tmp
c:\users\Mary Grace\Documents\~WRL0431.tmp
c:\users\Mary Grace\Documents\~WRL2342.tmp
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\_ctypes.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\_elementtree.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\_hashlib.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\_socket.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\_ssl.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\pyexpat.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\pysqlite2._sqlite.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\python26.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\pythoncom26.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\pywintypes26.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\select.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\unicodedata.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32api.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32com.shell.shell.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32crypt.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32event.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32file.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32inet.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32pdh.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32process.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\win32security.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\windows._cacheinvalidation.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wx._controls_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wx._core_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wx._gdi_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wx._html2.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wx._misc_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wx._windows_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wx._wizard.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wxbase293u_net_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wxbase293u_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wxmsw293u_adv_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wxmsw293u_core_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wxmsw293u_html_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI32322\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 21:43 . 2012-09-25 21:47 -------- d-----w- c:\users\Mary Grace\AppData\Local\temp
2012-09-25 21:43 . 2012-09-25 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-25 20:23 . 2012-09-25 20:23 -------- d-----w- c:\program files (x86)\Application Updater
2012-09-25 20:23 . 2012-09-25 20:23 -------- d-----w- c:\program files (x86)\YTD Toolbar
2012-09-25 20:23 . 2012-09-25 20:23 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-09-25 17:58 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DBE0FDD-6CEF-4FC6-9DBE-B70B1B27440D}\mpengine.dll
2012-09-21 13:50 . 2012-09-21 13:50 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-09-21 11:16 . 2012-09-21 11:16 -------- d-----w- c:\users\Mary Grace\AppData\Roaming\SUPERAntiSpyware.com
2012-09-21 11:16 . 2012-09-21 11:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 01:20 . 2012-09-20 01:20 -------- d-----w- c:\users\Mary Grace\AppData\Local\blekkotb_001
2012-09-03 19:55 . 2012-09-25 15:04 -------- d-s---w- c:\users\Mary Grace\Google Drive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 20:11 . 2012-04-13 16:09 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 20:11 . 2011-05-24 00:47 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 07:00 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-09-07 21:04 . 2010-05-19 00:43 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 14:33 . 2012-08-16 07:05 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 16:20 . 2012-08-15 10:52 648192 ----a-w- c:\windows\system32\netapi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Akamai NetSession Interface"="c:\users\Mary Grace\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-09-19 1100680]
.
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-11-22 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 20:11]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-12 18:42]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-12 18:42]
.
2012-09-25 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-11-22 11:18]
.
2012-09-25 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 75fb2ffe-c13d-4ae4-9448-b5956ba830d6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-25 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e140c307-15c8-4686-bac3-62ea6905d5e9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=113543&tt=2912_2&babsrc=HP_ss&mntrId=909362110000000000000021706f215b
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uInternet Settings,ProxyServer = http=127.0.0.1:62424
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mary Grace\AppData\Roaming\Mozilla\Firefox\Profiles\i1v9gszp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, a2f9700b-3f2d-4939-b3f4-97bd72a2d28c
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113543&tt=2912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 909362110000000000000021706f215b
FF - user.js: extensions.BabylonToolbar_i.hardId - 909362110000000000000021706f215b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:03
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-Skytel - Skytel.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@DACL=(02 0000)
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
.
**************************************************************************
.
Completion time: 2012-09-25 17:52:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-25 21:52
.
Pre-Run: 614,853,275,648 bytes free
Post-Run: 614,823,731,200 bytes free
.
- - End Of File - - 9345EEEE5BEA695A164C1403FCF2BC8A

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 25 September 2012 - 08:55 PM

Please do this next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 John Basedow

John Basedow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 26 September 2012 - 11:14 AM

I scanned with MBAM and even did it in safe mode. No infections were found but im still redirected to sites like searchwebresults.com

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.07

Windows Vista Service Pack 2 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Mary Grace :: MARYGRACE-PC [administrator]

9/26/2012 9:12:36 AM
mbam-log-2012-09-26 (09-12-36).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384681
Time elapsed: 1 hour(s), 6 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 26 September 2012 - 08:17 PM

Are the redirects happening with all your browsers or are they specific to Firefox? Please do this next:

Posted Image Please download Listparts64
  • Run the tool, click Scan and post the log (Result.txt) it makes.
Posted Image Please download MiniToolBox and run it.

Check the following items:
  • Flush DNS
  • List content of Hosts
  • List IP configuration
Click Go and copy/paste the log (Result.txt) into your next post.

Please include the following in your next post:
  • listparts log
  • MiniToolBox log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 John Basedow

John Basedow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 28 September 2012 - 08:45 AM

The redirects are not specific to firefox. They occur on all browsers.
ListParts by Farbar Version: 25-09-2012
Ran by Mary Grace (administrator) on 28-09-2012 at 09:41:25
Windows Vista (X64)
Running From: C:\Users\Mary Grace\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 56%
Total physical RAM: 4060.26 MB
Available physical RAM: 1750.33 MB
Total Pagefile: 8301.78 MB
Available Pagefile: 5916.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:683.58 GB) (Free:561.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.29 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 699 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 15 GB 55 MB
Partition 3 Primary 684 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 684 GB Healthy System (partition with boot components)

======================================================================================================

MiniToolBox by Farbar Version: 23-07-2012
Ran by Mary Grace (administrator) on 28-09-2012 at 09:43:54
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MaryGrace-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-21-70-6F-21-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b1c6:3e7b:1ba3:8efa%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.189(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 27, 2012 9:20:15 PM
Lease Expires . . . . . . . . . . : Saturday, September 29, 2012 9:20:15 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 251666800
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-B9-75-44-00-21-70-6F-21-5B
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AB42FE40-B1CA-4DBF-9871-B6B6A58BB9C7}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:34b9:298:3f57:ff42(Preferred)
Link-local IPv6 Address . . . . . : fe80::34b9:298:3f57:ff42%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AB42FE40-B1CA-4DBF-9871-B6B6A58BB9C7}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4006:803::1008
173.194.43.8
173.194.43.2
173.194.43.4
173.194.43.9
173.194.43.5
173.194.43.1
173.194.43.6
173.194.43.7
173.194.43.0
173.194.43.14
173.194.43.3



Pinging google.com [74.125.226.228] with 32 bytes of data:

Reply from 74.125.226.228: bytes=32 time=45ms TTL=56

Reply from 74.125.226.228: bytes=32 time=37ms TTL=56



Ping statistics for 74.125.226.228:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 45ms, Average = 41ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=340ms TTL=53

Reply from 98.139.183.24: bytes=32 time=129ms TTL=53



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 129ms, Maximum = 340ms, Average = 234ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 70 6f 21 5b ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{AB42FE40-B1CA-4DBF-9871-B6B6A58BB9C7}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19 ...00 00 00 00 00 00 00 e0 isatap.{AB42FE40-B1CA-4DBF-9871-B6B6A58BB9C7}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.189 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.189 276
192.168.0.189 255.255.255.255 On-link 192.168.0.189 276
192.168.0.255 255.255.255.255 On-link 192.168.0.189 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.189 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.189 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:9d38:6ab8:34b9:298:3f57:ff42/128
On-link
11 276 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::34b9:298:3f57:ff42/128
On-link
11 276 fe80::b1c6:3e7b:1ba3:8efa/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**** End of log ****


****** End Of Log ******

Edited by John Basedow, 28 September 2012 - 11:55 AM.


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 28 September 2012 - 10:15 PM

Please do this next:

Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 John Basedow

John Basedow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 29 September 2012 - 07:52 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5350c3d83d825c4c89ce3556e5e430a6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-29 10:56:16
# local_time=2012-09-29 06:56:16 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 73370071 73370071 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 56 0 185550383 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=187054
# found=40
# cleaned=0
# scan_time=7699
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot(2)\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot(2)\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot(2)\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot(2)\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot(2)\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot(2)\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot(2)\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot(2)\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\AppData\Local\Google\Chrome\User Data\Default\Default\aagegfggdcdadadcdagcgfdedegegedf\background.html Win32/BHO.OEI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\AppData\Local\Google\Chrome\User Data\Default\Default\aagegfggdcdadadcdagcgfdedegegedf\ContentScript.js Win32/BHO.OEI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\270c07d4-38cf8551 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\d189d59-2fec9c41 a variant of Java/TrojanDownloader.Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\AppData\Roaming\Mozilla\Firefox\Profiles\i1v9gszp.default\extensions\tmupvhyupl@tmupvhyupl.org.xpi JS/Redirector.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\Desktop\frostwire-5.1.5.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\Downloads\Adobe PhotoShop CS5 Extended Edition Incl. Keygen.rar a variant of Win32/HackTool.Patcher.P application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\Downloads\FinalTorrent2011Setup.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\Downloads\frostwire-4.21.1.windows.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\Downloads\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Mary Grace\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\125ec4d.msi probably a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Toolbar.Widgi application 00000000000000000000000000000000 I

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 30 September 2012 - 07:56 AM

It appears as though you have a pirated copy of Adobe Photoshop. Those types of files are a major source of infections and you need to remove them. Please do this next:

Posted Image Delete your existing copy of ComboFix and download a new copy HERE

Open Notepad Go to Start> All Programs> Accessories> Notepad [COLOR="Blue"] ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

ClearJavaCache::
File::
C:\Users\Mary Grace\AppData\Local\Google\Chrome\User Data\Default\Default\aagegfggdcdadadcdagcgfdedegegedf\background.html
C:\Users\Mary Grace\AppData\Local\Google\Chrome\User Data\Default\Default\aagegfggdcdadadcdagcgfdedegegedf\ContentScript.js
C:\Users\Mary Grace\AppData\Roaming\Mozilla\Firefox\Profiles\i1v9gszp.default\extensions\tmupvhyupl@tmupvhyupl.org.xpi
C:\Users\Mary Grace\Downloads\Adobe PhotoShop CS5 Extended Edition Incl. Keygen.rar

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 John Basedow

John Basedow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 01 October 2012 - 01:39 PM

ComboFix 12-09-30.03 - Mary Grace 10/01/2012 13:44:04.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2323 [GMT -4:00]
Running from: c:\users\Mary Grace\Downloads\ComboFix.exe
Command switches used :: c:\users\Mary Grace\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Mary Grace\AppData\Local\Google\Chrome\User Data\Default\Default\aagegfggdcdadadcdagcgfdedegegedf\background.html"
"c:\users\Mary Grace\AppData\Local\Google\Chrome\User Data\Default\Default\aagegfggdcdadadcdagcgfdedegegedf\ContentScript.js"
"c:\users\Mary Grace\AppData\Roaming\Mozilla\Firefox\Profiles\i1v9gszp.default\extensions\tmupvhyupl@tmupvhyupl.org.xpi"
"c:\users\Mary Grace\Downloads\Adobe PhotoShop CS5 Extended Edition Incl. Keygen.rar"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\_ctypes.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\_elementtree.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\_hashlib.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\_socket.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\_ssl.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\pyexpat.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\pysqlite2._sqlite.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\python26.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\pythoncom26.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\pywintypes26.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\select.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\unicodedata.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32api.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32com.shell.shell.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32crypt.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32event.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32file.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32inet.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32pdh.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32process.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\win32security.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\windows._cacheinvalidation.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wx._controls_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wx._core_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wx._gdi_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wx._html2.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wx._misc_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wx._windows_.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wx._wizard.pyd
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wxbase293u_net_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wxbase293u_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wxmsw293u_adv_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wxmsw293u_core_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wxmsw293u_html_vc.dll
c:\users\Mary Grace\AppData\Local\Temp\_MEI35202\wxmsw293u_webview_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\_ctypes.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\_elementtree.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\_hashlib.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\_socket.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\_ssl.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\pyexpat.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\pysqlite2._sqlite.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\python26.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\pythoncom26.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\pywintypes26.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\select.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\unicodedata.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32api.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32com.shell.shell.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32crypt.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32event.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32file.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32inet.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32pdh.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32process.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\win32security.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\windows._cacheinvalidation.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wx._controls_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wx._core_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wx._gdi_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wx._html2.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wx._misc_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wx._windows_.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wx._wizard.pyd
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wxbase293u_net_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wxbase293u_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wxmsw293u_adv_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wxmsw293u_core_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wxmsw293u_html_vc.dll
c:\users\MARYGR~1\AppData\Local\Temp\_MEI35202\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 17:53 . 2012-10-01 17:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-10-01 17:53 . 2012-10-01 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-29 20:43 . 2012-09-29 20:43 -------- d-----w- c:\program files (x86)\ESET
2012-09-28 22:09 . 2012-09-28 22:09 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBE53A14-9F9C-41F5-9F66-08FF41398D98}\offreg.dll
2012-09-28 21:51 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBE53A14-9F9C-41F5-9F66-08FF41398D98}\mpengine.dll
2012-09-28 17:31 . 2012-09-28 17:31 -------- d-----w- C:\The Devil Wears Prada - With Roots Above and Branches Below
2012-09-28 17:31 . 2012-09-28 17:31 -------- d-----w- C:\The Devil Wears Prada - Plagues
2012-09-28 17:31 . 2012-09-28 17:31 -------- d-----w- C:\The Devil Wears Prada - Dear Love, A Beautiful Discord
2012-09-25 21:43 . 2012-10-01 17:57 -------- d-----w- c:\users\Mary Grace\AppData\Local\temp
2012-09-25 20:23 . 2012-09-25 20:23 -------- d-----w- c:\program files (x86)\Application Updater
2012-09-25 20:23 . 2012-09-25 20:23 -------- d-----w- c:\program files (x86)\YTD Toolbar
2012-09-25 20:23 . 2012-09-25 20:23 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-09-21 13:50 . 2012-09-21 13:50 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-09-21 11:16 . 2012-09-21 11:16 -------- d-----w- c:\users\Mary Grace\AppData\Roaming\SUPERAntiSpyware.com
2012-09-21 11:16 . 2012-09-25 22:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 01:20 . 2012-09-20 01:20 -------- d-----w- c:\users\Mary Grace\AppData\Local\blekkotb_001
2012-09-03 19:55 . 2012-10-01 17:24 -------- d-s---w- c:\users\Mary Grace\Google Drive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 20:11 . 2012-04-13 16:09 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 20:11 . 2011-05-24 00:47 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 07:00 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-09-07 21:04 . 2010-05-19 00:43 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 14:33 . 2012-08-16 07:05 2769408 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Akamai NetSession Interface"="c:\users\Mary Grace\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-25 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-09-19 1100680]
.
c:\users\Mary Grace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-11-22 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 20:11]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-12 18:42]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-04-12 18:42]
.
2012-10-01 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2008-11-22 11:18]
.
2012-09-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 75fb2ffe-c13d-4ae4-9448-b5956ba830d6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e140c307-15c8-4686-bac3-62ea6905d5e9.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mary Grace\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
"Skytel"="Skytel.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=113543&tt=2912_2&babsrc=HP_ss&mntrId=909362110000000000000021706f215b
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uInternet Settings,ProxyServer = http=127.0.0.1:62424
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mary Grace\AppData\Roaming\Mozilla\Firefox\Profiles\i1v9gszp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, a2f9700b-3f2d-4939-b3f4-97bd72a2d28c
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113543&tt=2912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 909362110000000000000021706f215b
FF - user.js: extensions.BabylonToolbar_i.hardId - 909362110000000000000021706f215b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15539
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:03
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@DACL=(02 0000)
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
.
**************************************************************************
.
Completion time: 2012-10-01 14:02:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-01 18:02
ComboFix2.txt 2012-09-25 21:53
.
Pre-Run: 593,594,478,592 bytes free
Post-Run: 593,289,502,720 bytes free
.
- - End Of File - - 57D1B6E745AC95EFD7EE74E06AB8C3A5

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 01 October 2012 - 06:54 PM

Are you still being redirected?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 AM

Posted 09 October 2012 - 09:11 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users