Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Trojan or rootkit on computer


  • This topic is locked This topic is locked
25 replies to this topic

#1 colinrgilbert

colinrgilbert

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 25 September 2012 - 01:11 AM

My computer was infected with some sort of virus about five days ago and I have been battling to try to get it off since. (It is running Windows 7, 64 bit.) I paid a local guy to fix it, but that did not work. About once a day a virus program will find new infections. The last two sets of infections found were:

win32/toolbar.crossrider application
variant of win32/adware.tontoo.b application
variant of java/exploit. CVE-2012-4681.AN trojan
win32/OpenCandy application

&

HackTool:Win32/Keygen
Exploit:Java/CVE-2012-1723.EF
Exploit:Java/CVE-2012-1723.HJ
Exploit:Java/CVE-2012-1723.OG
Exploit:Java/CVE-2012-1723.SC
Trojan:JS/Medfos.A



I also ran Bootkit Remover and got the following response.

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000006`40100000

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...



I do not know the best way to proceed. I appreciate any help you can offer. Thank you very much in advance. Below is the DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Colin at 0:59:29 on 2012-09-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.5741 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Users\Colin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
StartupFolder: C:\Users\Colin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Colin\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F9817D7-ABC0-4F27-A708-AFA1F075D93D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F9817D7-ABC0-4F27-A708-AFA1F075D93D}\14D696B61686D27657563747 : DhcpNameServer = 65.40.202.102 67.76.234.226 192.168.33.1
TCP: Interfaces\{3F9817D7-ABC0-4F27-A708-AFA1F075D93D}\2375942554432373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F9817D7-ABC0-4F27-A708-AFA1F075D93D}\2375942554537313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F9817D7-ABC0-4F27-A708-AFA1F075D93D}\34F424F5055524C49434 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{3F9817D7-ABC0-4F27-A708-AFA1F075D93D}\34F6C696E6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DFB2D2F3-0A09-4E63-8A70-8F4679AC7A7A} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\2ftgihfm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-9-23 500568]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-20 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-20 676936]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-20 1153368]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-15 724912]
R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-19 250288]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-18 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-18 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-19 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-09-24 12:05:34 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34EA65B5-A10A-4F64-819A-CDE420F3E7A3}\mpengine.dll
2012-09-24 08:00:59 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-09-24 08:00:55 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-09-24 08:00:54 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-09-24 08:00:53 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-09-24 08:00:53 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-09-24 03:07:19 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-24 01:47:29 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-24 01:42:54 -------- d-----w- C:\ProgramData\IObit
2012-09-24 01:42:44 -------- d-----w- C:\Users\Colin\AppData\Roaming\IObit
2012-09-24 01:42:29 -------- d-----w- C:\Program Files (x86)\IObit
2012-09-23 21:52:47 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-20 11:16:52 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{14F89242-9D09-4F9C-9437-67EF6CEB8813}\gapaengine.dll
2012-09-20 11:14:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-20 11:14:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-20 08:42:19 -------- d-----w- C:\ProgramData\Sophos
2012-09-20 08:42:15 73728 ----a-r- C:\Users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-20 08:42:15 73728 ----a-r- C:\Users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-20 08:42:15 73728 ----a-r- C:\Users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-20 08:42:09 -------- d-----w- C:\Program Files (x86)\Sophos
2012-09-20 07:56:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-20 07:53:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-20 07:53:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-20 07:40:58 -------- d-----w- C:\Users\Colin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 07:40:54 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-20 07:40:54 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-19 20:37:14 -------- d-----r- C:\Users\Colin\Dropbox
2012-09-19 20:05:00 -------- d-----w- C:\Users\Colin\AppData\Roaming\Dropbox
2012-09-18 21:52:49 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBB74A9E-06EA-4A76-9BB7-5CD388D49E5B}\mpengine.dll
2012-09-18 01:56:11 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-18 01:45:35 -------- d-----w- C:\Users\Colin\AppData\Roaming\Auslogics
2012-09-18 01:45:29 -------- d-----w- C:\Program Files (x86)\Auslogics
2012-09-18 01:43:50 -------- d-----w- C:\Program Files\CCleaner
2012-09-18 01:36:59 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-09-18 01:32:41 -------- d-----w- C:\Program Files (x86)\Coupon Companion
2012-09-18 01:32:33 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-09-18 01:32:31 -------- d-----w- C:\ProgramData\Tarma Installer
2012-09-18 01:21:45 388096 ----a-r- C:\Users\Colin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-18 01:21:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-09-17 23:52:00 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-09-17 23:39:10 -------- d-----w- C:\Windows\pss
2012-09-17 17:45:16 -------- d-----w- C:\Safe Folder
2012-09-17 00:24:42 -------- d-----w- C:\Program Files (x86)\F-Secure
2012-09-16 23:55:00 -------- d-----w- C:\ProgramData\AVAST Software
2012-09-16 23:55:00 -------- d-----w- C:\Program Files\AVAST Software
2012-09-16 23:29:16 -------- d-----w- C:\ProgramData\F-Secure
2012-09-15 22:41:12 -------- d-----w- C:\Users\Colin\AppData\Local\{7938BF67-CBB0-49FB-B063-2AD8A4FB6700}
2012-09-15 22:27:00 -------- d-----w- C:\Users\Colin\AppData\Local\ElevatedDiagnostics
2012-09-15 21:45:05 -------- d-----w- C:\Windows\PIF
2012-09-15 19:07:33 -------- d-----w- C:\Users\Colin\AppData\Roaming\Malwarebytes
2012-09-15 19:07:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-15 14:20:48 -------- d-----w- C:\Users\Colin\AppData\Local\{8E462D67-FF40-11E1-8271-B8AC6F996F26}
2012-09-15 12:28:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-12 13:22:17 -------- d-----w- C:\ProgramData\WeCareReminder
2012-09-12 13:21:35 -------- d-----w- C:\Users\Colin\AppData\Roaming\OpenCandy
2012-09-12 13:05:17 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 13:05:17 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 13:05:17 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 13:05:17 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 13:05:16 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 13:05:16 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 13:05:16 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-07 07:29:08 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-09-07 04:22:58 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-09-03 11:05:58 -------- d-----w- C:\Program Files (x86)\Rovio
2012-09-03 10:54:07 -------- d-----w- C:\Users\Colin\AppData\Roaming\Rovio
2012-08-27 11:06:15 -------- d-----w- C:\Program Files (x86)\MSECache
.
==================== Find3M ====================
.
2012-09-25 02:33:14 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2012-09-22 18:53:52 150712 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-09-22 18:53:52 110608 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-09-22 18:53:52 102832 ----a-w- C:\Windows\System32\WRusr.dll
2012-09-21 09:11:36 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 09:11:36 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-04 04:19:43 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-04 04:19:43 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 22:13:40 405144 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-09 18:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 18:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-06 03:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 0:59:55.58 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 26 September 2012 - 01:34 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 28 September 2012 - 11:18 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 colinrgilbert

colinrgilbert
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 01 October 2012 - 03:08 PM

I apologize for the delay. This issue has greatly disrupted my schedule. I am working on the steps you described right now.

#5 colinrgilbert

colinrgilbert
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 01 October 2012 - 03:28 PM

Thank you very much for all of your time and effort. I really appreciate this. Here is what I have from those instructions

checkup.txt:


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Webroot SecureAnywhere
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Eusing Free Registry Cleaner
Adobe Flash Player 11.4.402.265
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 15.0.874.120
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````




AdwCleaner[S1].txt:


# AdwCleaner v2.003 - Logfile created 10/01/2012 at 15:17:27
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Colin - COLIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Colin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Colin\AppData\Local\Conduit
Folder Deleted : C:\Users\Colin\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Colin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Colin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Colin\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\2ftgihfm.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4170 octets] - [01/10/2012 15:17:27]

########## EOF - C:\AdwCleaner[S1].txt - [4230 octets] ##########



RKreport[1].txt:


RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Colin [Admin rights]
Mode : Scan -- Date : 10/01/2012 15:23:43

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤
[TASK][SUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe -e -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPVT-80HXZT3 +++++
--- User ---
[MBR] 1f1ea5d1016d9e034589b4774d3056e3
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 689802 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 01 October 2012 - 10:12 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 colinrgilbert

colinrgilbert
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 01 October 2012 - 10:58 PM

Thank you for your quick reply. I have to finish submitting one bid to a potential client. Directly after that, I will do exactly as you directed. Thank you again for your help.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 01 October 2012 - 11:43 PM

no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 colinrgilbert

colinrgilbert
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 02 October 2012 - 08:28 AM

Below is the Combofix log. My computer still seems to be running a bit slow, which began when I got the virus.


ComboFix 12-10-02.02 - Colin 10/02/2012 8:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.5986 [GMT -5:00]
Running from: c:\users\Colin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\programdata\Roaming
c:\users\Colin\AppData\Local\Vid-Saver
c:\users\Colin\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
c:\users\Colin\Documents\~WRD0000.tmp
c:\windows\AsPatch10430001.exe
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-10-02 13:13 . 2012-10-02 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 07:34 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{570AFAE6-D5FC-4743-BA64-BCEBDA0DC8E6}\mpengine.dll
2012-10-01 06:51 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-27 01:04 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 08:00 . 2012-08-24 10:13 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-24 08:00 . 2012-08-24 10:14 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-24 08:00 . 2012-08-24 10:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-24 08:00 . 2012-08-24 06:52 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-09-24 08:00 . 2012-08-24 10:24 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-09-24 08:00 . 2012-08-24 10:25 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-09-24 08:00 . 2012-08-24 06:53 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-09-24 08:00 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-24 08:00 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-24 03:07 . 2012-09-24 03:07 -------- d-----w- c:\program files (x86)\ESET
2012-09-24 01:42 . 2012-09-24 01:42 -------- d-----w- c:\programdata\IObit
2012-09-24 01:42 . 2012-09-24 09:45 -------- d-----w- c:\users\Colin\AppData\Roaming\IObit
2012-09-24 01:42 . 2012-09-24 01:42 -------- d-----w- c:\program files (x86)\IObit
2012-09-20 11:16 . 2012-09-20 11:16 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14F89242-9D09-4F9C-9437-67EF6CEB8813}\gapaengine.dll
2012-09-20 11:14 . 2012-10-02 08:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-20 11:14 . 2012-10-02 08:01 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-20 08:42 . 2012-09-20 08:42 -------- d-----w- c:\programdata\Sophos
2012-09-20 08:42 . 2012-09-20 08:42 73728 ----a-r- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-20 08:42 . 2012-09-20 08:42 73728 ----a-r- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-20 08:42 . 2012-09-20 08:42 73728 ----a-r- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-20 08:42 . 2012-09-20 08:42 -------- d-----w- c:\program files (x86)\Sophos
2012-09-20 07:56 . 2012-09-20 07:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-20 07:53 . 2012-09-20 07:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-20 07:53 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 07:40 . 2012-09-20 07:40 -------- d-----w- c:\users\Colin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 07:40 . 2012-09-27 00:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 07:40 . 2012-09-20 07:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-19 20:37 . 2012-10-02 07:23 -------- d-----r- c:\users\Colin\Dropbox
2012-09-19 20:05 . 2012-10-02 07:23 -------- d-----w- c:\users\Colin\AppData\Roaming\Dropbox
2012-09-19 05:22 . 2012-09-25 01:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-18 21:52 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBB74A9E-06EA-4A76-9BB7-5CD388D49E5B}\mpengine.dll
2012-09-18 01:56 . 2012-09-21 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-18 01:45 . 2012-09-18 01:45 -------- d-----w- c:\users\Colin\AppData\Roaming\Auslogics
2012-09-18 01:45 . 2012-09-18 01:45 -------- d-----w- c:\program files (x86)\Auslogics
2012-09-18 01:43 . 2012-09-18 01:43 -------- d-----w- c:\program files\CCleaner
2012-09-18 01:36 . 2012-09-18 01:42 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-09-18 01:32 . 2012-09-24 03:31 -------- d-----w- c:\program files (x86)\Coupon Companion
2012-09-18 01:21 . 2012-09-18 01:21 388096 ----a-r- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-18 01:21 . 2012-09-18 01:21 -------- d-----w- c:\program files (x86)\Trend Micro
2012-09-17 23:52 . 2012-09-17 23:52 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-09-17 23:37 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-17 17:45 . 2012-09-19 20:41 -------- d-----w- C:\Safe Folder
2012-09-17 00:24 . 2012-09-17 22:48 -------- d-----w- c:\program files (x86)\F-Secure
2012-09-16 23:55 . 2012-09-25 02:26 -------- d-----w- c:\programdata\AVAST Software
2012-09-16 23:55 . 2012-09-17 23:36 -------- d-----w- c:\program files\AVAST Software
2012-09-16 23:29 . 2012-09-18 00:52 -------- d-----w- c:\programdata\F-Secure
2012-09-15 22:27 . 2012-09-15 22:27 -------- d-----w- c:\users\Colin\AppData\Local\ElevatedDiagnostics
2012-09-15 21:45 . 2012-09-15 21:45 -------- d-----w- c:\windows\PIF
2012-09-15 19:07 . 2012-09-15 19:07 -------- d-----w- c:\users\Colin\AppData\Roaming\Malwarebytes
2012-09-15 19:07 . 2012-09-15 19:07 -------- d-----w- c:\programdata\Malwarebytes
2012-09-15 14:20 . 2012-09-17 22:48 -------- d-----w- c:\users\Colin\AppData\Local\{8E462D67-FF40-11E1-8271-B8AC6F996F26}
2012-09-15 12:28 . 2012-09-20 17:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-12 13:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:05 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:05 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:05 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-07 08:54 . 2012-09-07 08:54 -------- d-----w- c:\program files\Adobe
2012-09-07 07:29 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-09-07 04:22 . 2012-09-25 23:28 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-09-07 04:20 . 2012-09-07 08:54 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-07 04:17 . 2012-09-07 04:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-09-03 13:15 . 2012-09-03 13:15 -------- d-----w- c:\users\Colin\AppData\Roaming\U3
2012-09-03 11:05 . 2012-09-03 11:05 -------- d-----w- c:\program files (x86)\Rovio
2012-09-03 10:54 . 2012-09-03 11:06 -------- d-----w- c:\users\Colin\AppData\Roaming\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 07:23 . 2012-04-30 04:54 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-09-22 18:53 . 2012-07-15 22:12 150712 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-09-22 18:53 . 2012-07-15 22:12 110608 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-09-22 18:53 . 2012-07-15 22:12 102832 ----a-w- c:\windows\system32\WRusr.dll
2012-09-21 09:11 . 2012-07-19 08:13 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 09:11 . 2012-07-19 08:13 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 05:43 . 2012-07-16 18:20 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-03-21 01:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-04 04:19 . 2012-08-04 04:19 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-04 04:19 . 2012-08-04 04:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-18 18:15 . 2012-08-15 16:57 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 22:05 . 2011-03-29 02:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-12 22:13 . 2012-07-19 07:26 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-09 18:42 . 2012-07-09 18:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 18:42 . 2012-07-09 18:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-07-06 20:07 . 2012-08-16 08:03 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-06 03:06 . 2012-08-04 04:15 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 03:06 . 2012-08-04 04:15 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:16 . 2012-08-15 16:57 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 16:57 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 16:57 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 16:57 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 5663616]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-09-22 724912]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-04 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Colin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-09-22 724912]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 44032]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-24 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-09-22 110608]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-02-01 500568]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 09:11]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
.
2012-10-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a4e20cf4-d6a6-492e-a8c3-d1acc2bf9d6a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c28d8313-ddea-4d70-82c3-6ea72ac3f977.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\2ftgihfm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\04\04\110ö"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-02 08:15:04
ComboFix-quarantined-files.txt 2012-10-02 13:15
.
Pre-Run: 395,232,727,040 bytes free
Post-Run: 395,116,351,488 bytes free
.
- - End Of File - - D8D170D63EDDEF3AAF6F417B8AF6656F

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 03 October 2012 - 12:55 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 colinrgilbert

colinrgilbert
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 03 October 2012 - 01:48 AM

Here are the two logs:



01:08:27.0141 3736 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
01:08:27.0625 3736 ============================================================
01:08:27.0625 3736 Current date / time: 2012/10/03 01:08:27.0625
01:08:27.0625 3736 SystemInfo:
01:08:27.0625 3736
01:08:27.0625 3736 OS Version: 6.1.7601 ServicePack: 1.0
01:08:27.0625 3736 Product type: Workstation
01:08:27.0625 3736 ComputerName: COLIN-PC
01:08:27.0625 3736 UserName: Colin
01:08:27.0625 3736 Windows directory: C:\Windows
01:08:27.0625 3736 System windows directory: C:\Windows
01:08:27.0625 3736 Running under WOW64
01:08:27.0625 3736 Processor architecture: Intel x64
01:08:27.0625 3736 Number of processors: 4
01:08:27.0625 3736 Page size: 0x1000
01:08:27.0625 3736 Boot type: Normal boot
01:08:27.0625 3736 ============================================================
01:08:28.0717 3736 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:08:28.0732 3736 ============================================================
01:08:28.0732 3736 \Device\Harddisk0\DR0:
01:08:28.0732 3736 MBR partitions:
01:08:28.0732 3736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x543456F0
01:08:28.0732 3736 ============================================================
01:08:28.0748 3736 C: <-> \Device\Harddisk0\DR0\Partition1
01:08:28.0748 3736 ============================================================
01:08:28.0748 3736 Initialize success
01:08:28.0748 3736 ============================================================
01:08:31.0291 1780 ============================================================
01:08:31.0291 1780 Scan started
01:08:31.0291 1780 Mode: Manual;
01:08:31.0291 1780 ============================================================
01:08:31.0603 1780 ================ Scan system memory ========================
01:08:31.0603 1780 System memory - ok
01:08:31.0603 1780 ================ Scan services =============================
01:08:31.0712 1780 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
01:08:31.0712 1780 !SASCORE - ok
01:08:31.0946 1780 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:08:31.0946 1780 1394ohci - ok
01:08:31.0977 1780 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:08:31.0993 1780 ACPI - ok
01:08:32.0008 1780 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:08:32.0008 1780 AcpiPmi - ok
01:08:32.0102 1780 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:08:32.0102 1780 AdobeARMservice - ok
01:08:32.0289 1780 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:08:32.0305 1780 AdobeFlashPlayerUpdateSvc - ok
01:08:32.0352 1780 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:08:32.0383 1780 adp94xx - ok
01:08:32.0430 1780 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:08:32.0445 1780 adpahci - ok
01:08:32.0461 1780 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:08:32.0461 1780 adpu320 - ok
01:08:32.0632 1780 [ 3D672573EF8F317F10C2AABBB2586262 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
01:08:32.0648 1780 AdvancedSystemCareService5 - ok
01:08:32.0695 1780 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:08:32.0695 1780 AeLookupSvc - ok
01:08:32.0757 1780 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe
01:08:32.0773 1780 AFBAgent - ok
01:08:32.0835 1780 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:08:32.0851 1780 AFD - ok
01:08:32.0929 1780 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
01:08:32.0960 1780 AgereSoftModem - ok
01:08:33.0022 1780 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:08:33.0022 1780 agp440 - ok
01:08:33.0069 1780 [ 14370049D8C9912EAC7603809A77C378 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
01:08:33.0069 1780 AiCharger - ok
01:08:33.0100 1780 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:08:33.0100 1780 ALG - ok
01:08:33.0132 1780 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:08:33.0132 1780 aliide - ok
01:08:33.0147 1780 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:08:33.0147 1780 amdide - ok
01:08:33.0163 1780 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:08:33.0163 1780 AmdK8 - ok
01:08:33.0178 1780 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
01:08:33.0194 1780 AmdPPM - ok
01:08:33.0225 1780 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:08:33.0225 1780 amdsata - ok
01:08:33.0288 1780 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:08:33.0288 1780 amdsbs - ok
01:08:33.0319 1780 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:08:33.0334 1780 amdxata - ok
01:08:33.0366 1780 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
01:08:33.0366 1780 AmUStor - ok
01:08:33.0397 1780 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:08:33.0412 1780 AppID - ok
01:08:33.0444 1780 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:08:33.0444 1780 AppIDSvc - ok
01:08:33.0444 1780 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:08:33.0444 1780 Appinfo - ok
01:08:33.0490 1780 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
01:08:33.0490 1780 arc - ok
01:08:33.0506 1780 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:08:33.0506 1780 arcsas - ok
01:08:33.0600 1780 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
01:08:33.0600 1780 ASLDRService - ok
01:08:33.0631 1780 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
01:08:33.0631 1780 ASMMAP64 - ok
01:08:33.0724 1780 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:08:33.0724 1780 aspnet_state - ok
01:08:33.0787 1780 [ A7E7AE771A2FCDBD5F28910A38D9A82C ] assd C:\Windows\system32\drivers\assd.sys
01:08:33.0787 1780 assd - ok
01:08:33.0818 1780 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:08:33.0818 1780 AsyncMac - ok
01:08:33.0849 1780 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:08:33.0849 1780 atapi - ok
01:08:33.0912 1780 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
01:08:33.0958 1780 athr - ok
01:08:33.0990 1780 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
01:08:33.0990 1780 ATKGFNEXSrv - ok
01:08:34.0021 1780 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
01:08:34.0021 1780 ATKWMIACPIIO - ok
01:08:34.0068 1780 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:08:34.0083 1780 AudioEndpointBuilder - ok
01:08:34.0114 1780 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:08:34.0114 1780 AudioSrv - ok
01:08:34.0146 1780 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:08:34.0146 1780 AxInstSV - ok
01:08:34.0177 1780 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:08:34.0192 1780 b06bdrv - ok
01:08:34.0239 1780 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:08:34.0239 1780 b57nd60a - ok
01:08:34.0302 1780 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:08:34.0317 1780 BDESVC - ok
01:08:34.0317 1780 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:08:34.0333 1780 Beep - ok
01:08:34.0411 1780 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:08:34.0426 1780 BFE - ok
01:08:34.0473 1780 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
01:08:34.0489 1780 BITS - ok
01:08:34.0520 1780 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:08:34.0520 1780 blbdrive - ok
01:08:34.0567 1780 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:08:34.0582 1780 Bonjour Service - ok
01:08:34.0598 1780 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:08:34.0614 1780 bowser - ok
01:08:34.0629 1780 [ 56E4345F392F17D66683225E214840CB ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
01:08:34.0645 1780 bpenum - ok
01:08:34.0660 1780 [ D50B07C4D7AFEC4CA6AC8FCB72583C5B ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
01:08:34.0660 1780 bpmp - ok
01:08:34.0676 1780 [ A85BA55E4FE9CB2F342F281AAF7DE810 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
01:08:34.0676 1780 bpusb - ok
01:08:34.0707 1780 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:08:34.0707 1780 BrFiltLo - ok
01:08:34.0723 1780 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:08:34.0723 1780 BrFiltUp - ok
01:08:34.0754 1780 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
01:08:34.0754 1780 BridgeMP - ok
01:08:34.0801 1780 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:08:34.0816 1780 Browser - ok
01:08:34.0816 1780 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:08:34.0832 1780 Brserid - ok
01:08:34.0832 1780 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:08:34.0848 1780 BrSerWdm - ok
01:08:34.0848 1780 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:08:34.0848 1780 BrUsbMdm - ok
01:08:34.0863 1780 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:08:34.0863 1780 BrUsbSer - ok
01:08:34.0910 1780 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
01:08:34.0910 1780 BthEnum - ok
01:08:34.0941 1780 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:08:34.0941 1780 BTHMODEM - ok
01:08:34.0957 1780 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:08:34.0957 1780 BthPan - ok
01:08:35.0004 1780 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
01:08:35.0019 1780 BTHPORT - ok
01:08:35.0066 1780 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:08:35.0066 1780 bthserv - ok
01:08:35.0097 1780 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
01:08:35.0113 1780 BTHUSB - ok
01:08:35.0160 1780 catchme - ok
01:08:35.0191 1780 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:08:35.0191 1780 cdfs - ok
01:08:35.0238 1780 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:08:35.0238 1780 cdrom - ok
01:08:35.0269 1780 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:08:35.0269 1780 CertPropSvc - ok
01:08:35.0284 1780 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
01:08:35.0284 1780 circlass - ok
01:08:35.0300 1780 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:08:35.0316 1780 CLFS - ok
01:08:35.0394 1780 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:08:35.0394 1780 clr_optimization_v2.0.50727_32 - ok
01:08:35.0425 1780 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:08:35.0425 1780 clr_optimization_v2.0.50727_64 - ok
01:08:35.0487 1780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:08:35.0503 1780 clr_optimization_v4.0.30319_32 - ok
01:08:35.0518 1780 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:08:35.0518 1780 clr_optimization_v4.0.30319_64 - ok
01:08:35.0550 1780 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:08:35.0550 1780 CmBatt - ok
01:08:35.0581 1780 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:08:35.0581 1780 cmdide - ok
01:08:35.0628 1780 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:08:35.0643 1780 CNG - ok
01:08:35.0659 1780 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:08:35.0659 1780 Compbatt - ok
01:08:35.0706 1780 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
01:08:35.0706 1780 CompositeBus - ok
01:08:35.0706 1780 COMSysApp - ok
01:08:35.0721 1780 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:08:35.0721 1780 crcdisk - ok
01:08:35.0752 1780 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:08:35.0752 1780 CryptSvc - ok
01:08:35.0799 1780 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:08:35.0815 1780 DcomLaunch - ok
01:08:35.0846 1780 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:08:35.0846 1780 defragsvc - ok
01:08:35.0862 1780 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:08:35.0877 1780 DfsC - ok
01:08:35.0893 1780 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:08:35.0908 1780 Dhcp - ok
01:08:35.0924 1780 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:08:35.0924 1780 discache - ok
01:08:35.0955 1780 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
01:08:35.0955 1780 Disk - ok
01:08:36.0018 1780 [ E7B489FA5B15D2FEC3E52066E015B788 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
01:08:36.0018 1780 DMAgent - ok
01:08:36.0064 1780 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:08:36.0064 1780 Dnscache - ok
01:08:36.0080 1780 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:08:36.0111 1780 dot3svc - ok
01:08:36.0111 1780 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:08:36.0127 1780 DPS - ok
01:08:36.0142 1780 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:08:36.0158 1780 drmkaud - ok
01:08:36.0189 1780 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:08:36.0236 1780 DXGKrnl - ok
01:08:36.0298 1780 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:08:36.0298 1780 EapHost - ok
01:08:36.0408 1780 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:08:36.0501 1780 ebdrv - ok
01:08:36.0517 1780 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:08:36.0532 1780 EFS - ok
01:08:36.0579 1780 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:08:36.0595 1780 ehRecvr - ok
01:08:36.0610 1780 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:08:36.0610 1780 ehSched - ok
01:08:36.0673 1780 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:08:36.0688 1780 elxstor - ok
01:08:36.0688 1780 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:08:36.0688 1780 ErrDev - ok
01:08:36.0751 1780 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:08:36.0751 1780 EventSystem - ok
01:08:36.0844 1780 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
01:08:36.0876 1780 EvtEng - ok
01:08:36.0907 1780 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:08:36.0907 1780 exfat - ok
01:08:36.0938 1780 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:08:36.0938 1780 fastfat - ok
01:08:36.0985 1780 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:08:37.0016 1780 Fax - ok
01:08:37.0032 1780 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
01:08:37.0032 1780 fdc - ok
01:08:37.0063 1780 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:08:37.0063 1780 fdPHost - ok
01:08:37.0078 1780 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:08:37.0078 1780 FDResPub - ok
01:08:37.0078 1780 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:08:37.0094 1780 FileInfo - ok
01:08:37.0110 1780 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:08:37.0110 1780 Filetrace - ok
01:08:37.0110 1780 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:08:37.0125 1780 flpydisk - ok
01:08:37.0156 1780 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:08:37.0156 1780 FltMgr - ok
01:08:37.0188 1780 [ 7DE8A770487FC4B5E3A168AD97E1D370 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
01:08:37.0203 1780 FLxHCIc - ok
01:08:37.0219 1780 [ 2D54A3319FC955029E4B371CDC088FF4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
01:08:37.0219 1780 FLxHCIh - ok
01:08:37.0281 1780 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:08:37.0297 1780 FontCache - ok
01:08:37.0344 1780 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:08:37.0344 1780 FontCache3.0.0.0 - ok
01:08:37.0375 1780 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:08:37.0375 1780 FsDepends - ok
01:08:37.0406 1780 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
01:08:37.0422 1780 fssfltr - ok
01:08:37.0531 1780 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:08:37.0546 1780 fsssvc - ok
01:08:37.0578 1780 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:08:37.0578 1780 Fs_Rec - ok
01:08:37.0609 1780 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:08:37.0609 1780 fvevol - ok
01:08:37.0640 1780 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:08:37.0640 1780 gagp30kx - ok
01:08:37.0687 1780 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:08:37.0702 1780 gpsvc - ok
01:08:37.0749 1780 gupdate - ok
01:08:37.0780 1780 gupdatem - ok
01:08:37.0796 1780 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:08:37.0812 1780 hcw85cir - ok
01:08:37.0843 1780 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:08:37.0858 1780 HdAudAddService - ok
01:08:37.0890 1780 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:08:37.0890 1780 HDAudBus - ok
01:08:37.0905 1780 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:08:37.0905 1780 HidBatt - ok
01:08:37.0905 1780 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:08:37.0921 1780 HidBth - ok
01:08:37.0921 1780 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:08:37.0921 1780 HidIr - ok
01:08:37.0952 1780 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
01:08:37.0952 1780 hidserv - ok
01:08:37.0968 1780 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:08:37.0968 1780 HidUsb - ok
01:08:37.0999 1780 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:08:37.0999 1780 hkmsvc - ok
01:08:38.0030 1780 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:08:38.0030 1780 HomeGroupListener - ok
01:08:38.0061 1780 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:08:38.0061 1780 HomeGroupProvider - ok
01:08:38.0077 1780 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:08:38.0077 1780 HpSAMD - ok
01:08:38.0108 1780 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:08:38.0124 1780 HTTP - ok
01:08:38.0139 1780 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:08:38.0139 1780 hwpolicy - ok
01:08:38.0170 1780 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:08:38.0186 1780 i8042prt - ok
01:08:38.0248 1780 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
01:08:38.0264 1780 iaStor - ok
01:08:38.0295 1780 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:08:38.0295 1780 iaStorV - ok
01:08:38.0358 1780 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:08:38.0373 1780 idsvc - ok
01:08:38.0685 1780 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:08:38.0935 1780 igfx - ok
01:08:38.0982 1780 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:08:38.0982 1780 iirsp - ok
01:08:39.0044 1780 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:08:39.0075 1780 IKEEXT - ok
01:08:39.0138 1780 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
01:08:39.0138 1780 intaud_WaveExtensible - ok
01:08:39.0262 1780 [ 5205DE9BD47F633E06EF3EF3DE11EF99 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:08:39.0340 1780 IntcAzAudAddService - ok
01:08:39.0387 1780 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
01:08:39.0403 1780 IntcDAud - ok
01:08:39.0418 1780 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:08:39.0418 1780 intelide - ok
01:08:39.0450 1780 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:08:39.0465 1780 intelppm - ok
01:08:39.0481 1780 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:08:39.0496 1780 IPBusEnum - ok
01:08:39.0512 1780 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:08:39.0528 1780 IpFilterDriver - ok
01:08:39.0543 1780 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:08:39.0559 1780 iphlpsvc - ok
01:08:39.0590 1780 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:08:39.0590 1780 IPMIDRV - ok
01:08:39.0606 1780 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:08:39.0621 1780 IPNAT - ok
01:08:39.0652 1780 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:08:39.0652 1780 IRENUM - ok
01:08:39.0668 1780 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:08:39.0668 1780 isapnp - ok
01:08:39.0699 1780 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:08:39.0715 1780 iScsiPrt - ok
01:08:39.0762 1780 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
01:08:39.0762 1780 iwdbus - ok
01:08:39.0793 1780 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:08:39.0793 1780 kbdclass - ok
01:08:39.0808 1780 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:08:39.0808 1780 kbdhid - ok
01:08:39.0840 1780 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
01:08:39.0855 1780 kbfiltr - ok
01:08:39.0886 1780 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:08:39.0886 1780 KeyIso - ok
01:08:39.0918 1780 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:08:39.0918 1780 KSecDD - ok
01:08:39.0933 1780 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:08:39.0949 1780 KSecPkg - ok
01:08:39.0964 1780 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:08:39.0964 1780 ksthunk - ok
01:08:39.0996 1780 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:08:40.0011 1780 KtmRm - ok
01:08:40.0058 1780 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
01:08:40.0058 1780 L1C - ok
01:08:40.0089 1780 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
01:08:40.0105 1780 LanmanServer - ok
01:08:40.0136 1780 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:08:40.0136 1780 LanmanWorkstation - ok
01:08:40.0183 1780 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:08:40.0198 1780 lltdio - ok
01:08:40.0230 1780 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:08:40.0245 1780 lltdsvc - ok
01:08:40.0292 1780 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:08:40.0292 1780 lmhosts - ok
01:08:40.0339 1780 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:08:40.0339 1780 LSI_FC - ok
01:08:40.0354 1780 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:08:40.0370 1780 LSI_SAS - ok
01:08:40.0386 1780 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:08:40.0386 1780 LSI_SAS2 - ok
01:08:40.0417 1780 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:08:40.0417 1780 LSI_SCSI - ok
01:08:40.0448 1780 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:08:40.0448 1780 luafv - ok
01:08:40.0510 1780 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:08:40.0510 1780 MBAMProtector - ok
01:08:40.0573 1780 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:08:40.0588 1780 MBAMScheduler - ok
01:08:40.0635 1780 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:08:40.0651 1780 MBAMService - ok
01:08:40.0666 1780 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:08:40.0682 1780 Mcx2Svc - ok
01:08:40.0698 1780 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
01:08:40.0698 1780 megasas - ok
01:08:40.0729 1780 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:08:40.0729 1780 MegaSR - ok
01:08:40.0776 1780 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
01:08:40.0776 1780 MEIx64 - ok
01:08:40.0854 1780 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
01:08:40.0869 1780 Microsoft Office Groove Audit Service - ok
01:08:40.0900 1780 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:08:40.0900 1780 MMCSS - ok
01:08:40.0932 1780 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:08:40.0932 1780 Modem - ok
01:08:40.0963 1780 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:08:40.0963 1780 monitor - ok
01:08:40.0994 1780 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:08:40.0994 1780 mouclass - ok
01:08:41.0025 1780 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:08:41.0025 1780 mouhid - ok
01:08:41.0041 1780 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:08:41.0056 1780 mountmgr - ok
01:08:41.0119 1780 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:08:41.0119 1780 MozillaMaintenance - ok
01:08:41.0166 1780 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
01:08:41.0181 1780 MpFilter - ok
01:08:41.0212 1780 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:08:41.0228 1780 mpio - ok
01:08:41.0228 1780 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:08:41.0244 1780 mpsdrv - ok
01:08:41.0290 1780 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:08:41.0306 1780 MpsSvc - ok
01:08:41.0337 1780 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:08:41.0337 1780 MRxDAV - ok
01:08:41.0353 1780 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:08:41.0353 1780 mrxsmb - ok
01:08:41.0384 1780 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:08:41.0384 1780 mrxsmb10 - ok
01:08:41.0400 1780 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:08:41.0400 1780 mrxsmb20 - ok
01:08:41.0415 1780 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:08:41.0431 1780 msahci - ok
01:08:41.0431 1780 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:08:41.0446 1780 msdsm - ok
01:08:41.0462 1780 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:08:41.0462 1780 MSDTC - ok
01:08:41.0509 1780 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:08:41.0509 1780 Msfs - ok
01:08:41.0540 1780 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:08:41.0540 1780 mshidkmdf - ok
01:08:41.0571 1780 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:08:41.0571 1780 msisadrv - ok
01:08:41.0602 1780 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:08:41.0602 1780 MSiSCSI - ok
01:08:41.0618 1780 msiserver - ok
01:08:41.0634 1780 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:08:41.0634 1780 MSKSSRV - ok
01:08:41.0712 1780 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
01:08:41.0712 1780 MsMpSvc - ok
01:08:41.0743 1780 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:08:41.0743 1780 MSPCLOCK - ok
01:08:41.0774 1780 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:08:41.0774 1780 MSPQM - ok
01:08:41.0790 1780 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:08:41.0805 1780 MsRPC - ok
01:08:41.0821 1780 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:08:41.0821 1780 mssmbios - ok
01:08:41.0836 1780 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:08:41.0852 1780 MSTEE - ok
01:08:41.0852 1780 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:08:41.0868 1780 MTConfig - ok
01:08:41.0868 1780 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:08:41.0868 1780 Mup - ok
01:08:41.0914 1780 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
01:08:41.0930 1780 MyWiFiDHCPDNS - ok
01:08:41.0961 1780 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:08:41.0977 1780 napagent - ok
01:08:42.0039 1780 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:08:42.0055 1780 NativeWifiP - ok
01:08:42.0117 1780 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:08:42.0148 1780 NDIS - ok
01:08:42.0195 1780 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:08:42.0211 1780 NdisCap - ok
01:08:42.0226 1780 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:08:42.0242 1780 NdisTapi - ok
01:08:42.0258 1780 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:08:42.0258 1780 Ndisuio - ok
01:08:42.0289 1780 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:08:42.0289 1780 NdisWan - ok
01:08:42.0304 1780 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:08:42.0304 1780 NDProxy - ok
01:08:42.0304 1780 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:08:42.0320 1780 NetBIOS - ok
01:08:42.0320 1780 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:08:42.0336 1780 NetBT - ok
01:08:42.0351 1780 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:08:42.0367 1780 Netlogon - ok
01:08:42.0398 1780 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:08:42.0414 1780 Netman - ok
01:08:42.0445 1780 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:08:42.0445 1780 NetMsmqActivator - ok
01:08:42.0460 1780 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:08:42.0460 1780 NetPipeActivator - ok
01:08:42.0476 1780 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:08:42.0492 1780 netprofm - ok
01:08:42.0507 1780 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:08:42.0507 1780 NetTcpActivator - ok
01:08:42.0507 1780 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:08:42.0523 1780 NetTcpPortSharing - ok
01:08:42.0741 1780 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
01:08:42.0913 1780 NETwNs64 - ok
01:08:42.0960 1780 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:08:42.0960 1780 nfrd960 - ok
01:08:43.0038 1780 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:08:43.0084 1780 NisDrv - ok
01:08:43.0131 1780 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
01:08:43.0131 1780 NisSrv - ok
01:08:43.0194 1780 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:08:43.0194 1780 NlaSvc - ok
01:08:43.0225 1780 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:08:43.0225 1780 Npfs - ok
01:08:43.0240 1780 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:08:43.0240 1780 nsi - ok
01:08:43.0272 1780 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:08:43.0272 1780 nsiproxy - ok
01:08:43.0350 1780 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:08:43.0396 1780 Ntfs - ok
01:08:43.0412 1780 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:08:43.0412 1780 Null - ok
01:08:43.0443 1780 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:08:43.0459 1780 nvraid - ok
01:08:43.0459 1780 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:08:43.0474 1780 nvstor - ok
01:08:43.0506 1780 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:08:43.0506 1780 nv_agp - ok
01:08:43.0599 1780 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:08:43.0599 1780 odserv - ok
01:08:43.0630 1780 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:08:43.0630 1780 ohci1394 - ok
01:08:43.0677 1780 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:08:43.0677 1780 ose - ok
01:08:43.0740 1780 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:08:43.0740 1780 p2pimsvc - ok
01:08:43.0786 1780 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:08:43.0802 1780 p2psvc - ok
01:08:43.0864 1780 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
01:08:43.0864 1780 Parport - ok
01:08:43.0896 1780 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:08:43.0896 1780 partmgr - ok
01:08:43.0911 1780 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:08:43.0927 1780 PcaSvc - ok
01:08:43.0942 1780 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:08:43.0958 1780 pci - ok
01:08:43.0974 1780 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:08:43.0974 1780 pciide - ok
01:08:44.0005 1780 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:08:44.0005 1780 pcmcia - ok
01:08:44.0020 1780 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:08:44.0036 1780 pcw - ok
01:08:44.0052 1780 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:08:44.0067 1780 PEAUTH - ok
01:08:44.0208 1780 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:08:44.0208 1780 PerfHost - ok
01:08:44.0270 1780 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:08:44.0317 1780 pla - ok
01:08:44.0364 1780 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:08:44.0364 1780 PlugPlay - ok
01:08:44.0410 1780 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:08:44.0410 1780 PNRPAutoReg - ok
01:08:44.0426 1780 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:08:44.0442 1780 PNRPsvc - ok
01:08:44.0488 1780 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:08:44.0504 1780 PolicyAgent - ok
01:08:44.0535 1780 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:08:44.0535 1780 Power - ok
01:08:44.0566 1780 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:08:44.0566 1780 PptpMiniport - ok
01:08:44.0598 1780 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
01:08:44.0598 1780 Processor - ok
01:08:44.0644 1780 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:08:44.0644 1780 ProfSvc - ok
01:08:44.0660 1780 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:08:44.0676 1780 ProtectedStorage - ok
01:08:44.0691 1780 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:08:44.0707 1780 Psched - ok
01:08:44.0769 1780 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:08:44.0832 1780 ql2300 - ok
01:08:44.0847 1780 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:08:44.0847 1780 ql40xx - ok
01:08:44.0878 1780 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:08:44.0894 1780 QWAVE - ok
01:08:44.0910 1780 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:08:44.0910 1780 QWAVEdrv - ok
01:08:44.0956 1780 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:08:44.0956 1780 RasAcd - ok
01:08:44.0988 1780 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:08:44.0988 1780 RasAgileVpn - ok
01:08:44.0988 1780 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:08:45.0003 1780 RasAuto - ok
01:08:45.0019 1780 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:08:45.0019 1780 Rasl2tp - ok
01:08:45.0050 1780 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:08:45.0066 1780 RasMan - ok
01:08:45.0081 1780 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:08:45.0081 1780 RasPppoe - ok
01:08:45.0097 1780 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:08:45.0097 1780 RasSstp - ok
01:08:45.0112 1780 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:08:45.0112 1780 rdbss - ok
01:08:45.0144 1780 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
01:08:45.0144 1780 rdpbus - ok
01:08:45.0159 1780 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:08:45.0159 1780 RDPCDD - ok
01:08:45.0206 1780 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:08:45.0206 1780 RDPENCDD - ok
01:08:45.0222 1780 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:08:45.0222 1780 RDPREFMP - ok
01:08:45.0268 1780 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:08:45.0268 1780 RDPWD - ok
01:08:45.0315 1780 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:08:45.0315 1780 rdyboost - ok
01:08:45.0393 1780 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
01:08:45.0409 1780 RegSrvc - ok
01:08:45.0456 1780 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:08:45.0456 1780 RemoteAccess - ok
01:08:45.0487 1780 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:08:45.0487 1780 RemoteRegistry - ok
01:08:45.0534 1780 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:08:45.0549 1780 RFCOMM - ok
01:08:45.0565 1780 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:08:45.0565 1780 RpcEptMapper - ok
01:08:45.0596 1780 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:08:45.0596 1780 RpcLocator - ok
01:08:45.0627 1780 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
01:08:45.0627 1780 RpcSs - ok
01:08:45.0658 1780 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:08:45.0658 1780 rspndr - ok
01:08:45.0674 1780 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:08:45.0690 1780 SamSs - ok
01:08:45.0752 1780 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:08:45.0752 1780 SASDIFSV - ok
01:08:45.0768 1780 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:08:45.0768 1780 SASKUTIL - ok
01:08:45.0799 1780 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:08:45.0799 1780 sbp2port - ok
01:08:45.0892 1780 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
01:08:45.0908 1780 SBSDWSCService - ok
01:08:45.0939 1780 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:08:45.0939 1780 SCardSvr - ok
01:08:45.0955 1780 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:08:45.0955 1780 scfilter - ok
01:08:46.0002 1780 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:08:46.0017 1780 Schedule - ok
01:08:46.0033 1780 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:08:46.0033 1780 SCPolicySvc - ok
01:08:46.0048 1780 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:08:46.0048 1780 SDRSVC - ok
01:08:46.0095 1780 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:08:46.0095 1780 secdrv - ok
01:08:46.0111 1780 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:08:46.0111 1780 seclogon - ok
01:08:46.0127 1780 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
01:08:46.0127 1780 SENS - ok
01:08:46.0158 1780 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:08:46.0158 1780 SensrSvc - ok
01:08:46.0189 1780 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
01:08:46.0189 1780 Serenum - ok
01:08:46.0220 1780 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
01:08:46.0220 1780 Serial - ok
01:08:46.0267 1780 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:08:46.0267 1780 sermouse - ok
01:08:46.0283 1780 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:08:46.0298 1780 SessionEnv - ok
01:08:46.0314 1780 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:08:46.0314 1780 sffdisk - ok
01:08:46.0329 1780 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:08:46.0329 1780 sffp_mmc - ok
01:08:46.0345 1780 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:08:46.0345 1780 sffp_sd - ok
01:08:46.0361 1780 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:08:46.0361 1780 sfloppy - ok
01:08:46.0407 1780 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:08:46.0407 1780 SharedAccess - ok
01:08:46.0454 1780 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:08:46.0470 1780 ShellHWDetection - ok
01:08:46.0501 1780 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
01:08:46.0501 1780 SiSGbeLH - ok
01:08:46.0532 1780 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:08:46.0532 1780 SiSRaid2 - ok
01:08:46.0563 1780 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:08:46.0563 1780 SiSRaid4 - ok
01:08:46.0595 1780 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:08:46.0595 1780 Smb - ok
01:08:46.0641 1780 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:08:46.0641 1780 SNMPTRAP - ok
01:08:46.0673 1780 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:08:46.0673 1780 spldr - ok
01:08:46.0735 1780 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:08:46.0735 1780 Spooler - ok
01:08:46.0844 1780 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:08:46.0922 1780 sppsvc - ok
01:08:46.0938 1780 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:08:46.0938 1780 sppuinotify - ok
01:08:46.0953 1780 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:08:46.0969 1780 srv - ok
01:08:46.0985 1780 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:08:46.0985 1780 srv2 - ok
01:08:47.0000 1780 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:08:47.0000 1780 srvnet - ok
01:08:47.0016 1780 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:08:47.0016 1780 SSDPSRV - ok
01:08:47.0031 1780 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:08:47.0031 1780 SstpSvc - ok
01:08:47.0047 1780 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:08:47.0047 1780 stexstor - ok
01:08:47.0094 1780 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:08:47.0109 1780 stisvc - ok
01:08:47.0141 1780 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:08:47.0141 1780 swenum - ok
01:08:47.0265 1780 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
01:08:47.0281 1780 SwitchBoard - ok
01:08:47.0312 1780 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:08:47.0328 1780 swprv - ok
01:08:47.0390 1780 [ 7E8902F9929A5D9FFD0F545332CE0F10 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:08:47.0437 1780 SynTP - ok
01:08:47.0499 1780 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:08:47.0531 1780 SysMain - ok
01:08:47.0546 1780 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:08:47.0562 1780 TabletInputService - ok
01:08:47.0562 1780 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:08:47.0577 1780 TapiSrv - ok
01:08:47.0593 1780 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:08:47.0593 1780 TBS - ok
01:08:47.0687 1780 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:08:47.0749 1780 Tcpip - ok
01:08:47.0796 1780 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:08:47.0811 1780 TCPIP6 - ok
01:08:47.0843 1780 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:08:47.0843 1780 tcpipreg - ok
01:08:47.0858 1780 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:08:47.0874 1780 TDPIPE - ok
01:08:47.0889 1780 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:08:47.0889 1780 TDTCP - ok
01:08:47.0921 1780 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:08:47.0921 1780 tdx - ok
01:08:47.0936 1780 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:08:47.0952 1780 TermDD - ok
01:08:47.0999 1780 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:08:48.0030 1780 TermService - ok
01:08:48.0061 1780 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:08:48.0061 1780 Themes - ok
01:08:48.0092 1780 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:08:48.0108 1780 THREADORDER - ok
01:08:48.0123 1780 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
01:08:48.0123 1780 TPM - ok
01:08:48.0139 1780 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:08:48.0139 1780 TrkWks - ok
01:08:48.0201 1780 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:08:48.0201 1780 TrustedInstaller - ok
01:08:48.0233 1780 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:08:48.0233 1780 tssecsrv - ok
01:08:48.0248 1780 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:08:48.0264 1780 TsUsbFlt - ok
01:08:48.0264 1780 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:08:48.0264 1780 TsUsbGD - ok
01:08:48.0326 1780 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:08:48.0342 1780 tunnel - ok
01:08:48.0389 1780 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
01:08:48.0389 1780 TurboB - ok
01:08:48.0420 1780 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
01:08:48.0420 1780 TurboBoost - ok
01:08:48.0435 1780 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:08:48.0451 1780 uagp35 - ok
01:08:48.0467 1780 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:08:48.0482 1780 udfs - ok
01:08:48.0513 1780 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:08:48.0529 1780 UI0Detect - ok
01:08:48.0560 1780 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:08:48.0560 1780 uliagpkx - ok
01:08:48.0591 1780 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:08:48.0591 1780 umbus - ok
01:08:48.0623 1780 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
01:08:48.0623 1780 UmPass - ok
01:08:48.0654 1780 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:08:48.0654 1780 upnphost - ok
01:08:48.0685 1780 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:08:48.0685 1780 USBAAPL64 - ok
01:08:48.0716 1780 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:08:48.0716 1780 usbccgp - ok
01:08:48.0716 1780 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:08:48.0732 1780 usbcir - ok
01:08:48.0747 1780 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:08:48.0747 1780 usbehci - ok
01:08:48.0763 1780 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:08:48.0763 1780 usbhub - ok
01:08:48.0779 1780 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:08:48.0779 1780 usbohci - ok
01:08:48.0825 1780 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:08:48.0825 1780 usbprint - ok
01:08:48.0857 1780 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:08:48.0857 1780 usbscan - ok
01:08:48.0872 1780 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:08:48.0872 1780 USBSTOR - ok
01:08:48.0888 1780 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:08:48.0888 1780 usbuhci - ok
01:08:48.0903 1780 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:08:48.0903 1780 usbvideo - ok
01:08:48.0935 1780 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:08:48.0935 1780 UxSms - ok
01:08:48.0950 1780 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:08:48.0966 1780 VaultSvc - ok
01:08:48.0981 1780 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:08:48.0981 1780 vdrvroot - ok
01:08:49.0013 1780 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:08:49.0028 1780 vds - ok
01:08:49.0059 1780 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:08:49.0059 1780 vga - ok
01:08:49.0075 1780 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:08:49.0075 1780 VgaSave - ok
01:08:49.0106 1780 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:08:49.0106 1780 vhdmp - ok
01:08:49.0122 1780 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:08:49.0122 1780 viaide - ok
01:08:49.0153 1780 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:08:49.0153 1780 volmgr - ok
01:08:49.0169 1780 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:08:49.0184 1780 volmgrx - ok
01:08:49.0184 1780 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:08:49.0200 1780 volsnap - ok
01:08:49.0215 1780 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:08:49.0231 1780 vsmraid - ok
01:08:49.0293 1780 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:08:49.0340 1780 VSS - ok
01:08:49.0356 1780 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:08:49.0356 1780 vwifibus - ok
01:08:49.0371 1780 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:08:49.0371 1780 vwififlt - ok
01:08:49.0403 1780 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:08:49.0403 1780 vwifimp - ok
01:08:49.0434 1780 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:08:49.0449 1780 W32Time - ok
01:08:49.0465 1780 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:08:49.0465 1780 WacomPen - ok
01:08:49.0496 1780 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:08:49.0496 1780 WANARP - ok
01:08:49.0512 1780 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:08:49.0527 1780 Wanarpv6 - ok
01:08:49.0605 1780 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:08:49.0652 1780 WatAdminSvc - ok
01:08:49.0715 1780 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:08:49.0777 1780 wbengine - ok
01:08:49.0808 1780 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:08:49.0808 1780 WbioSrvc - ok
01:08:49.0824 1780 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:08:49.0855 1780 wcncsvc - ok
01:08:49.0871 1780 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:08:49.0871 1780 WcsPlugInService - ok
01:08:49.0902 1780 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
01:08:49.0902 1780 Wd - ok
01:08:49.0933 1780 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:08:49.0949 1780 Wdf01000 - ok
01:08:49.0949 1780 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:08:49.0964 1780 WdiServiceHost - ok
01:08:49.0964 1780 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:08:49.0964 1780 WdiSystemHost - ok
01:08:49.0995 1780 [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
01:08:50.0011 1780 wdkmd - ok
01:08:50.0027 1780 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:08:50.0042 1780 WebClient - ok
01:08:50.0042 1780 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:08:50.0058 1780 Wecsvc - ok
01:08:50.0058 1780 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:08:50.0073 1780 wercplsupport - ok
01:08:50.0089 1780 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:08:50.0089 1780 WerSvc - ok
01:08:50.0136 1780 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:08:50.0136 1780 WfpLwf - ok
01:08:50.0198 1780 [ 245EA6A2CFAE7B183EE9A14A4673B1F1 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
01:08:50.0214 1780 WiMAXAppSrv - ok
01:08:50.0261 1780 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
01:08:50.0276 1780 WimFltr - ok
01:08:50.0292 1780 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:08:50.0292 1780 WIMMount - ok
01:08:50.0307 1780 WinDefend - ok
01:08:50.0323 1780 WinHttpAutoProxySvc - ok
01:08:50.0385 1780 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:08:50.0385 1780 Winmgmt - ok
01:08:50.0463 1780 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:08:50.0526 1780 WinRM - ok
01:08:50.0573 1780 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
01:08:50.0588 1780 WinUsb - ok
01:08:50.0619 1780 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:08:50.0619 1780 Wlansvc - ok
01:08:50.0682 1780 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:08:50.0682 1780 wlcrasvc - ok
01:08:50.0775 1780 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:08:50.0807 1780 wlidsvc - ok
01:08:50.0838 1780 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:08:50.0838 1780 WmiAcpi - ok
01:08:50.0869 1780 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:08:50.0869 1780 wmiApSrv - ok
01:08:50.0900 1780 WMPNetworkSvc - ok
01:08:50.0931 1780 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:08:50.0931 1780 WPCSvc - ok
01:08:50.0947 1780 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:08:50.0947 1780 WPDBusEnum - ok
01:08:50.0994 1780 [ C8E34D4F6F84B09CA67E20682C2C0737 ] WRkrn C:\Windows\system32\drivers\WRkrn.sys
01:08:50.0994 1780 WRkrn - ok
01:08:51.0056 1780 [ C4740DCA626F0C40628E507F528C26AD ] WRSVC C:\Program Files\Webroot\WRSA.exe
01:08:51.0056 1780 WRSVC - ok
01:08:51.0087 1780 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:08:51.0087 1780 ws2ifsl - ok
01:08:51.0103 1780 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
01:08:51.0103 1780 wscsvc - ok
01:08:51.0119 1780 WSearch - ok
01:08:51.0197 1780 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:08:51.0228 1780 wuauserv - ok
01:08:51.0243 1780 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:08:51.0243 1780 WudfPf - ok
01:08:51.0275 1780 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:08:51.0275 1780 WUDFRd - ok
01:08:51.0290 1780 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:08:51.0290 1780 wudfsvc - ok
01:08:51.0321 1780 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:08:51.0321 1780 WwanSvc - ok
01:08:51.0368 1780 ================ Scan global ===============================
01:08:51.0399 1780 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:08:51.0415 1780 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:08:51.0415 1780 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:08:51.0446 1780 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:08:51.0477 1780 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:08:51.0477 1780 [Global] - ok
01:08:51.0477 1780 ================ Scan MBR ==================================
01:08:51.0493 1780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:08:51.0805 1780 \Device\Harddisk0\DR0 - ok
01:08:51.0821 1780 ================ Scan VBR ==================================
01:08:51.0821 1780 [ D9D5F2C87915B63A137EAAA7E1625541 ] \Device\Harddisk0\DR0\Partition1
01:08:51.0821 1780 \Device\Harddisk0\DR0\Partition1 - ok
01:08:51.0821 1780 ============================================================
01:08:51.0821 1780 Scan finished
01:08:51.0821 1780 ============================================================
01:08:51.0836 3976 Detected object count: 0
01:08:51.0836 3976 Actual detected object count: 0
01:09:05.0268 4204 Deinitialize success





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-03 01:11:52
-----------------------------
01:11:52.049 OS Version: Windows x64 6.1.7601 Service Pack 1
01:11:52.049 Number of processors: 4 586 0x2A07
01:11:52.049 ComputerName: COLIN-PC UserName: Colin
01:11:55.559 Initialize success
01:16:42.805 AVAST engine defs: 12100300
01:18:43.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:18:43.658 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
01:18:43.690 Disk 0 MBR read successfully
01:18:43.690 Disk 0 MBR scan
01:18:43.705 Disk 0 Windows 7 default MBR code
01:18:43.705 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
01:18:43.721 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 689802 MB offset 52430848
01:18:43.830 Disk 0 scanning C:\Windows\system32\drivers
01:18:58.385 Service scanning
01:19:42.860 Modules scanning
01:19:42.876 Disk 0 trace - called modules:
01:19:42.892 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
01:19:42.907 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e31060]
01:19:42.907 3 CLASSPNP.SYS[fffff88001b8643f] -> nt!IofCallDriver -> [0xfffffa800779d430]
01:19:42.923 5 ACPI.sys[fffff88000eeb7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077c7050]
01:19:46.074 AVAST engine scan C:\Windows
01:19:54.264 AVAST engine scan C:\Windows\system32
01:24:05.206 AVAST engine scan C:\Windows\system32\drivers
01:24:24.550 AVAST engine scan C:\Users\Colin
01:36:55.083 AVAST engine scan C:\ProgramData
01:39:37.245 Scan finished successfully
01:42:05.945 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Desktop\MBR.dat"
01:42:06.038 The log file has been saved successfully to "C:\Users\Colin\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 03 October 2012 - 01:51 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 05 October 2012 - 11:48 PM

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 colinrgilbert

colinrgilbert
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 07 October 2012 - 06:32 AM

My apologies. I thought I posted this a few days ago. I must have not done so correctly. The computer is still moving a bit slowly compared to before the virus came on board.

Here is the log:



ComboFix 12-10-02.02 - Colin 10/03/2012 3:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.5836 [GMT -5:00]
Running from: c:\users\Colin\Desktop\ComboFix.exe
Command switches used :: c:\users\Colin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 )))))))))))))))))))))))))))))))
.
.
2012-10-03 08:30 . 2012-10-03 08:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-03 06:25 . 2012-10-03 06:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E62D6DD-CC75-4608-B296-B63BA75CA4B9}\offreg.dll
2012-10-03 06:06 . 2012-10-03 06:06 -------- d-----w- C:\Old logs
2012-10-02 13:20 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E62D6DD-CC75-4608-B296-B63BA75CA4B9}\mpengine.dll
2012-10-01 06:51 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-27 01:04 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 08:00 . 2012-08-24 10:13 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-09-24 08:00 . 2012-08-24 10:14 816640 ----a-w- c:\windows\system32\jscript.dll
2012-09-24 08:00 . 2012-08-24 10:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-24 08:00 . 2012-08-24 06:52 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-09-24 08:00 . 2012-08-24 10:24 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-09-24 08:00 . 2012-08-24 10:25 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-09-24 08:00 . 2012-08-24 06:53 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-09-24 08:00 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-24 08:00 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-24 03:07 . 2012-09-24 03:07 -------- d-----w- c:\program files (x86)\ESET
2012-09-24 01:42 . 2012-09-24 01:42 -------- d-----w- c:\programdata\IObit
2012-09-24 01:42 . 2012-09-24 09:45 -------- d-----w- c:\users\Colin\AppData\Roaming\IObit
2012-09-24 01:42 . 2012-09-24 01:42 -------- d-----w- c:\program files (x86)\IObit
2012-09-20 11:16 . 2012-09-20 11:16 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14F89242-9D09-4F9C-9437-67EF6CEB8813}\gapaengine.dll
2012-09-20 11:14 . 2012-10-02 08:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-20 11:14 . 2012-10-02 08:01 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-20 08:42 . 2012-09-20 08:42 -------- d-----w- c:\programdata\Sophos
2012-09-20 08:42 . 2012-09-20 08:42 73728 ----a-r- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-20 08:42 . 2012-09-20 08:42 73728 ----a-r- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-20 08:42 . 2012-09-20 08:42 73728 ----a-r- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-20 08:42 . 2012-09-20 08:42 -------- d-----w- c:\program files (x86)\Sophos
2012-09-20 07:56 . 2012-09-20 07:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-20 07:53 . 2012-09-20 07:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-20 07:53 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 07:40 . 2012-09-20 07:40 -------- d-----w- c:\users\Colin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 07:40 . 2012-10-02 21:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 07:40 . 2012-09-20 07:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-19 20:37 . 2012-10-02 13:19 -------- d-----r- c:\users\Colin\Dropbox
2012-09-19 20:05 . 2012-10-02 13:19 -------- d-----w- c:\users\Colin\AppData\Roaming\Dropbox
2012-09-19 05:22 . 2012-09-25 01:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-18 21:52 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBB74A9E-06EA-4A76-9BB7-5CD388D49E5B}\mpengine.dll
2012-09-18 01:56 . 2012-09-21 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-18 01:45 . 2012-09-18 01:45 -------- d-----w- c:\users\Colin\AppData\Roaming\Auslogics
2012-09-18 01:45 . 2012-09-18 01:45 -------- d-----w- c:\program files (x86)\Auslogics
2012-09-18 01:43 . 2012-09-18 01:43 -------- d-----w- c:\program files\CCleaner
2012-09-18 01:36 . 2012-09-18 01:42 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-09-18 01:32 . 2012-09-24 03:31 -------- d-----w- c:\program files (x86)\Coupon Companion
2012-09-18 01:21 . 2012-09-18 01:21 388096 ----a-r- c:\users\Colin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-18 01:21 . 2012-09-18 01:21 -------- d-----w- c:\program files (x86)\Trend Micro
2012-09-17 23:52 . 2012-09-17 23:52 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-09-17 23:37 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-17 17:45 . 2012-09-19 20:41 -------- d-----w- C:\Safe Folder
2012-09-17 00:24 . 2012-09-17 22:48 -------- d-----w- c:\program files (x86)\F-Secure
2012-09-16 23:55 . 2012-09-25 02:26 -------- d-----w- c:\programdata\AVAST Software
2012-09-16 23:55 . 2012-09-17 23:36 -------- d-----w- c:\program files\AVAST Software
2012-09-16 23:29 . 2012-09-18 00:52 -------- d-----w- c:\programdata\F-Secure
2012-09-15 22:27 . 2012-09-15 22:27 -------- d-----w- c:\users\Colin\AppData\Local\ElevatedDiagnostics
2012-09-15 21:45 . 2012-09-15 21:45 -------- d-----w- c:\windows\PIF
2012-09-15 19:07 . 2012-09-15 19:07 -------- d-----w- c:\users\Colin\AppData\Roaming\Malwarebytes
2012-09-15 19:07 . 2012-09-15 19:07 -------- d-----w- c:\programdata\Malwarebytes
2012-09-15 14:20 . 2012-09-17 22:48 -------- d-----w- c:\users\Colin\AppData\Local\{8E462D67-FF40-11E1-8271-B8AC6F996F26}
2012-09-15 12:28 . 2012-09-20 17:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-12 13:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:05 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:05 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:05 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-07 08:54 . 2012-09-07 08:54 -------- d-----w- c:\program files\Adobe
2012-09-07 07:29 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-09-07 04:22 . 2012-09-25 23:28 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-09-07 04:20 . 2012-09-07 08:54 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-07 04:17 . 2012-09-07 04:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-09-03 13:15 . 2012-09-03 13:15 -------- d-----w- c:\users\Colin\AppData\Roaming\U3
2012-09-03 11:05 . 2012-09-03 11:05 -------- d-----w- c:\program files (x86)\Rovio
2012-09-03 10:54 . 2012-09-03 11:06 -------- d-----w- c:\users\Colin\AppData\Roaming\Rovio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 13:19 . 2012-04-30 04:54 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-09-22 18:53 . 2012-07-15 22:12 150712 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-09-22 18:53 . 2012-07-15 22:12 110608 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-09-22 18:53 . 2012-07-15 22:12 102832 ----a-w- c:\windows\system32\WRusr.dll
2012-09-21 09:11 . 2012-07-19 08:13 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 09:11 . 2012-07-19 08:13 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 05:43 . 2012-07-16 18:20 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-03-21 01:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-04 04:19 . 2012-08-04 04:19 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-04 04:19 . 2012-08-04 04:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-18 18:15 . 2012-08-15 16:57 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 22:05 . 2011-03-29 02:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-12 22:13 . 2012-07-19 07:26 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-09 18:42 . 2012-07-09 18:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 18:42 . 2012-07-09 18:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-07-06 20:07 . 2012-08-16 08:03 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-06 03:06 . 2012-08-04 04:15 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 03:06 . 2012-08-04 04:15 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-02 5664640]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-09-22 724912]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-04 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Colin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-09-22 724912]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 44032]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-24 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-09-22 110608]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-02-01 500568]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-04-08 177152]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-04-08 56320]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 32848597
*NewlyCreated* - WS2IFSL
*Deregistered* - 32848597
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 09:11]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
.
2012-10-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a4e20cf4-d6a6-492e-a8c3-d1acc2bf9d6a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c28d8313-ddea-4d70-82c3-6ea72ac3f977.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Colin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\2ftgihfm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\04\04\110ö"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-03 03:32:40
ComboFix-quarantined-files.txt 2012-10-03 08:32
ComboFix2.txt 2012-10-02 13:15
.
Pre-Run: 400,154,279,936 bytes free
Post-Run: 399,861,297,152 bytes free
.
- - End Of File - - BAA459321AB1B14750EF4D4BFE459839

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:51 AM

Posted 07 October 2012 - 07:20 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users