Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Win64.Zaccess.a


  • This topic is locked This topic is locked
20 replies to this topic

#1 TimB48

TimB48

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 30 September 2012 - 06:02 AM

I have a PC infected with the above trojan. I have attempted removal with a guide from another site, who recommended running TDSSkiller,Combofix and Hitman Pro. They appear to recognise the infection, quarantine it but fail to delete it or deal with it in any other way.
FRST and DDS logs are listed below for your information.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01
Ran by SYSTEM at 30-09-2012 12:34:44
Running from J:\AV
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] ()
HKLM-x32\...\Run: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1226024 2010-02-22] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\lars\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-30] (Google Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-09-16] (Dell)
Tcpip\Parameters: [DhcpNameServer] 212.23.3.100 212.23.6.100
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4\n. ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\lars\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\lars\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\lars\Start Menu\Programs\Startup\_uninst_69500368.lnk
ShortcutTarget: _uninst_69500368.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)

==================== Drivers (Whitelisted) =====================

0 83582399; C:\Windows\System32\Drivers\83582399.sys [460888 2012-09-29] (Kaspersky Lab ZAO)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 hitmanpro36; C:\Windows\System32\Drivers\hitmanpro36.sys [30496 2012-09-30] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 XG762V64; C:\Windows\System32\DRIVERS\WlanUZG.sys [1041920 2008-03-27] (Atheros Communications, Inc.)
3 ZDCNDIS6a64; \??\C:\Windows\system32\ZDCNDIS6a64.sys [41280 2008-03-27] (Printing Communications Assoc., Inc. (PCAUSA))
3 mfeavfk01; [x]
3 mferkdet01; \Device\mferkdet01.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-30 12:10 - 2012-09-30 12:10 - 00000000 ____D C:\FRST
2012-09-30 11:44 - 2012-09-30 11:44 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-09-30 11:21 - 2012-09-30 11:21 - 00000000 ____D C:\Program Files\HitmanPro
2012-09-29 18:51 - 2012-09-30 11:34 - 00000808 ____A C:\Windows\System32\.crusader
2012-09-29 18:41 - 2012-09-29 18:51 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-29 18:41 - 2012-09-29 18:51 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-09-29 18:33 - 2012-09-30 11:46 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-29 18:13 - 2012-09-29 18:14 - 00000000 ____D C:\New folder
2012-09-29 18:11 - 2012-09-29 18:11 - 00000000 ____D C:\AV
2012-09-29 18:05 - 2012-09-29 15:28 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\lars\Desktop\ieexplore.exe.exe
2012-09-29 14:19 - 2012-09-29 14:19 - 00000000 ____D C:\Users\lars\Application Data\SUPERAntiSpyware.com
2012-09-29 14:19 - 2012-09-29 14:19 - 00000000 ____D C:\Users\lars\AppData\Roaming\SUPERAntiSpyware.com
2012-09-29 14:19 - 2012-09-29 14:19 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-29 14:19 - 2012-09-29 14:19 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-09-29 14:00 - 2012-09-29 14:00 - 00000000 ____D C:\Users\lars\Application Data\Malwarebytes
2012-09-29 14:00 - 2012-09-29 14:00 - 00000000 ____D C:\Users\lars\AppData\Roaming\Malwarebytes
2012-09-29 13:59 - 2012-09-29 13:59 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 13:59 - 2012-09-29 13:59 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 13:59 - 2012-09-29 13:59 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-29 13:59 - 2012-09-29 13:59 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-09-29 13:59 - 2012-09-29 13:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 13:59 - 2012-09-07 18:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-29 13:18 - 2012-09-29 13:18 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-09-29 13:18 - 2012-09-29 13:18 - 00000000 ____D C:\Users\All Users\Application Data\Kaspersky Lab
2012-09-29 13:17 - 2012-09-29 13:55 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\83582399.sys
2012-09-28 09:04 - 2012-09-28 09:04 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{5AADEC42-45BC-4DBE-8066-C51915573308}
2012-09-28 09:04 - 2012-09-28 09:04 - 00000000 ____D C:\Users\lars\Local Settings\{5AADEC42-45BC-4DBE-8066-C51915573308}
2012-09-28 09:04 - 2012-09-28 09:04 - 00000000 ____D C:\Users\lars\AppData\Local\{5AADEC42-45BC-4DBE-8066-C51915573308}
2012-09-27 11:37 - 2012-09-29 13:58 - 00000000 ____D C:\Users\lars\Desktop\troj info
2012-09-27 11:17 - 2012-09-27 11:17 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{C8DAD14B-D485-4EAA-8653-C2C2F5B7E66D}
2012-09-27 11:17 - 2012-09-27 11:17 - 00000000 ____D C:\Users\lars\Local Settings\{C8DAD14B-D485-4EAA-8653-C2C2F5B7E66D}
2012-09-27 11:17 - 2012-09-27 11:17 - 00000000 ____D C:\Users\lars\AppData\Local\{C8DAD14B-D485-4EAA-8653-C2C2F5B7E66D}
2012-09-26 16:05 - 2012-09-26 16:05 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{31961975-5836-4793-90B7-13A6364A6BEA}
2012-09-26 16:05 - 2012-09-26 16:05 - 00000000 ____D C:\Users\lars\Local Settings\{31961975-5836-4793-90B7-13A6364A6BEA}
2012-09-26 16:05 - 2012-09-26 16:05 - 00000000 ____D C:\Users\lars\AppData\Local\{31961975-5836-4793-90B7-13A6364A6BEA}
2012-09-26 16:00 - 2012-08-21 23:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-26 12:06 - 2012-09-26 12:06 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{3BFA9372-4ADB-41B0-9FA0-3B75FB66B321}
2012-09-26 12:06 - 2012-09-26 12:06 - 00000000 ____D C:\Users\lars\Local Settings\{3BFA9372-4ADB-41B0-9FA0-3B75FB66B321}
2012-09-26 12:06 - 2012-09-26 12:06 - 00000000 ____D C:\Users\lars\AppData\Local\{3BFA9372-4ADB-41B0-9FA0-3B75FB66B321}
2012-09-25 08:24 - 2012-09-25 08:24 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{13F2BE63-8410-4A57-A975-DDE340FCC43B}
2012-09-25 08:24 - 2012-09-25 08:24 - 00000000 ____D C:\Users\lars\Local Settings\{13F2BE63-8410-4A57-A975-DDE340FCC43B}
2012-09-25 08:24 - 2012-09-25 08:24 - 00000000 ____D C:\Users\lars\AppData\Local\{13F2BE63-8410-4A57-A975-DDE340FCC43B}
2012-09-24 23:00 - 2012-09-25 08:33 - 00000028 ____A C:\Users\lars\Desktop\troj.txt
2012-09-24 22:46 - 2012-09-30 11:42 - 00006529 ____A C:\Users\lars\Local Settings\chromeupdate.crx
2012-09-24 22:46 - 2012-09-30 11:42 - 00006529 ____A C:\Users\lars\Local Settings\Application Data\chromeupdate.crx
2012-09-24 22:46 - 2012-09-30 11:42 - 00006529 ____A C:\Users\lars\AppData\Local\chromeupdate.crx
2012-09-24 22:46 - 2012-09-24 22:46 - 00000000 ____D C:\Users\All Users\Application Data\7531E8D9000C0C4202AC0FB2F875F002
2012-09-24 22:46 - 2012-09-24 22:46 - 00000000 ____D C:\Users\All Users\7531E8D9000C0C4202AC0FB2F875F002
2012-09-24 22:45 - 2012-09-29 18:04 - 00000000 ____D C:\Users\lars\Application Data\Ynbe
2012-09-24 22:45 - 2012-09-29 18:04 - 00000000 ____D C:\Users\lars\AppData\Roaming\Ynbe
2012-09-24 22:45 - 2012-09-24 22:45 - 00000000 ____D C:\Users\lars\Application Data\Peawon
2012-09-24 22:45 - 2012-09-24 22:45 - 00000000 ____D C:\Users\lars\AppData\Roaming\Peawon
2012-09-24 17:03 - 2012-09-24 17:03 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{EE8008D7-4ECF-4853-B46F-CA54F188C2FE}
2012-09-24 17:03 - 2012-09-24 17:03 - 00000000 ____D C:\Users\lars\Local Settings\{EE8008D7-4ECF-4853-B46F-CA54F188C2FE}
2012-09-24 17:03 - 2012-09-24 17:03 - 00000000 ____D C:\Users\lars\AppData\Local\{EE8008D7-4ECF-4853-B46F-CA54F188C2FE}
2012-09-24 08:16 - 2012-09-24 08:16 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{72CF7326-2863-46B7-9072-3103BF49BF59}
2012-09-24 08:16 - 2012-09-24 08:16 - 00000000 ____D C:\Users\lars\Local Settings\{72CF7326-2863-46B7-9072-3103BF49BF59}
2012-09-24 08:16 - 2012-09-24 08:16 - 00000000 ____D C:\Users\lars\AppData\Local\{72CF7326-2863-46B7-9072-3103BF49BF59}
2012-09-23 23:53 - 2012-09-23 23:54 - 00000000 ____D C:\Users\lars\Desktop\mersmak
2012-09-23 12:58 - 2012-09-23 12:58 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{BD244D8D-8527-480B-A214-F62F953E86B8}
2012-09-23 12:58 - 2012-09-23 12:58 - 00000000 ____D C:\Users\lars\Local Settings\{BD244D8D-8527-480B-A214-F62F953E86B8}
2012-09-23 12:58 - 2012-09-23 12:58 - 00000000 ____D C:\Users\lars\AppData\Local\{BD244D8D-8527-480B-A214-F62F953E86B8}
2012-09-23 05:27 - 2012-09-23 05:27 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{FC788CF5-BEA6-4E42-9323-EB95AAE23453}
2012-09-23 05:27 - 2012-09-23 05:27 - 00000000 ____D C:\Users\lars\Local Settings\{FC788CF5-BEA6-4E42-9323-EB95AAE23453}
2012-09-23 05:27 - 2012-09-23 05:27 - 00000000 ____D C:\Users\lars\AppData\Local\{FC788CF5-BEA6-4E42-9323-EB95AAE23453}
2012-09-23 04:01 - 2012-08-24 12:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-23 04:01 - 2012-08-24 12:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-23 04:01 - 2012-08-24 12:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-23 04:01 - 2012-08-24 12:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-23 04:01 - 2012-08-24 12:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-23 04:01 - 2012-08-24 08:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-23 04:01 - 2012-08-24 08:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-23 04:01 - 2012-08-24 08:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-23 04:01 - 2012-08-24 08:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-23 04:01 - 2012-08-24 08:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-23 04:01 - 2012-08-24 08:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-23 04:00 - 2012-08-24 13:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-23 04:00 - 2012-08-24 12:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-23 04:00 - 2012-08-24 12:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-23 04:00 - 2012-08-24 12:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-23 04:00 - 2012-08-24 12:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-23 04:00 - 2012-08-24 12:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-23 04:00 - 2012-08-24 12:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-23 04:00 - 2012-08-24 12:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-23 04:00 - 2012-08-24 12:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-23 04:00 - 2012-08-24 12:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-23 04:00 - 2012-08-24 12:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-23 04:00 - 2012-08-24 09:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-23 04:00 - 2012-08-24 09:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-23 04:00 - 2012-08-24 08:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-23 04:00 - 2012-08-24 08:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-23 04:00 - 2012-08-24 08:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-23 04:00 - 2012-08-24 08:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-23 04:00 - 2012-08-24 08:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-23 04:00 - 2012-08-24 08:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-23 04:00 - 2012-08-24 08:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-23 04:00 - 2012-08-24 08:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 08:13 - 2012-09-22 08:13 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{9E138374-7907-41DC-98FD-E8765215374B}
2012-09-22 08:13 - 2012-09-22 08:13 - 00000000 ____D C:\Users\lars\Local Settings\{9E138374-7907-41DC-98FD-E8765215374B}
2012-09-22 08:13 - 2012-09-22 08:13 - 00000000 ____D C:\Users\lars\AppData\Local\{9E138374-7907-41DC-98FD-E8765215374B}
2012-09-21 11:45 - 2012-09-25 08:31 - 00000000 ____D C:\Users\lars\Desktop\fix
2012-09-21 11:45 - 2012-09-21 11:45 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{47E69948-B2DF-467E-A3F8-53959E0BAFA2}
2012-09-21 11:45 - 2012-09-21 11:45 - 00000000 ____D C:\Users\lars\Local Settings\{47E69948-B2DF-467E-A3F8-53959E0BAFA2}
2012-09-21 11:45 - 2012-09-21 11:45 - 00000000 ____D C:\Users\lars\AppData\Local\{47E69948-B2DF-467E-A3F8-53959E0BAFA2}
2012-09-21 08:48 - 2012-09-21 08:48 - 00001884 ____A C:\Users\lars\Desktop\Johnny Cash Box Set Includes 63 CDs.txt
2012-09-20 20:53 - 2012-09-20 20:53 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{7AECF66D-E6C4-4C63-B53C-1FCBC6CA9ECE}
2012-09-20 20:53 - 2012-09-20 20:53 - 00000000 ____D C:\Users\lars\Local Settings\{7AECF66D-E6C4-4C63-B53C-1FCBC6CA9ECE}
2012-09-20 20:53 - 2012-09-20 20:53 - 00000000 ____D C:\Users\lars\AppData\Local\{7AECF66D-E6C4-4C63-B53C-1FCBC6CA9ECE}
2012-09-20 08:36 - 2012-09-20 08:36 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{477D80BA-02DD-499B-812C-9931E52ACC9C}
2012-09-20 08:36 - 2012-09-20 08:36 - 00000000 ____D C:\Users\lars\Local Settings\{477D80BA-02DD-499B-812C-9931E52ACC9C}
2012-09-20 08:36 - 2012-09-20 08:36 - 00000000 ____D C:\Users\lars\AppData\Local\{477D80BA-02DD-499B-812C-9931E52ACC9C}
2012-09-19 08:46 - 2012-09-19 08:46 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{2BF28F98-2DD9-4FA9-A70E-52D92D47D423}
2012-09-19 08:46 - 2012-09-19 08:46 - 00000000 ____D C:\Users\lars\Local Settings\{2BF28F98-2DD9-4FA9-A70E-52D92D47D423}
2012-09-19 08:46 - 2012-09-19 08:46 - 00000000 ____D C:\Users\lars\AppData\Local\{2BF28F98-2DD9-4FA9-A70E-52D92D47D423}
2012-09-19 04:01 - 2012-09-19 09:51 - 00000000 ____D C:\Users\lars\Application Data\Skype
2012-09-19 04:01 - 2012-09-19 09:51 - 00000000 ____D C:\Users\lars\AppData\Roaming\Skype
2012-09-18 08:22 - 2012-09-18 08:22 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{A1E1ECCA-3F3F-44C0-9303-1E9288621E06}
2012-09-18 08:22 - 2012-09-18 08:22 - 00000000 ____D C:\Users\lars\Local Settings\{A1E1ECCA-3F3F-44C0-9303-1E9288621E06}
2012-09-18 08:22 - 2012-09-18 08:22 - 00000000 ____D C:\Users\lars\AppData\Local\{A1E1ECCA-3F3F-44C0-9303-1E9288621E06}
2012-09-17 08:10 - 2012-09-17 08:10 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{1027F2D3-CD5B-42EF-B4F4-DC4C9ACB2622}
2012-09-17 08:10 - 2012-09-17 08:10 - 00000000 ____D C:\Users\lars\Local Settings\{1027F2D3-CD5B-42EF-B4F4-DC4C9ACB2622}
2012-09-17 08:10 - 2012-09-17 08:10 - 00000000 ____D C:\Users\lars\AppData\Local\{1027F2D3-CD5B-42EF-B4F4-DC4C9ACB2622}
2012-09-16 16:07 - 2012-09-17 16:15 - 00000000 ____D C:\Users\lars\Desktop\fixa till skriva ut
2012-09-16 14:49 - 2012-09-16 16:07 - 00000960 ____A C:\Users\lars\Desktop\kto ställning.txt
2012-09-16 11:30 - 2012-09-16 11:31 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{1C938F36-F325-46C3-8B34-9FD030FE2504}
2012-09-16 11:30 - 2012-09-16 11:31 - 00000000 ____D C:\Users\lars\Local Settings\{1C938F36-F325-46C3-8B34-9FD030FE2504}
2012-09-16 11:30 - 2012-09-16 11:31 - 00000000 ____D C:\Users\lars\AppData\Local\{1C938F36-F325-46C3-8B34-9FD030FE2504}
2012-09-15 21:50 - 2012-09-15 21:50 - 00000166 ____A C:\Users\lars\Desktop\stealing sheep contact.txt
2012-09-15 16:13 - 2012-09-15 16:13 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{A13883C2-D01D-470C-8682-EA520DE72C5A}
2012-09-15 16:13 - 2012-09-15 16:13 - 00000000 ____D C:\Users\lars\Local Settings\{A13883C2-D01D-470C-8682-EA520DE72C5A}
2012-09-15 16:13 - 2012-09-15 16:13 - 00000000 ____D C:\Users\lars\AppData\Local\{A13883C2-D01D-470C-8682-EA520DE72C5A}
2012-09-15 16:09 - 2012-09-15 16:09 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{382517F7-A7A3-4D88-B5B3-0CA2BE993131}
2012-09-15 16:09 - 2012-09-15 16:09 - 00000000 ____D C:\Users\lars\Local Settings\{382517F7-A7A3-4D88-B5B3-0CA2BE993131}
2012-09-15 16:09 - 2012-09-15 16:09 - 00000000 ____D C:\Users\lars\AppData\Local\{382517F7-A7A3-4D88-B5B3-0CA2BE993131}
2012-09-15 03:46 - 2012-09-15 03:46 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{25C86182-56FE-4C4C-BE98-6725216FC6DA}
2012-09-15 03:46 - 2012-09-15 03:46 - 00000000 ____D C:\Users\lars\Local Settings\{25C86182-56FE-4C4C-BE98-6725216FC6DA}
2012-09-15 03:46 - 2012-09-15 03:46 - 00000000 ____D C:\Users\lars\AppData\Local\{25C86182-56FE-4C4C-BE98-6725216FC6DA}
2012-09-14 08:10 - 2012-09-14 08:10 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{C38C6F5C-0120-4418-9951-AF51A617A808}
2012-09-14 08:10 - 2012-09-14 08:10 - 00000000 ____D C:\Users\lars\Local Settings\{C38C6F5C-0120-4418-9951-AF51A617A808}
2012-09-14 08:10 - 2012-09-14 08:10 - 00000000 ____D C:\Users\lars\AppData\Local\{C38C6F5C-0120-4418-9951-AF51A617A808}
2012-09-13 12:20 - 2012-09-13 12:20 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{00539D0F-7540-4625-8CC5-25A654DFB255}
2012-09-13 12:20 - 2012-09-13 12:20 - 00000000 ____D C:\Users\lars\Local Settings\{00539D0F-7540-4625-8CC5-25A654DFB255}
2012-09-13 12:20 - 2012-09-13 12:20 - 00000000 ____D C:\Users\lars\AppData\Local\{00539D0F-7540-4625-8CC5-25A654DFB255}
2012-09-12 08:34 - 2012-09-12 08:35 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{39512E95-AD4F-4A53-B7A6-A8B4300C0EF5}
2012-09-12 08:34 - 2012-09-12 08:35 - 00000000 ____D C:\Users\lars\Local Settings\{39512E95-AD4F-4A53-B7A6-A8B4300C0EF5}
2012-09-12 08:34 - 2012-09-12 08:35 - 00000000 ____D C:\Users\lars\AppData\Local\{39512E95-AD4F-4A53-B7A6-A8B4300C0EF5}
2012-09-12 02:07 - 2012-09-12 02:07 - 00315192 ____A C:\Windows\Minidump\091212-13431-01.dmp
2012-09-12 01:16 - 2012-08-22 20:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 01:16 - 2012-08-22 20:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 01:16 - 2012-08-22 20:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 01:16 - 2012-08-22 20:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 01:16 - 2012-08-02 19:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 01:16 - 2012-08-02 18:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 01:16 - 2012-07-04 22:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-11 20:16 - 2012-09-11 20:16 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{9D98ED0E-8E30-429B-9C55-AA5A50FD0904}
2012-09-11 20:16 - 2012-09-11 20:16 - 00000000 ____D C:\Users\lars\Local Settings\{9D98ED0E-8E30-429B-9C55-AA5A50FD0904}
2012-09-11 20:16 - 2012-09-11 20:16 - 00000000 ____D C:\Users\lars\AppData\Local\{9D98ED0E-8E30-429B-9C55-AA5A50FD0904}
2012-09-11 08:06 - 2012-09-11 08:07 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{35F462B8-77A2-4003-B792-509D532427B7}
2012-09-11 08:06 - 2012-09-11 08:07 - 00000000 ____D C:\Users\lars\Local Settings\{35F462B8-77A2-4003-B792-509D532427B7}
2012-09-11 08:06 - 2012-09-11 08:07 - 00000000 ____D C:\Users\lars\AppData\Local\{35F462B8-77A2-4003-B792-509D532427B7}
2012-09-10 15:33 - 2012-09-10 15:33 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{1DB7C9AA-B16D-4B27-8120-11C183BC884F}
2012-09-10 15:33 - 2012-09-10 15:33 - 00000000 ____D C:\Users\lars\Local Settings\{1DB7C9AA-B16D-4B27-8120-11C183BC884F}
2012-09-10 15:33 - 2012-09-10 15:33 - 00000000 ____D C:\Users\lars\AppData\Local\{1DB7C9AA-B16D-4B27-8120-11C183BC884F}
2012-09-10 01:40 - 2012-09-10 01:40 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{544EFA5F-4388-4435-9C85-11305737EE30}
2012-09-10 01:40 - 2012-09-10 01:40 - 00000000 ____D C:\Users\lars\Local Settings\{544EFA5F-4388-4435-9C85-11305737EE30}
2012-09-10 01:40 - 2012-09-10 01:40 - 00000000 ____D C:\Users\lars\AppData\Local\{544EFA5F-4388-4435-9C85-11305737EE30}
2012-09-09 17:34 - 2012-09-09 17:34 - 00000105 ____A C:\Users\lars\Desktop\djam karet.txt
2012-09-09 03:24 - 2012-09-09 03:24 - 00001785 ____A C:\Users\lars\Desktop\henry cow.txt
2012-09-09 03:24 - 2012-09-09 03:24 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{BA892579-737B-425C-A2BA-F7CB1AC1633D}
2012-09-09 03:24 - 2012-09-09 03:24 - 00000000 ____D C:\Users\lars\Local Settings\{BA892579-737B-425C-A2BA-F7CB1AC1633D}
2012-09-09 03:24 - 2012-09-09 03:24 - 00000000 ____D C:\Users\lars\AppData\Local\{BA892579-737B-425C-A2BA-F7CB1AC1633D}
2012-09-08 08:24 - 2012-09-08 08:24 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{C728490A-2FD2-4E50-9A6A-28665602937E}
2012-09-08 08:24 - 2012-09-08 08:24 - 00000000 ____D C:\Users\lars\Local Settings\{C728490A-2FD2-4E50-9A6A-28665602937E}
2012-09-08 08:24 - 2012-09-08 08:24 - 00000000 ____D C:\Users\lars\AppData\Local\{C728490A-2FD2-4E50-9A6A-28665602937E}
2012-09-07 08:40 - 2012-09-07 08:40 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{89831177-0220-46E6-B8F5-6ABE3B0493D8}
2012-09-07 08:40 - 2012-09-07 08:40 - 00000000 ____D C:\Users\lars\Local Settings\{89831177-0220-46E6-B8F5-6ABE3B0493D8}
2012-09-07 08:40 - 2012-09-07 08:40 - 00000000 ____D C:\Users\lars\AppData\Local\{89831177-0220-46E6-B8F5-6ABE3B0493D8}
2012-09-06 09:56 - 2012-09-06 09:56 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{BE83031C-6D4C-4814-A741-5C54A117644D}
2012-09-06 09:56 - 2012-09-06 09:56 - 00000000 ____D C:\Users\lars\Local Settings\{BE83031C-6D4C-4814-A741-5C54A117644D}
2012-09-06 09:56 - 2012-09-06 09:56 - 00000000 ____D C:\Users\lars\AppData\Local\{BE83031C-6D4C-4814-A741-5C54A117644D}
2012-09-05 18:28 - 2012-09-05 19:27 - 00000203 ____A C:\Users\lars\Downloads\Scool_s_Out_1972.rar
2012-09-05 11:08 - 2012-09-05 11:08 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{2662F0D1-649B-4653-B649-9EA0F3FAC5B1}
2012-09-05 11:08 - 2012-09-05 11:08 - 00000000 ____D C:\Users\lars\Local Settings\{2662F0D1-649B-4653-B649-9EA0F3FAC5B1}
2012-09-05 11:08 - 2012-09-05 11:08 - 00000000 ____D C:\Users\lars\AppData\Local\{2662F0D1-649B-4653-B649-9EA0F3FAC5B1}
2012-09-04 21:47 - 2012-09-04 21:47 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{C958F005-B815-464F-B436-878E00666BF4}
2012-09-04 21:47 - 2012-09-04 21:47 - 00000000 ____D C:\Users\lars\Local Settings\{C958F005-B815-464F-B436-878E00666BF4}
2012-09-04 21:47 - 2012-09-04 21:47 - 00000000 ____D C:\Users\lars\AppData\Local\{C958F005-B815-464F-B436-878E00666BF4}
2012-09-04 09:00 - 2012-09-04 09:00 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{AC54FFF9-BA92-4B55-BA10-C12C34F5D303}
2012-09-04 09:00 - 2012-09-04 09:00 - 00000000 ____D C:\Users\lars\Local Settings\{AC54FFF9-BA92-4B55-BA10-C12C34F5D303}
2012-09-04 09:00 - 2012-09-04 09:00 - 00000000 ____D C:\Users\lars\AppData\Local\{AC54FFF9-BA92-4B55-BA10-C12C34F5D303}
2012-09-03 19:11 - 2012-09-03 19:11 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{B4C25CB3-4BEA-4B17-85D3-342EB3306970}
2012-09-03 19:11 - 2012-09-03 19:11 - 00000000 ____D C:\Users\lars\Local Settings\{B4C25CB3-4BEA-4B17-85D3-342EB3306970}
2012-09-03 19:11 - 2012-09-03 19:11 - 00000000 ____D C:\Users\lars\AppData\Local\{B4C25CB3-4BEA-4B17-85D3-342EB3306970}
2012-09-03 02:43 - 2012-09-03 02:43 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{D97EEBE4-790A-4F53-833E-84292E5EE6B2}
2012-09-03 02:43 - 2012-09-03 02:43 - 00000000 ____D C:\Users\lars\Local Settings\{D97EEBE4-790A-4F53-833E-84292E5EE6B2}
2012-09-03 02:43 - 2012-09-03 02:43 - 00000000 ____D C:\Users\lars\AppData\Local\{D97EEBE4-790A-4F53-833E-84292E5EE6B2}
2012-09-02 13:48 - 2012-09-02 13:48 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{CF3E47CB-B9F8-413F-B516-66FDBC2CEC15}
2012-09-02 13:48 - 2012-09-02 13:48 - 00000000 ____D C:\Users\lars\Local Settings\{CF3E47CB-B9F8-413F-B516-66FDBC2CEC15}
2012-09-02 13:48 - 2012-09-02 13:48 - 00000000 ____D C:\Users\lars\AppData\Local\{CF3E47CB-B9F8-413F-B516-66FDBC2CEC15}
2012-09-02 11:55 - 2012-09-27 16:16 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-02 11:55 - 2012-09-27 16:16 - 00002376 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-09-01 19:25 - 2012-09-01 19:25 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{BCB5A657-653A-4C3B-B837-CFC297C57615}
2012-09-01 19:25 - 2012-09-01 19:25 - 00000000 ____D C:\Users\lars\Local Settings\{BCB5A657-653A-4C3B-B837-CFC297C57615}
2012-09-01 19:25 - 2012-09-01 19:25 - 00000000 ____D C:\Users\lars\AppData\Local\{BCB5A657-653A-4C3B-B837-CFC297C57615}
2012-09-01 03:01 - 2012-09-01 03:01 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{54563145-49E1-4AA1-AD03-AF89BF33F9EE}
2012-09-01 03:01 - 2012-09-01 03:01 - 00000000 ____D C:\Users\lars\Local Settings\{54563145-49E1-4AA1-AD03-AF89BF33F9EE}
2012-09-01 03:01 - 2012-09-01 03:01 - 00000000 ____D C:\Users\lars\AppData\Local\{54563145-49E1-4AA1-AD03-AF89BF33F9EE}
2012-08-31 13:12 - 2012-08-31 13:12 - 00000000 ____D C:\Users\lars\Local Settings\Application Data\{835D4EF2-8175-4A3B-9269-A4A27813C2EB}
2012-08-31 13:12 - 2012-08-31 13:12 - 00000000 ____D C:\Users\lars\Local Settings\{835D4EF2-8175-4A3B-9269-A4A27813C2EB}
2012-08-31 13:12 - 2012-08-31 13:12 - 00000000 ____D C:\Users\lars\AppData\Local\{835D4EF2-8175-4A3B-9269-A4A27813C2EB}

==================== 3 Months Modified Files ==================

2012-09-30 12:29 - 2009-07-14 07:10 - 01526481 ____A C:\Windows\WindowsUpdate.log
2012-09-30 12:20 - 2012-03-29 13:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-30 12:15 - 2011-11-30 11:02 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-30 12:02 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-30 12:02 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-30 11:59 - 2011-02-10 19:51 - 00001830 ____A C:\Users\Public\Desktop\BT NetProtect Plus.lnk
2012-09-30 11:59 - 2011-02-10 19:51 - 00001830 ____A C:\Users\All Users\Desktop\BT NetProtect Plus.lnk
2012-09-30 11:57 - 2009-07-14 07:13 - 00005436 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-30 11:53 - 2011-11-30 11:02 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-30 11:53 - 2010-12-06 18:32 - 00055200 ____A C:\Windows\PFRO.log
2012-09-30 11:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-30 11:53 - 2009-07-14 06:51 - 00061562 ____A C:\Windows\setupact.log
2012-09-30 11:44 - 2012-09-30 11:44 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-09-30 11:42 - 2012-09-24 22:46 - 00006529 ____A C:\Users\lars\Local Settings\chromeupdate.crx
2012-09-30 11:42 - 2012-09-24 22:46 - 00006529 ____A C:\Users\lars\Local Settings\Application Data\chromeupdate.crx
2012-09-30 11:42 - 2012-09-24 22:46 - 00006529 ____A C:\Users\lars\AppData\Local\chromeupdate.crx
2012-09-30 11:34 - 2012-09-29 18:51 - 00000808 ____A C:\Windows\System32\.crusader
2012-09-29 15:28 - 2012-09-29 18:05 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\lars\Desktop\ieexplore.exe.exe
2012-09-29 13:59 - 2012-09-29 13:59 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 13:59 - 2012-09-29 13:59 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 13:55 - 2012-09-29 13:17 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\83582399.sys
2012-09-27 16:16 - 2012-09-02 11:55 - 00002376 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-27 16:16 - 2012-09-02 11:55 - 00002376 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-09-25 08:33 - 2012-09-24 23:00 - 00000028 ____A C:\Users\lars\Desktop\troj.txt
2012-09-23 19:26 - 2012-03-07 20:20 - 00001067 ____A C:\Users\lars\Desktop\MP3 downloads amazon cdon.txt
2012-09-21 08:48 - 2012-09-21 08:48 - 00001884 ____A C:\Users\lars\Desktop\Johnny Cash Box Set Includes 63 CDs.txt
2012-09-21 01:21 - 2011-02-06 15:13 - 00057560 ____A C:\Users\lars\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-21 01:21 - 2011-02-06 15:13 - 00057560 ____A C:\Users\lars\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-21 01:21 - 2011-02-06 15:13 - 00057560 ____A C:\Users\lars\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-16 16:07 - 2012-09-16 14:49 - 00000960 ____A C:\Users\lars\Desktop\kto ställning.txt
2012-09-15 21:50 - 2012-09-15 21:50 - 00000166 ____A C:\Users\lars\Desktop\stealing sheep contact.txt
2012-09-12 04:00 - 2011-02-09 19:33 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-12 02:07 - 2012-09-12 02:07 - 00315192 ____A C:\Windows\Minidump\091212-13431-01.dmp
2012-09-12 02:07 - 2011-03-07 12:48 - 548896603 ____A C:\Windows\MEMORY.DMP
2012-09-09 17:34 - 2012-09-09 17:34 - 00000105 ____A C:\Users\lars\Desktop\djam karet.txt
2012-09-09 03:24 - 2012-09-09 03:24 - 00001785 ____A C:\Users\lars\Desktop\henry cow.txt
2012-09-07 18:04 - 2012-09-29 13:59 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 22:00 - 2011-06-11 14:18 - 00004542 ____A C:\Users\lars\Desktop\SVENSKA BÖCKER - VILL HA LISTA.txt
2012-09-05 19:27 - 2012-09-05 18:28 - 00000203 ____A C:\Users\lars\Downloads\Scool_s_Out_1972.rar
2012-09-03 02:42 - 2012-08-19 18:57 - 00000246 ____A C:\Users\lars\Desktop\tidtabell för LIRA 4 & 5 2012.txt
2012-09-02 11:55 - 2012-03-29 13:10 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-02 11:55 - 2011-07-14 09:26 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-30 18:46 - 2012-08-30 18:46 - 00000365 ____A C:\Users\lars\Desktop\stealing sheep.txt
2012-08-28 13:59 - 2012-08-28 13:59 - 00002951 ____A C:\Users\lars\Desktop\real world gold series.txt
2012-08-28 02:19 - 2012-07-26 09:26 - 00001219 ____A C:\Users\lars\Desktop\kolla upp.txt
2012-08-24 13:15 - 2012-09-23 04:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 12:39 - 2012-09-23 04:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 12:31 - 2012-09-23 04:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 12:22 - 2012-09-23 04:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 12:21 - 2012-09-23 04:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 12:20 - 2012-09-23 04:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 12:18 - 2012-09-23 04:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 12:17 - 2012-09-23 04:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 12:14 - 2012-09-23 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 12:14 - 2012-09-23 04:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 12:13 - 2012-09-23 04:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 12:12 - 2012-09-23 04:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 12:11 - 2012-09-23 04:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 12:10 - 2012-09-23 04:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 12:09 - 2012-09-23 04:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 12:04 - 2012-09-23 04:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 09:27 - 2012-09-23 04:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 09:03 - 2012-09-23 04:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 08:59 - 2012-09-23 04:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 08:51 - 2012-09-23 04:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 08:51 - 2012-09-23 04:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 08:51 - 2012-09-23 04:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 08:49 - 2012-09-23 04:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 08:48 - 2012-09-23 04:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 08:47 - 2012-09-23 04:01 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 08:47 - 2012-09-23 04:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 08:47 - 2012-09-23 04:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 08:45 - 2012-09-23 04:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 08:44 - 2012-09-23 04:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 08:44 - 2012-09-23 04:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 08:43 - 2012-09-23 04:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 08:40 - 2012-09-23 04:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-23 00:40 - 2012-08-23 00:40 - 00007888 ____A C:\Users\lars\Desktop\tyskfolkonline.txt
2012-08-22 20:12 - 2012-09-12 01:16 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 20:12 - 2012-09-12 01:16 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 20:12 - 2012-09-12 01:16 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 20:12 - 2012-09-12 01:16 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 23:01 - 2012-09-26 16:00 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 17:46 - 2012-08-20 17:46 - 00315192 ____A C:\Windows\Minidump\082012-14476-01.dmp
2012-08-16 08:24 - 2009-07-14 06:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 08:56 - 2009-07-14 07:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-11 08:32 - 2012-08-11 08:32 - 00315192 ____A C:\Windows\Minidump\081112-15475-01.dmp
2012-08-07 08:19 - 2012-07-19 21:42 - 00000368 ____A C:\Users\lars\Desktop\köplista.txt
2012-08-02 19:58 - 2012-09-12 01:16 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 18:57 - 2012-09-12 01:16 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-27 13:31 - 2012-07-27 13:31 - 00000657 ____A C:\Users\lars\Desktop\bildlista - från PEDER.txt
2012-07-18 20:15 - 2012-08-15 08:33 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-18 10:43 - 2012-07-18 10:43 - 00315192 ____A C:\Windows\Minidump\071812-20482-01.dmp
2012-07-13 03:43 - 2012-06-28 18:15 - 00014170 ____A C:\Users\lars\Desktop\work-OT-holidays.xlsx
2012-07-07 14:48 - 2011-06-13 01:56 - 00000473 ____A C:\Users\lars\Desktop\don ellis discogrpahy.txt
2012-07-05 00:16 - 2012-08-15 08:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-05 00:13 - 2012-08-15 08:33 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-05 00:13 - 2012-08-15 08:33 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 23:16 - 2012-08-15 08:33 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 23:14 - 2012-08-15 08:33 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 22:26 - 2012-09-12 01:16 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys


ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4
C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4\L
C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-296754312-4090934726-553219064-1000\$74ed8de9720630d2d670a4b6075689d4
C:\$Recycle.Bin\S-1-5-21-296754312-4090934726-553219064-1000\$74ed8de9720630d2d670a4b6075689d4\L
C:\$Recycle.Bin\S-1-5-21-296754312-4090934726-553219064-1000\$74ed8de9720630d2d670a4b6075689d4\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-26 16:01:16

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6142.98 MB
Available physical RAM: 5452.55 MB
Total Pagefile: 6141.13 MB
Available Pagefile: 5460.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:918.59 GB) (Free:501.71 GB) NTFS
7 Drive i: (RECOVERY) (Fixed) (Total:12.81 GB) (Free:5.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (CORSAIR) (Removable) (Total:7.54 GB) (Free:6.47 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7740 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 109 MB 31 KB
Partition 2 Primary 12 GB 110 MB
Partition 3 Primary 918 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 109 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 I RECOVERY NTFS Partition 12 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 918 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7739 MB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 J CORSAIR FAT32 Removable 7739 MB Healthy

=========================================================

Last Boot: 2012-09-26 12:06

==================== End Of Log =============================





.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by lars at 11:47:37 on 2012-09-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6143.4796 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Users\lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623123648.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\lars\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\lars\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\lars\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\lars\AppData\Local\Temp\_uninst_69500368.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 212.23.3.100 212.23.6.100
TCP: Interfaces\{01EBD03D-11B9-4DEF-A178-6BCD626BF2B9} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{01EBD03D-11B9-4DEF-A178-6BCD626BF2B9}\244584F6D656845726D254731433 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5118570A-47A0-44F6-A3D9-248E0197C6B0} : DhcpNameServer = 212.23.3.100 212.23.6.100
TCP: Interfaces\{B0BFD540-BD0E-49AC-A004-7AA02467316F} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623123648.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 83582399;83582399;C:\Windows\system32\DRIVERS\83582399.sys --> C:\Windows\system32\DRIVERS\83582399.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-29 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-29 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-10 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-10 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-1-26 573224]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-6 1692480]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-25 249936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250568]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
S3 hitmanpro36;HitmanPro 3.6 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 XG762V64;Zoom 802.11a/b/g 762N vista Driver;C:\Windows\system32\DRIVERS\WlanUZG.sys --> C:\Windows\system32\DRIVERS\WlanUZG.sys [?]
S3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;C:\Windows\System32\ZDCNDIS6a64.sys [2011-2-7 41280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-30 10:10:02 -------- d-----w- C:\FRST
2012-09-30 09:44:26 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-09-30 09:21:58 -------- d-----w- C:\Program Files\HitmanPro
2012-09-29 16:41:52 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-29 16:33:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-29 16:13:51 -------- d-----w- C:\New folder
2012-09-29 16:11:20 -------- d-----w- C:\AV
2012-09-29 12:19:02 -------- d-----w- C:\Users\lars\AppData\Roaming\SUPERAntiSpyware.com
2012-09-29 12:19:02 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-29 12:00:02 -------- d-----w- C:\Users\lars\AppData\Roaming\Malwarebytes
2012-09-29 11:59:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-29 11:59:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-29 11:59:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 11:18:50 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-09-29 11:17:53 460888 ----a-w- C:\Windows\System32\drivers\83582399.sys
2012-09-28 07:04:29 -------- d-----w- C:\Users\lars\AppData\Local\{5AADEC42-45BC-4DBE-8066-C51915573308}
2012-09-27 09:17:19 -------- d-----w- C:\Users\lars\AppData\Local\{C8DAD14B-D485-4EAA-8653-C2C2F5B7E66D}
2012-09-26 14:05:25 -------- d-----w- C:\Users\lars\AppData\Local\{31961975-5836-4793-90B7-13A6364A6BEA}
2012-09-26 14:00:09 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-26 10:06:39 -------- d-----w- C:\Users\lars\AppData\Local\{3BFA9372-4ADB-41B0-9FA0-3B75FB66B321}
2012-09-25 06:24:15 -------- d-----w- C:\Users\lars\AppData\Local\{13F2BE63-8410-4A57-A975-DDE340FCC43B}
2012-09-24 20:46:38 -------- d-----w- C:\ProgramData\7531E8D9000C0C4202AC0FB2F875F002
2012-09-24 20:45:21 -------- d-----w- C:\Users\lars\AppData\Roaming\Ynbe
2012-09-24 20:45:21 -------- d-----w- C:\Users\lars\AppData\Roaming\Peawon
2012-09-24 15:03:38 -------- d-----w- C:\Users\lars\AppData\Local\{EE8008D7-4ECF-4853-B46F-CA54F188C2FE}
2012-09-24 06:16:13 -------- d-----w- C:\Users\lars\AppData\Local\{72CF7326-2863-46B7-9072-3103BF49BF59}
2012-09-23 10:58:34 -------- d-----w- C:\Users\lars\AppData\Local\{BD244D8D-8527-480B-A214-F62F953E86B8}
2012-09-23 03:27:23 -------- d-----w- C:\Users\lars\AppData\Local\{FC788CF5-BEA6-4E42-9323-EB95AAE23453}
2012-09-22 06:13:45 -------- d-----w- C:\Users\lars\AppData\Local\{9E138374-7907-41DC-98FD-E8765215374B}
2012-09-21 09:45:04 -------- d-----w- C:\Users\lars\AppData\Local\{47E69948-B2DF-467E-A3F8-53959E0BAFA2}
2012-09-20 18:53:04 -------- d-----w- C:\Users\lars\AppData\Local\{7AECF66D-E6C4-4C63-B53C-1FCBC6CA9ECE}
2012-09-20 06:36:18 -------- d-----w- C:\Users\lars\AppData\Local\{477D80BA-02DD-499B-812C-9931E52ACC9C}
2012-09-19 06:46:34 -------- d-----w- C:\Users\lars\AppData\Local\{2BF28F98-2DD9-4FA9-A70E-52D92D47D423}
2012-09-18 06:22:08 -------- d-----w- C:\Users\lars\AppData\Local\{A1E1ECCA-3F3F-44C0-9303-1E9288621E06}
2012-09-17 06:10:16 -------- d-----w- C:\Users\lars\AppData\Local\{1027F2D3-CD5B-42EF-B4F4-DC4C9ACB2622}
2012-09-16 09:30:55 -------- d-----w- C:\Users\lars\AppData\Local\{1C938F36-F325-46C3-8B34-9FD030FE2504}
2012-09-15 14:13:16 -------- d-----w- C:\Users\lars\AppData\Local\{A13883C2-D01D-470C-8682-EA520DE72C5A}
2012-09-15 14:09:06 -------- d-----w- C:\Users\lars\AppData\Local\{382517F7-A7A3-4D88-B5B3-0CA2BE993131}
2012-09-15 01:46:24 -------- d-----w- C:\Users\lars\AppData\Local\{25C86182-56FE-4C4C-BE98-6725216FC6DA}
2012-09-14 06:10:31 -------- d-----w- C:\Users\lars\AppData\Local\{C38C6F5C-0120-4418-9951-AF51A617A808}
2012-09-13 10:20:30 -------- d-----w- C:\Users\lars\AppData\Local\{00539D0F-7540-4625-8CC5-25A654DFB255}
2012-09-12 06:34:59 -------- d-----w- C:\Users\lars\AppData\Local\{39512E95-AD4F-4A53-B7A6-A8B4300C0EF5}
2012-09-11 23:16:47 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-11 23:16:47 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-11 23:16:45 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-11 23:16:45 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-11 23:16:43 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-11 23:16:43 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 23:16:43 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 18:16:29 -------- d-----w- C:\Users\lars\AppData\Local\{9D98ED0E-8E30-429B-9C55-AA5A50FD0904}
2012-09-11 06:06:56 -------- d-----w- C:\Users\lars\AppData\Local\{35F462B8-77A2-4003-B792-509D532427B7}
2012-09-10 13:33:44 -------- d-----w- C:\Users\lars\AppData\Local\{1DB7C9AA-B16D-4B27-8120-11C183BC884F}
2012-09-09 23:40:48 -------- d-----w- C:\Users\lars\AppData\Local\{544EFA5F-4388-4435-9C85-11305737EE30}
2012-09-09 01:24:01 -------- d-----w- C:\Users\lars\AppData\Local\{BA892579-737B-425C-A2BA-F7CB1AC1633D}
2012-09-08 06:24:30 -------- d-----w- C:\Users\lars\AppData\Local\{C728490A-2FD2-4E50-9A6A-28665602937E}
2012-09-07 06:40:29 -------- d-----w- C:\Users\lars\AppData\Local\{89831177-0220-46E6-B8F5-6ABE3B0493D8}
2012-09-06 07:56:33 -------- d-----w- C:\Users\lars\AppData\Local\{BE83031C-6D4C-4814-A741-5C54A117644D}
2012-09-05 09:08:48 -------- d-----w- C:\Users\lars\AppData\Local\{2662F0D1-649B-4653-B649-9EA0F3FAC5B1}
2012-09-04 19:47:43 -------- d-----w- C:\Users\lars\AppData\Local\{C958F005-B815-464F-B436-878E00666BF4}
2012-09-04 07:00:28 -------- d-----w- C:\Users\lars\AppData\Local\{AC54FFF9-BA92-4B55-BA10-C12C34F5D303}
2012-09-03 17:11:40 -------- d-----w- C:\Users\lars\AppData\Local\{B4C25CB3-4BEA-4B17-85D3-342EB3306970}
2012-09-03 00:43:06 -------- d-----w- C:\Users\lars\AppData\Local\{D97EEBE4-790A-4F53-833E-84292E5EE6B2}
2012-09-02 11:48:01 -------- d-----w- C:\Users\lars\AppData\Local\{CF3E47CB-B9F8-413F-B516-66FDBC2CEC15}
2012-09-01 17:25:40 -------- d-----w- C:\Users\lars\AppData\Local\{BCB5A657-653A-4C3B-B837-CFC297C57615}
2012-09-01 01:01:46 -------- d-----w- C:\Users\lars\AppData\Local\{54563145-49E1-4AA1-AD03-AF89BF33F9EE}
2012-08-31 11:12:34 -------- d-----w- C:\Users\lars\AppData\Local\{835D4EF2-8175-4A3B-9269-A4A27813C2EB}
.
==================== Find3M ====================
.
2012-09-02 09:55:05 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-02 09:55:05 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 11:48:24.36 ===============


Many thanks in anticipation of your assistance with this problem

Regards,

TimB48

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 30 September 2012 - 12:19 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 01 October 2012 - 04:02 AM

Gringo,
Thanks for the prompt response. Below is the result of search for 'services.exe' as requested.

Regards,

TimB48


Farbar Recovery Scan Tool (x64) Version: 30-09-2012 01
Ran by SYSTEM at 2012-10-01 10:49:24
Running from J:\AV

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 01 October 2012 - 05:56 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4
C:\$Recycle.Bin\S-1-5-21-296754312-4090934726-553219064-1000\$74ed8de9720630d2d670a4b6075689d4
C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 01 October 2012 - 09:25 AM

Gringo,

Here is the result of runnig fixit

Regards,

TimB48

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-09-2012 01
Ran by SYSTEM at 2012-10-01 17:23:19 Run:1
Running from J:\AV

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4 moved successfully.
C:\$Recycle.Bin\S-1-5-21-296754312-4090934726-553219064-1000\$74ed8de9720630d2d670a4b6075689d4 moved successfully.
C:\$Recycle.Bin\S-1-5-18\$74ed8de9720630d2d670a4b6075689d4 not found.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 01 October 2012 - 09:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 02 October 2012 - 03:50 AM

Gringo,

I have successfully run Combofix. Log is below.
The only problem I had was with disabling anti virus, Mcafee said it was off but Combofix said it was running, anyway Combofix appeared to run without any problems, so heres hoping all is well.
The PC itself seems a lot better can now access internet without being re-directed to another site.

Regards,


TimB48


ComboFix 12-10-02.01 - lars 02/10/2012 11:14:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6143.4662 [GMT 1:00]
Running from: c:\users\lars\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
C:\SystemData
c:\users\lars\AppData\Roaming\Peawon
c:\users\lars\AppData\Roaming\Peawon\ykbo.tei
c:\windows\SysWow64\SETD527.tmp
c:\windows\SysWow64\SETDFC4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-10-02 10:22 . 2012-10-02 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-30 10:10 . 2012-09-30 10:10 -------- d-----w- C:\FRST
2012-09-30 09:44 . 2012-09-30 09:44 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-09-30 09:21 . 2012-09-30 09:21 -------- d-----w- c:\program files\HitmanPro
2012-09-29 16:41 . 2012-09-29 16:51 -------- d-----w- c:\programdata\HitmanPro
2012-09-29 16:33 . 2012-09-30 09:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-29 16:13 . 2012-09-29 16:14 -------- d-----w- C:\New folder
2012-09-29 16:11 . 2012-09-29 16:11 -------- d-----w- C:\AV
2012-09-29 12:19 . 2012-09-29 12:19 -------- d-----w- c:\users\lars\AppData\Roaming\SUPERAntiSpyware.com
2012-09-29 12:19 . 2012-09-29 12:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-29 12:00 . 2012-09-29 12:00 -------- d-----w- c:\users\lars\AppData\Roaming\Malwarebytes
2012-09-29 11:59 . 2012-09-29 11:59 -------- d-----w- c:\programdata\Malwarebytes
2012-09-29 11:18 . 2012-09-29 11:18 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-29 11:17 . 2012-09-29 11:55 460888 ----a-w- c:\windows\system32\drivers\83582399.sys
2012-09-26 14:00 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 20:46 . 2012-09-24 20:46 -------- d-----w- c:\programdata\7531E8D9000C0C4202AC0FB2F875F002
2012-09-24 20:45 . 2012-09-29 16:04 -------- d-----w- c:\users\lars\AppData\Roaming\Ynbe
2012-09-23 02:00 . 2012-08-24 10:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-19 02:01 . 2012-09-19 07:51 -------- d-----w- c:\users\lars\AppData\Roaming\Skype
2012-09-19 02:01 . 2012-09-19 02:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-11 23:16 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 23:16 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 23:16 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 23:16 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 23:16 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 23:16 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 23:16 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 02:00 . 2011-02-09 17:33 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-02 09:55 . 2012-03-29 11:10 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-02 09:55 . 2011-07-14 07:26 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-15 06:33 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 06:33 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 06:33 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 06:33 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 06:33 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-15 498160]
"NeroCheck"="c:\windows\SysWOW64\\NeroCheck.exe" [2001-07-09 155648]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-16 560128]
.
c:\users\lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
Dropbox.lnk - c:\users\lars\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
_uninst_69500368.lnk - c:\users\lars\AppData\Local\Temp\_uninst_69500368.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-21 113664]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-09-30 30496]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 mferkdet01;McAfee Inc.;Device\mferkdet01.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
R3 XG762V64;Zoom 802.11a/b/g 762N vista Driver;c:\windows\system32\DRIVERS\WlanUZG.sys [2008-03-27 1041920]
R3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;c:\windows\system32\ZDCNDIS6a64.sys [2008-03-27 41280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 83582399;83582399;c:\windows\system32\DRIVERS\83582399.sys [2012-09-29 460888]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-26 573224]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-10 8013312]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-10 287232]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:55]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 09:02]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 09:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 212.23.3.100 212.23.6.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-10-02 11:31:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-02 10:31
.
Pre-Run: 538,372,108,288 bytes free
Post-Run: 538,424,328,192 bytes free
.
- - End Of File - - C6CCC21D9CC29C43E204A84F933C3814

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 02 October 2012 - 01:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 02 October 2012 - 02:38 PM

Gringo,

Below are the logs for TDSKiller and aswMBR.

Regards,


TimB48


22:17:53.0165 2284 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:17:53.0415 2284 ============================================================
22:17:53.0415 2284 Current date / time: 2012/10/02 22:17:53.0415
22:17:53.0415 2284 SystemInfo:
22:17:53.0415 2284
22:17:53.0415 2284 OS Version: 6.1.7601 ServicePack: 1.0
22:17:53.0415 2284 Product type: Workstation
22:17:53.0415 2284 ComputerName: LARS-PC
22:17:53.0415 2284 UserName: lars
22:17:53.0415 2284 Windows directory: C:\Windows
22:17:53.0415 2284 System windows directory: C:\Windows
22:17:53.0415 2284 Running under WOW64
22:17:53.0415 2284 Processor architecture: Intel x64
22:17:53.0415 2284 Number of processors: 4
22:17:53.0415 2284 Page size: 0x1000
22:17:53.0415 2284 Boot type: Normal boot
22:17:53.0415 2284 ============================================================
22:17:55.0240 2284 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:17:55.0271 2284 Drive \Device\Harddisk5\DR5 - Size: 0x1E3C00000 (7.56 Gb), SectorSize: 0x200, Cylinders: 0x3DA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:17:55.0271 2284 ============================================================
22:17:55.0271 2284 \Device\Harddisk0\DR0:
22:17:55.0271 2284 MBR partitions:
22:17:55.0271 2284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x199F000
22:17:55.0271 2284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19D6000, BlocksNum 0x72D30000
22:17:55.0271 2284 \Device\Harddisk5\DR5:
22:17:55.0271 2284 MBR partitions:
22:17:55.0271 2284 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xF1D800
22:17:55.0271 2284 ============================================================
22:17:55.0287 2284 C: <-> \Device\Harddisk0\DR0\Partition2
22:17:55.0287 2284 ============================================================
22:17:55.0287 2284 Initialize success
22:17:55.0287 2284 ============================================================
22:17:59.0046 3984 ============================================================
22:17:59.0046 3984 Scan started
22:17:59.0046 3984 Mode: Manual;
22:17:59.0046 3984 ============================================================
22:18:02.0712 3984 ================ Scan system memory ========================
22:18:02.0712 3984 System memory - ok
22:18:02.0712 3984 ================ Scan services =============================
22:18:02.0853 3984 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:18:02.0853 3984 1394ohci - ok
22:18:02.0899 3984 [ E656FE10D6D27794AFA08136685A69E8 ] 83582399 C:\Windows\system32\DRIVERS\83582399.sys
22:18:02.0899 3984 83582399 - ok
22:18:02.0946 3984 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:18:02.0962 3984 ACPI - ok
22:18:03.0009 3984 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:18:03.0009 3984 AcpiPmi - ok
22:18:03.0196 3984 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:18:03.0196 3984 AdobeARMservice - ok
22:18:03.0336 3984 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:18:03.0352 3984 AdobeFlashPlayerUpdateSvc - ok
22:18:03.0383 3984 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:18:03.0383 3984 adp94xx - ok
22:18:03.0399 3984 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:18:03.0399 3984 adpahci - ok
22:18:03.0430 3984 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:18:03.0430 3984 adpu320 - ok
22:18:03.0445 3984 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:18:03.0445 3984 AeLookupSvc - ok
22:18:03.0492 3984 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:18:03.0492 3984 AFD - ok
22:18:03.0523 3984 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:18:03.0539 3984 agp440 - ok
22:18:03.0539 3984 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:18:03.0555 3984 ALG - ok
22:18:03.0586 3984 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:18:03.0586 3984 aliide - ok
22:18:03.0633 3984 [ CF4D1EBE8FEC994A0DF69149ED27E417 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:18:03.0633 3984 AMD External Events Utility - ok
22:18:03.0664 3984 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:18:03.0664 3984 amdide - ok
22:18:03.0679 3984 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:18:03.0679 3984 AmdK8 - ok
22:18:03.0820 3984 [ 375AC85E1130EAA1EAEB62DDD22B0EFB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:18:03.0929 3984 amdkmdag - ok
22:18:03.0945 3984 [ DAEB3F2BB2095B95B98BE6CEC99D02E7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:18:03.0945 3984 amdkmdap - ok
22:18:03.0960 3984 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:18:03.0960 3984 AmdPPM - ok
22:18:04.0007 3984 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:18:04.0007 3984 amdsata - ok
22:18:04.0023 3984 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:18:04.0023 3984 amdsbs - ok
22:18:04.0023 3984 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:18:04.0023 3984 amdxata - ok
22:18:04.0069 3984 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:18:04.0069 3984 AppID - ok
22:18:04.0085 3984 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:18:04.0085 3984 AppIDSvc - ok
22:18:04.0132 3984 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:18:04.0132 3984 Appinfo - ok
22:18:04.0179 3984 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:18:04.0179 3984 arc - ok
22:18:04.0179 3984 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:18:04.0194 3984 arcsas - ok
22:18:04.0194 3984 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:18:04.0194 3984 AsyncMac - ok
22:18:04.0225 3984 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:18:04.0225 3984 atapi - ok
22:18:04.0272 3984 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:18:04.0272 3984 AtiHDAudioService - ok
22:18:04.0288 3984 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:18:04.0288 3984 AtiHdmiService - ok
22:18:04.0303 3984 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:18:04.0303 3984 AtiPcie - ok
22:18:04.0350 3984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:18:04.0366 3984 AudioEndpointBuilder - ok
22:18:04.0381 3984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:18:04.0397 3984 AudioSrv - ok
22:18:04.0397 3984 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:18:04.0397 3984 AxInstSV - ok
22:18:04.0413 3984 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:18:04.0428 3984 b06bdrv - ok
22:18:04.0444 3984 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:18:04.0444 3984 b57nd60a - ok
22:18:04.0459 3984 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:18:04.0459 3984 BDESVC - ok
22:18:04.0475 3984 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:18:04.0475 3984 Beep - ok
22:18:04.0522 3984 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:18:04.0537 3984 BFE - ok
22:18:04.0569 3984 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:18:04.0584 3984 BITS - ok
22:18:04.0600 3984 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:18:04.0600 3984 blbdrive - ok
22:18:04.0631 3984 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:18:04.0647 3984 bowser - ok
22:18:04.0647 3984 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:18:04.0647 3984 BrFiltLo - ok
22:18:04.0662 3984 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:18:04.0678 3984 BrFiltUp - ok
22:18:04.0693 3984 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:18:04.0693 3984 BridgeMP - ok
22:18:04.0740 3984 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:18:04.0740 3984 Browser - ok
22:18:04.0771 3984 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:18:04.0771 3984 Brserid - ok
22:18:04.0787 3984 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:18:04.0787 3984 BrSerWdm - ok
22:18:04.0803 3984 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:18:04.0803 3984 BrUsbMdm - ok
22:18:04.0803 3984 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:18:04.0803 3984 BrUsbSer - ok
22:18:04.0818 3984 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:18:04.0818 3984 BTHMODEM - ok
22:18:04.0834 3984 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:18:04.0834 3984 bthserv - ok
22:18:04.0959 3984 catchme - ok
22:18:04.0974 3984 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:18:04.0974 3984 cdfs - ok
22:18:05.0021 3984 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:18:05.0021 3984 cdrom - ok
22:18:05.0068 3984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:18:05.0068 3984 CertPropSvc - ok
22:18:05.0146 3984 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
22:18:05.0146 3984 cfwids - ok
22:18:05.0146 3984 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:18:05.0146 3984 circlass - ok
22:18:05.0177 3984 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:18:05.0177 3984 CLFS - ok
22:18:05.0224 3984 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:18:05.0224 3984 clr_optimization_v2.0.50727_32 - ok
22:18:05.0286 3984 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:18:05.0302 3984 clr_optimization_v2.0.50727_64 - ok
22:18:05.0411 3984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:18:05.0505 3984 clr_optimization_v4.0.30319_32 - ok
22:18:05.0551 3984 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:18:05.0567 3984 clr_optimization_v4.0.30319_64 - ok
22:18:05.0583 3984 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:18:05.0583 3984 CmBatt - ok
22:18:05.0629 3984 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:18:05.0645 3984 cmdide - ok
22:18:05.0692 3984 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:18:05.0707 3984 CNG - ok
22:18:05.0723 3984 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:18:05.0723 3984 Compbatt - ok
22:18:05.0770 3984 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:18:05.0785 3984 CompositeBus - ok
22:18:05.0785 3984 COMSysApp - ok
22:18:05.0817 3984 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:18:05.0817 3984 crcdisk - ok
22:18:05.0879 3984 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:18:05.0879 3984 CryptSvc - ok
22:18:06.0004 3984 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:18:06.0019 3984 cvhsvc - ok
22:18:06.0066 3984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:18:06.0082 3984 DcomLaunch - ok
22:18:06.0113 3984 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:18:06.0129 3984 defragsvc - ok
22:18:06.0191 3984 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:18:06.0191 3984 DfsC - ok
22:18:06.0269 3984 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:18:06.0269 3984 Dhcp - ok
22:18:06.0300 3984 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:18:06.0300 3984 discache - ok
22:18:06.0363 3984 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:18:06.0363 3984 Disk - ok
22:18:06.0425 3984 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:18:06.0425 3984 Dnscache - ok
22:18:06.0550 3984 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:18:06.0565 3984 DockLoginService - ok
22:18:06.0612 3984 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:18:06.0628 3984 dot3svc - ok
22:18:06.0690 3984 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:18:06.0690 3984 DPS - ok
22:18:06.0706 3984 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:18:06.0706 3984 drmkaud - ok
22:18:06.0784 3984 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:18:06.0799 3984 DXGKrnl - ok
22:18:06.0799 3984 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:18:06.0815 3984 EapHost - ok
22:18:07.0689 3984 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:18:07.0720 3984 ebdrv - ok
22:18:07.0751 3984 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:18:07.0751 3984 EFS - ok
22:18:08.0094 3984 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:18:08.0125 3984 ehRecvr - ok
22:18:08.0141 3984 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:18:08.0157 3984 ehSched - ok
22:18:08.0172 3984 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:18:08.0188 3984 elxstor - ok
22:18:08.0235 3984 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:18:08.0250 3984 ErrDev - ok
22:18:08.0406 3984 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:18:08.0406 3984 EventSystem - ok
22:18:08.0484 3984 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:18:08.0484 3984 exfat - ok
22:18:08.0547 3984 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:18:08.0562 3984 fastfat - ok
22:18:08.0749 3984 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:18:08.0765 3984 Fax - ok
22:18:08.0796 3984 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:18:08.0796 3984 fdc - ok
22:18:08.0812 3984 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:18:08.0827 3984 fdPHost - ok
22:18:08.0859 3984 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:18:08.0859 3984 FDResPub - ok
22:18:08.0874 3984 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:18:08.0874 3984 FileInfo - ok
22:18:08.0890 3984 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:18:08.0890 3984 Filetrace - ok
22:18:08.0921 3984 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:18:08.0921 3984 flpydisk - ok
22:18:09.0030 3984 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:18:09.0046 3984 FltMgr - ok
22:18:09.0358 3984 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:18:09.0373 3984 FontCache - ok
22:18:09.0498 3984 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:18:09.0498 3984 FontCache3.0.0.0 - ok
22:18:09.0529 3984 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:18:09.0529 3984 FsDepends - ok
22:18:09.0607 3984 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:18:09.0607 3984 Fs_Rec - ok
22:18:09.0701 3984 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:18:09.0701 3984 fvevol - ok
22:18:09.0732 3984 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:18:09.0732 3984 gagp30kx - ok
22:18:09.0997 3984 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
22:18:10.0013 3984 GameConsoleService - ok
22:18:10.0247 3984 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:18:10.0263 3984 gpsvc - ok
22:18:10.0512 3984 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:18:10.0528 3984 gupdate - ok
22:18:10.0575 3984 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:18:10.0575 3984 gupdatem - ok
22:18:10.0668 3984 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:18:10.0668 3984 gusvc - ok
22:18:10.0699 3984 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:18:10.0699 3984 hcw85cir - ok
22:18:10.0762 3984 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:18:10.0762 3984 HDAudBus - ok
22:18:10.0777 3984 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:18:10.0777 3984 HidBatt - ok
22:18:10.0793 3984 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:18:10.0793 3984 HidBth - ok
22:18:10.0809 3984 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:18:10.0809 3984 HidIr - ok
22:18:10.0824 3984 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:18:10.0824 3984 hidserv - ok
22:18:10.0871 3984 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:18:10.0887 3984 HidUsb - ok
22:18:10.0933 3984 [ 44F92C1F913E582BEF9CAC66443C6230 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
22:18:10.0933 3984 hitmanpro36 - ok
22:18:10.0996 3984 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:18:10.0996 3984 hkmsvc - ok
22:18:11.0043 3984 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:18:11.0043 3984 HomeGroupListener - ok
22:18:11.0105 3984 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:18:11.0105 3984 HomeGroupProvider - ok
22:18:11.0167 3984 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:18:11.0167 3984 HpSAMD - ok
22:18:11.0245 3984 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:18:11.0261 3984 HTTP - ok
22:18:11.0292 3984 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:18:11.0292 3984 hwpolicy - ok
22:18:11.0355 3984 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:18:11.0355 3984 i8042prt - ok
22:18:11.0433 3984 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:18:11.0433 3984 iaStorV - ok
22:18:11.0698 3984 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:18:11.0713 3984 idsvc - ok
22:18:11.0713 3984 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:18:11.0713 3984 iirsp - ok
22:18:11.0791 3984 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:18:11.0807 3984 IKEEXT - ok
22:18:11.0932 3984 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:18:11.0932 3984 IntcAzAudAddService - ok
22:18:11.0947 3984 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:18:11.0947 3984 intelide - ok
22:18:11.0963 3984 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:18:11.0963 3984 intelppm - ok
22:18:11.0994 3984 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:18:11.0994 3984 IPBusEnum - ok
22:18:12.0041 3984 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:18:12.0041 3984 IpFilterDriver - ok
22:18:12.0135 3984 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:18:12.0150 3984 iphlpsvc - ok
22:18:12.0197 3984 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:18:12.0197 3984 IPMIDRV - ok
22:18:12.0228 3984 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:18:12.0228 3984 IPNAT - ok
22:18:12.0259 3984 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:18:12.0259 3984 IRENUM - ok
22:18:12.0306 3984 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:18:12.0322 3984 isapnp - ok
22:18:12.0353 3984 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:18:12.0353 3984 iScsiPrt - ok
22:18:12.0369 3984 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
22:18:12.0369 3984 k57nd60a - ok
22:18:12.0431 3984 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:18:12.0431 3984 kbdclass - ok
22:18:12.0478 3984 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:18:12.0478 3984 kbdhid - ok
22:18:12.0493 3984 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:18:12.0493 3984 KeyIso - ok
22:18:12.0556 3984 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:18:12.0556 3984 KSecDD - ok
22:18:12.0603 3984 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:18:12.0618 3984 KSecPkg - ok
22:18:12.0618 3984 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:18:12.0618 3984 ksthunk - ok
22:18:12.0665 3984 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:18:12.0665 3984 KtmRm - ok
22:18:12.0712 3984 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:18:12.0727 3984 LanmanServer - ok
22:18:12.0790 3984 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:18:12.0790 3984 LanmanWorkstation - ok
22:18:12.0821 3984 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:18:12.0821 3984 lltdio - ok
22:18:12.0899 3984 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:18:12.0899 3984 lltdsvc - ok
22:18:12.0915 3984 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:18:12.0930 3984 lmhosts - ok
22:18:12.0946 3984 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:18:12.0961 3984 LSI_FC - ok
22:18:12.0977 3984 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:18:12.0977 3984 LSI_SAS - ok
22:18:12.0993 3984 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:18:12.0993 3984 LSI_SAS2 - ok
22:18:13.0008 3984 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:18:13.0008 3984 LSI_SCSI - ok
22:18:13.0039 3984 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:18:13.0039 3984 luafv - ok
22:18:13.0258 3984 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:13.0258 3984 McAfee SiteAdvisor Service - ok
22:18:13.0273 3984 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:13.0273 3984 McMPFSvc - ok
22:18:13.0289 3984 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:13.0289 3984 mcmscsvc - ok
22:18:13.0289 3984 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:13.0289 3984 McNaiAnn - ok
22:18:13.0351 3984 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:13.0367 3984 McNASvc - ok
22:18:13.0476 3984 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
22:18:13.0492 3984 McODS - ok
22:18:13.0507 3984 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:18:13.0523 3984 McProxy - ok
22:18:13.0617 3984 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:18:13.0632 3984 McShield - ok
22:18:13.0679 3984 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:18:13.0695 3984 Mcx2Svc - ok
22:18:13.0710 3984 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:18:13.0726 3984 megasas - ok
22:18:13.0741 3984 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:18:13.0741 3984 MegaSR - ok
22:18:13.0788 3984 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:18:13.0788 3984 mfeapfk - ok
22:18:13.0819 3984 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:18:13.0819 3984 mfeavfk - ok
22:18:13.0851 3984 mfeavfk01 - ok
22:18:13.0913 3984 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:18:13.0913 3984 mfefire - ok
22:18:13.0975 3984 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
22:18:13.0991 3984 mfefirek - ok
22:18:14.0022 3984 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:18:14.0022 3984 mfehidk - ok
22:18:14.0069 3984 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
22:18:14.0069 3984 mfenlfk - ok
22:18:14.0100 3984 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:18:14.0100 3984 mferkdet - ok
22:18:14.0116 3984 mferkdet01 - ok
22:18:14.0163 3984 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe
22:18:14.0163 3984 mfevtp - ok
22:18:14.0194 3984 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:18:14.0194 3984 mfewfpk - ok
22:18:14.0225 3984 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:18:14.0225 3984 MMCSS - ok
22:18:14.0225 3984 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:18:14.0225 3984 Modem - ok
22:18:14.0272 3984 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:18:14.0272 3984 monitor - ok
22:18:14.0319 3984 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:18:14.0319 3984 mouclass - ok
22:18:14.0334 3984 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:18:14.0334 3984 mouhid - ok
22:18:14.0381 3984 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:18:14.0381 3984 mountmgr - ok
22:18:14.0412 3984 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:18:14.0412 3984 mpio - ok
22:18:14.0428 3984 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:18:14.0428 3984 mpsdrv - ok
22:18:14.0475 3984 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:18:14.0490 3984 MpsSvc - ok
22:18:14.0537 3984 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:18:14.0537 3984 MRxDAV - ok
22:18:14.0568 3984 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:18:14.0568 3984 mrxsmb - ok
22:18:14.0615 3984 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:18:14.0615 3984 mrxsmb10 - ok
22:18:14.0631 3984 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:18:14.0631 3984 mrxsmb20 - ok
22:18:14.0646 3984 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:18:14.0646 3984 msahci - ok
22:18:14.0677 3984 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:18:14.0677 3984 msdsm - ok
22:18:14.0693 3984 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:18:14.0693 3984 MSDTC - ok
22:18:14.0709 3984 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:18:14.0709 3984 Msfs - ok
22:18:14.0724 3984 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:18:14.0724 3984 mshidkmdf - ok
22:18:14.0755 3984 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:18:14.0755 3984 msisadrv - ok
22:18:14.0787 3984 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:18:14.0787 3984 MSiSCSI - ok
22:18:14.0802 3984 msiserver - ok
22:18:14.0818 3984 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:18:14.0818 3984 MSKSSRV - ok
22:18:14.0849 3984 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:18:14.0849 3984 MSPCLOCK - ok
22:18:14.0849 3984 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:18:14.0865 3984 MSPQM - ok
22:18:14.0896 3984 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:18:14.0911 3984 MsRPC - ok
22:18:14.0927 3984 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:18:14.0927 3984 mssmbios - ok
22:18:14.0943 3984 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:18:14.0943 3984 MSTEE - ok
22:18:14.0958 3984 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:18:14.0958 3984 MTConfig - ok
22:18:14.0989 3984 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:18:14.0989 3984 Mup - ok
22:18:15.0036 3984 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:18:15.0036 3984 napagent - ok
22:18:15.0052 3984 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:18:15.0052 3984 NativeWifiP - ok
22:18:15.0114 3984 [ 2A66DD37F5A44CD4548FA89E4088FD01 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
22:18:15.0114 3984 NAUpdate - ok
22:18:15.0177 3984 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:18:15.0177 3984 NDIS - ok
22:18:15.0192 3984 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:18:15.0192 3984 NdisCap - ok
22:18:15.0208 3984 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:18:15.0208 3984 NdisTapi - ok
22:18:15.0255 3984 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:18:15.0255 3984 Ndisuio - ok
22:18:15.0286 3984 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:18:15.0286 3984 NdisWan - ok
22:18:15.0333 3984 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:18:15.0333 3984 NDProxy - ok
22:18:15.0333 3984 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:18:15.0333 3984 NetBIOS - ok
22:18:15.0364 3984 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:18:15.0364 3984 NetBT - ok
22:18:15.0364 3984 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:18:15.0364 3984 Netlogon - ok
22:18:15.0426 3984 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:18:15.0426 3984 Netman - ok
22:18:15.0457 3984 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:18:15.0457 3984 netprofm - ok
22:18:15.0473 3984 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:18:15.0473 3984 NetTcpPortSharing - ok
22:18:15.0504 3984 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:18:15.0504 3984 nfrd960 - ok
22:18:15.0567 3984 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:18:15.0567 3984 NlaSvc - ok
22:18:15.0629 3984 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:18:15.0645 3984 NOBU - ok
22:18:15.0660 3984 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:18:15.0660 3984 Npfs - ok
22:18:15.0660 3984 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:18:15.0676 3984 nsi - ok
22:18:15.0676 3984 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:18:15.0676 3984 nsiproxy - ok
22:18:15.0738 3984 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:18:15.0754 3984 Ntfs - ok
22:18:15.0754 3984 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:18:15.0754 3984 Null - ok
22:18:15.0816 3984 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:18:15.0816 3984 nvraid - ok
22:18:15.0863 3984 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:18:15.0863 3984 nvstor - ok
22:18:15.0879 3984 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:18:15.0879 3984 nv_agp - ok
22:18:15.0925 3984 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:18:15.0925 3984 ohci1394 - ok
22:18:15.0941 3984 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:15.0957 3984 ose - ok
22:18:16.0066 3984 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:18:16.0128 3984 osppsvc - ok
22:18:16.0144 3984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:18:16.0144 3984 p2pimsvc - ok
22:18:16.0159 3984 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:18:16.0159 3984 p2psvc - ok
22:18:16.0191 3984 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:18:16.0191 3984 Parport - ok
22:18:16.0222 3984 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:18:16.0237 3984 partmgr - ok
22:18:16.0253 3984 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:18:16.0253 3984 PcaSvc - ok
22:18:16.0315 3984 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
22:18:16.0487 3984 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
22:18:16.0518 3984 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:18:16.0534 3984 pci - ok
22:18:16.0581 3984 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:18:16.0581 3984 pciide - ok
22:18:16.0596 3984 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:18:16.0612 3984 pcmcia - ok
22:18:16.0612 3984 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:18:16.0612 3984 pcw - ok
22:18:16.0643 3984 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:18:16.0659 3984 PEAUTH - ok
22:18:16.0799 3984 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:18:16.0799 3984 PerfHost - ok
22:18:16.0877 3984 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:18:16.0908 3984 pla - ok
22:18:16.0971 3984 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:18:16.0971 3984 PlugPlay - ok
22:18:17.0002 3984 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:18:17.0002 3984 PNRPAutoReg - ok
22:18:17.0002 3984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:18:17.0002 3984 PNRPsvc - ok
22:18:17.0033 3984 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:18:17.0033 3984 PolicyAgent - ok
22:18:17.0064 3984 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:18:17.0064 3984 Power - ok
22:18:17.0127 3984 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:18:17.0127 3984 PptpMiniport - ok
22:18:17.0142 3984 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:18:17.0158 3984 Processor - ok
22:18:17.0205 3984 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:18:17.0205 3984 ProfSvc - ok
22:18:17.0220 3984 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:18:17.0220 3984 ProtectedStorage - ok
22:18:17.0283 3984 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:18:17.0283 3984 Psched - ok
22:18:17.0314 3984 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:18:17.0314 3984 PxHlpa64 - ok
22:18:17.0361 3984 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:18:17.0376 3984 ql2300 - ok
22:18:17.0392 3984 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:18:17.0392 3984 ql40xx - ok
22:18:17.0392 3984 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:18:17.0407 3984 QWAVE - ok
22:18:17.0407 3984 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:18:17.0407 3984 QWAVEdrv - ok
22:18:17.0423 3984 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:18:17.0423 3984 RasAcd - ok
22:18:17.0439 3984 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:18:17.0439 3984 RasAgileVpn - ok
22:18:17.0454 3984 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:18:17.0454 3984 RasAuto - ok
22:18:17.0501 3984 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:18:17.0501 3984 Rasl2tp - ok
22:18:17.0532 3984 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:18:17.0548 3984 RasMan - ok
22:18:17.0548 3984 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:18:17.0548 3984 RasPppoe - ok
22:18:17.0563 3984 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:18:17.0563 3984 RasSstp - ok
22:18:17.0579 3984 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:18:17.0579 3984 rdbss - ok
22:18:17.0595 3984 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:18:17.0595 3984 rdpbus - ok
22:18:17.0610 3984 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:18:17.0610 3984 RDPCDD - ok
22:18:17.0641 3984 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:18:17.0641 3984 RDPENCDD - ok
22:18:17.0657 3984 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:18:17.0657 3984 RDPREFMP - ok
22:18:17.0688 3984 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:18:17.0688 3984 RDPWD - ok
22:18:17.0735 3984 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:18:17.0735 3984 rdyboost - ok
22:18:17.0766 3984 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:18:17.0766 3984 RemoteAccess - ok
22:18:17.0766 3984 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:18:17.0782 3984 RemoteRegistry - ok
22:18:17.0797 3984 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:18:17.0797 3984 RpcEptMapper - ok
22:18:17.0813 3984 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:18:17.0829 3984 RpcLocator - ok
22:18:17.0875 3984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:18:17.0875 3984 RpcSs - ok
22:18:17.0875 3984 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:18:17.0875 3984 rspndr - ok
22:18:17.0875 3984 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:18:17.0891 3984 SamSs - ok
22:18:17.0922 3984 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:18:17.0938 3984 sbp2port - ok
22:18:17.0953 3984 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:18:17.0953 3984 SCardSvr - ok
22:18:18.0000 3984 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:18:18.0000 3984 scfilter - ok
22:18:18.0063 3984 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:18:18.0078 3984 Schedule - ok
22:18:18.0109 3984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:18:18.0109 3984 SCPolicySvc - ok
22:18:18.0172 3984 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:18:18.0172 3984 SDRSVC - ok
22:18:18.0187 3984 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:18:18.0187 3984 secdrv - ok
22:18:18.0234 3984 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:18:18.0234 3984 seclogon - ok
22:18:18.0250 3984 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:18:18.0250 3984 SENS - ok
22:18:18.0265 3984 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:18:18.0265 3984 SensrSvc - ok
22:18:18.0281 3984 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:18:18.0281 3984 Serenum - ok
22:18:18.0297 3984 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:18:18.0297 3984 Serial - ok
22:18:18.0343 3984 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:18:18.0343 3984 sermouse - ok
22:18:18.0375 3984 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:18:18.0375 3984 SessionEnv - ok
22:18:18.0406 3984 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:18:18.0421 3984 sffdisk - ok
22:18:18.0453 3984 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:18:18.0453 3984 sffp_mmc - ok
22:18:18.0499 3984 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:18:18.0515 3984 sffp_sd - ok
22:18:18.0531 3984 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:18:18.0531 3984 sfloppy - ok
22:18:18.0609 3984 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:18:18.0624 3984 Sftfs - ok
22:18:18.0702 3984 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:18:18.0702 3984 sftlist - ok
22:18:18.0733 3984 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:18:18.0749 3984 Sftplay - ok
22:18:18.0749 3984 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:18:18.0749 3984 Sftredir - ok
22:18:18.0858 3984 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:18:18.0858 3984 SftService - ok
22:18:18.0905 3984 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:18:18.0905 3984 Sftvol - ok
22:18:18.0921 3984 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:18:18.0921 3984 sftvsa - ok
22:18:18.0952 3984 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:18:18.0952 3984 SharedAccess - ok
22:18:18.0967 3984 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:18:18.0967 3984 ShellHWDetection - ok
22:18:18.0999 3984 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:18:18.0999 3984 SiSRaid2 - ok
22:18:18.0999 3984 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:18:18.0999 3984 SiSRaid4 - ok
22:18:19.0030 3984 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:18:19.0030 3984 SkypeUpdate - ok
22:18:19.0045 3984 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:18:19.0045 3984 Smb - ok
22:18:19.0061 3984 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:18:19.0061 3984 SNMPTRAP - ok
22:18:19.0077 3984 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:18:19.0077 3984 spldr - ok
22:18:19.0108 3984 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:18:19.0123 3984 Spooler - ok
22:18:19.0201 3984 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:18:19.0248 3984 sppsvc - ok
22:18:19.0264 3984 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:18:19.0264 3984 sppuinotify - ok
22:18:19.0311 3984 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:18:19.0326 3984 srv - ok
22:18:19.0373 3984 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:18:19.0389 3984 srv2 - ok
22:18:19.0404 3984 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:18:19.0404 3984 srvnet - ok
22:18:19.0435 3984 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:18:19.0435 3984 SSDPSRV - ok
22:18:19.0451 3984 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:18:19.0451 3984 SstpSvc - ok
22:18:19.0467 3984 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:18:19.0467 3984 stexstor - ok
22:18:19.0529 3984 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:18:19.0545 3984 stisvc - ok
22:18:19.0591 3984 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:18:19.0591 3984 swenum - ok
22:18:19.0623 3984 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:18:19.0623 3984 swprv - ok
22:18:19.0716 3984 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:18:19.0747 3984 SysMain - ok
22:18:19.0794 3984 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:18:19.0810 3984 TabletInputService - ok
22:18:19.0872 3984 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:18:19.0872 3984 TapiSrv - ok
22:18:19.0888 3984 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:18:19.0903 3984 TBS - ok
22:18:19.0981 3984 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:18:19.0997 3984 Tcpip - ok
22:18:20.0013 3984 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:18:20.0028 3984 TCPIP6 - ok
22:18:20.0075 3984 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:18:20.0075 3984 tcpipreg - ok
22:18:20.0091 3984 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:18:20.0091 3984 TDPIPE - ok
22:18:20.0153 3984 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:18:20.0153 3984 TDTCP - ok
22:18:20.0200 3984 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:18:20.0200 3984 tdx - ok
22:18:20.0231 3984 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:18:20.0231 3984 TermDD - ok
22:18:20.0293 3984 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:18:20.0293 3984 TermService - ok
22:18:20.0309 3984 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:18:20.0309 3984 Themes - ok
22:18:20.0356 3984 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:18:20.0356 3984 THREADORDER - ok
22:18:20.0371 3984 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:18:20.0371 3984 TrkWks - ok
22:18:20.0449 3984 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:18:20.0449 3984 TrustedInstaller - ok
22:18:20.0496 3984 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:20.0512 3984 tssecsrv - ok
22:18:20.0559 3984 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:18:20.0559 3984 TsUsbFlt - ok
22:18:20.0590 3984 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:18:20.0590 3984 tunnel - ok
22:18:20.0605 3984 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:18:20.0605 3984 uagp35 - ok
22:18:20.0652 3984 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:18:20.0652 3984 udfs - ok
22:18:20.0668 3984 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:18:20.0683 3984 UI0Detect - ok
22:18:20.0699 3984 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:18:20.0699 3984 uliagpkx - ok
22:18:20.0746 3984 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:18:20.0746 3984 umbus - ok
22:18:20.0761 3984 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:18:20.0761 3984 UmPass - ok
22:18:20.0777 3984 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:18:20.0777 3984 upnphost - ok
22:18:20.0839 3984 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:20.0839 3984 usbccgp - ok
22:18:20.0871 3984 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:18:20.0886 3984 usbcir - ok
22:18:20.0917 3984 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:18:20.0917 3984 usbehci - ok
22:18:20.0933 3984 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:18:20.0933 3984 usbhub - ok
22:18:20.0949 3984 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:18:20.0949 3984 usbohci - ok
22:18:20.0964 3984 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:18:20.0964 3984 usbprint - ok
22:18:20.0980 3984 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:20.0980 3984 USBSTOR - ok
22:18:20.0995 3984 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:18:20.0995 3984 usbuhci - ok
22:18:20.0995 3984 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:18:20.0995 3984 UxSms - ok
22:18:20.0995 3984 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:18:20.0995 3984 VaultSvc - ok
22:18:21.0011 3984 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:18:21.0011 3984 vdrvroot - ok
22:18:21.0058 3984 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:18:21.0058 3984 vds - ok
22:18:21.0073 3984 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:21.0073 3984 vga - ok
22:18:21.0089 3984 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:18:21.0089 3984 VgaSave - ok
22:18:21.0136 3984 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:18:21.0136 3984 vhdmp - ok
22:18:21.0167 3984 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:18:21.0167 3984 viaide - ok
22:18:21.0214 3984 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:18:21.0214 3984 volmgr - ok
22:18:21.0339 3984 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:18:21.0339 3984 volmgrx - ok
22:18:21.0401 3984 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:18:21.0401 3984 volsnap - ok
22:18:21.0510 3984 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:18:21.0510 3984 vsmraid - ok
22:18:21.0557 3984 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:18:21.0573 3984 VSS - ok
22:18:21.0588 3984 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:18:21.0588 3984 vwifibus - ok
22:18:21.0588 3984 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:18:21.0604 3984 W32Time - ok
22:18:21.0604 3984 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:18:21.0619 3984 WacomPen - ok
22:18:21.0651 3984 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:18:21.0666 3984 WANARP - ok
22:18:21.0682 3984 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:18:21.0682 3984 Wanarpv6 - ok
22:18:21.0775 3984 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:18:21.0791 3984 WatAdminSvc - ok
22:18:21.0869 3984 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:18:21.0900 3984 wbengine - ok
22:18:21.0916 3984 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:18:21.0916 3984 WbioSrvc - ok
22:18:21.0963 3984 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:18:21.0963 3984 wcncsvc - ok
22:18:21.0963 3984 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:18:21.0963 3984 WcsPlugInService - ok
22:18:21.0963 3984 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:18:21.0963 3984 Wd - ok
22:18:21.0978 3984 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:18:21.0994 3984 Wdf01000 - ok
22:18:22.0009 3984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:18:22.0009 3984 WdiServiceHost - ok
22:18:22.0009 3984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:18:22.0009 3984 WdiSystemHost - ok
22:18:22.0056 3984 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:18:22.0056 3984 WebClient - ok
22:18:22.0072 3984 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:18:22.0087 3984 Wecsvc - ok
22:18:22.0103 3984 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:18:22.0103 3984 wercplsupport - ok
22:18:22.0103 3984 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:18:22.0103 3984 WerSvc - ok
22:18:22.0119 3984 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:18:22.0119 3984 WfpLwf - ok
22:18:22.0150 3984 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:18:22.0150 3984 WimFltr - ok
22:18:22.0165 3984 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:18:22.0165 3984 WIMMount - ok
22:18:22.0197 3984 WinDefend - ok
22:18:22.0212 3984 WinHttpAutoProxySvc - ok
22:18:22.0259 3984 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:18:22.0259 3984 Winmgmt - ok
22:18:22.0353 3984 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:18:22.0415 3984 WinRM - ok
22:18:22.0477 3984 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:18:22.0477 3984 WinUsb - ok
22:18:22.0540 3984 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:18:22.0555 3984 Wlansvc - ok
22:18:22.0587 3984 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:18:22.0587 3984 wlcrasvc - ok
22:18:22.0727 3984 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:18:22.0727 3984 wlidsvc - ok
22:18:22.0774 3984 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:18:22.0774 3984 WmiAcpi - ok
22:18:22.0789 3984 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:18:22.0805 3984 wmiApSrv - ok
22:18:22.0821 3984 WMPNetworkSvc - ok
22:18:22.0836 3984 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:18:22.0836 3984 WPCSvc - ok
22:18:22.0852 3984 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:18:22.0852 3984 WPDBusEnum - ok
22:18:22.0852 3984 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:18:22.0852 3984 ws2ifsl - ok
22:18:22.0867 3984 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:18:22.0867 3984 wscsvc - ok
22:18:22.0867 3984 WSearch - ok
22:18:22.0961 3984 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:18:22.0992 3984 wuauserv - ok
22:18:23.0023 3984 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:18:23.0023 3984 WudfPf - ok
22:18:23.0055 3984 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:23.0055 3984 WUDFRd - ok
22:18:23.0101 3984 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:18:23.0101 3984 wudfsvc - ok
22:18:23.0117 3984 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:18:23.0117 3984 WwanSvc - ok
22:18:23.0164 3984 [ AEC505976EF01BBD8F57CBA912F39259 ] XG762V64 C:\Windows\system32\DRIVERS\WlanUZG.sys
22:18:23.0179 3984 XG762V64 - ok
22:18:23.0211 3984 [ 18B6869E23937175144E6F1D3CB85FC2 ] ZDCNDIS6a64 C:\Windows\system32\ZDCNDIS6a64.sys
22:18:23.0211 3984 ZDCNDIS6a64 - ok
22:18:23.0226 3984 ================ Scan global ===============================
22:18:23.0242 3984 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:18:23.0289 3984 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:18:23.0304 3984 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:18:23.0320 3984 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:18:23.0367 3984 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:18:23.0367 3984 [Global] - ok
22:18:23.0367 3984 ================ Scan MBR ==================================
22:18:23.0382 3984 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:18:23.0601 3984 \Device\Harddisk0\DR0 - ok
22:18:23.0601 3984 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
22:18:23.0616 3984 \Device\Harddisk5\DR5 - ok
22:18:23.0616 3984 ================ Scan VBR ==================================
22:18:23.0616 3984 [ 48B9F0EB83A6B901AB02CDC34CCF1B68 ] \Device\Harddisk0\DR0\Partition1
22:18:23.0616 3984 \Device\Harddisk0\DR0\Partition1 - ok
22:18:23.0647 3984 [ 1DBF74B269A29F1DA7B82CA1F4227EB6 ] \Device\Harddisk0\DR0\Partition2
22:18:23.0647 3984 \Device\Harddisk0\DR0\Partition2 - ok
22:18:23.0647 3984 [ A28E23B8144B6D97D92862C5C296E8C7 ] \Device\Harddisk5\DR5\Partition1
22:18:23.0663 3984 \Device\Harddisk5\DR5\Partition1 - ok
22:18:23.0663 3984 ============================================================
22:18:23.0663 3984 Scan finished
22:18:23.0663 3984 ============================================================
22:18:23.0679 4880 Detected object count: 0
22:18:23.0679 4880 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-02 22:22:47
-----------------------------
22:22:47.300 OS Version: Windows x64 6.1.7601 Service Pack 1
22:22:47.300 Number of processors: 4 586 0x403
22:22:47.300 ComputerName: LARS-PC UserName: lars
22:22:49.391 Initialize success
22:27:45.184 AVAST engine defs: 12100200
22:28:18.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:28:18.943 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 11
22:28:18.990 Disk 0 MBR read successfully
22:28:18.990 Disk 0 MBR scan
22:28:19.005 Disk 0 Windows 7 default MBR code
22:28:19.005 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
22:28:19.021 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13118 MB offset 225280
22:28:19.052 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 940640 MB offset 27090944
22:28:19.052 Disk 0 scanning C:\Windows\system32\drivers
22:28:28.350 Service scanning
22:28:47.662 Modules scanning
22:28:47.678 Disk 0 trace - called modules:
22:28:47.678 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:28:47.694 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062fc060]
22:28:47.694 3 CLASSPNP.SYS[fffff8800217143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006220680]
22:28:49.971 AVAST engine scan C:\Windows
22:28:53.388 AVAST engine scan C:\Windows\system32
22:32:17.308 AVAST engine scan C:\Windows\system32\drivers
22:32:36.340 AVAST engine scan C:\Users\lars
22:34:53.926 Disk 0 MBR has been saved successfully to "J:\AV\MBR.dat"
22:34:53.957 The log file has been saved successfully to "J:\AV\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 03 October 2012 - 01:07 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 03 October 2012 - 02:17 PM

Gringo,

Here is the most recent combofix log for your information.
As far as I can tell everything seems to be OK with the PC at the moment.

Regards,

TimB48


ComboFix 12-10-03.03 - lars 03/10/2012 22:02:53.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6143.4580 [GMT 1:00]
Running from: c:\users\lars\Desktop\ComboFix.exe
Command switches used :: j:\av\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 )))))))))))))))))))))))))))))))
.
.
2012-10-03 21:09 . 2012-10-03 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-03 20:57 . 2012-10-03 20:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-03 20:55 . 2012-10-03 20:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 10:10 . 2012-09-30 10:10 -------- d-----w- C:\FRST
2012-09-30 09:44 . 2012-09-30 09:44 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-09-30 09:21 . 2012-09-30 09:21 -------- d-----w- c:\program files\HitmanPro
2012-09-29 16:41 . 2012-09-29 16:51 -------- d-----w- c:\programdata\HitmanPro
2012-09-29 16:33 . 2012-09-30 09:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-29 16:13 . 2012-09-29 16:14 -------- d-----w- C:\New folder
2012-09-29 16:11 . 2012-09-29 16:11 -------- d-----w- C:\AV
2012-09-29 12:19 . 2012-09-29 12:19 -------- d-----w- c:\users\lars\AppData\Roaming\SUPERAntiSpyware.com
2012-09-29 12:19 . 2012-09-29 12:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-29 12:00 . 2012-09-29 12:00 -------- d-----w- c:\users\lars\AppData\Roaming\Malwarebytes
2012-09-29 11:59 . 2012-09-29 11:59 -------- d-----w- c:\programdata\Malwarebytes
2012-09-29 11:18 . 2012-09-29 11:18 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-29 11:17 . 2012-09-29 11:55 460888 ----a-w- c:\windows\system32\drivers\83582399.sys
2012-09-26 14:00 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 20:46 . 2012-09-24 20:46 -------- d-----w- c:\programdata\7531E8D9000C0C4202AC0FB2F875F002
2012-09-24 20:45 . 2012-09-29 16:04 -------- d-----w- c:\users\lars\AppData\Roaming\Ynbe
2012-09-23 02:00 . 2012-08-24 10:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-09-19 02:01 . 2012-09-19 07:51 -------- d-----w- c:\users\lars\AppData\Roaming\Skype
2012-09-19 02:01 . 2012-09-19 02:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-11 23:16 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 23:16 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 23:16 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 23:16 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 23:16 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 23:16 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 23:16 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 20:55 . 2012-07-01 18:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-03 20:55 . 2011-06-25 15:29 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 02:00 . 2011-02-09 17:33 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-02 09:55 . 2012-03-29 11:10 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-02 09:55 . 2011-07-14 07:26 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-15 06:33 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-15 498160]
"NeroCheck"="c:\windows\SysWOW64\\NeroCheck.exe" [2001-07-09 155648]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-16 560128]
.
c:\users\lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
Dropbox.lnk - c:\users\lars\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
_uninst_69500368.lnk - c:\users\lars\AppData\Local\Temp\_uninst_69500368.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-21 113664]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 136176]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-09-30 30496]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 mferkdet01;McAfee Inc.;Device\mferkdet01.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-08 1255736]
R3 XG762V64;Zoom 802.11a/b/g 762N vista Driver;c:\windows\system32\DRIVERS\WlanUZG.sys [2008-03-27 1041920]
R3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;c:\windows\system32\ZDCNDIS6a64.sys [2008-03-27 41280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 83582399;83582399;c:\windows\system32\DRIVERS\83582399.sys [2012-09-29 460888]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-26 573224]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-10 8013312]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-10 287232]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:55]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 09:02]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 09:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 212.23.3.100 212.23.6.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-03 22:11:25
ComboFix-quarantined-files.txt 2012-10-03 21:11
ComboFix2.txt 2012-10-02 10:32
.
Pre-Run: 538,150,678,528 bytes free
Post-Run: 537,865,834,496 bytes free
.
- - End Of File - - 52B6D1E646EE665694920476FD62919F

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 03 October 2012 - 07:06 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 04 October 2012 - 10:44 AM

Gringo,

Here is the result of the report you requested.


Cheers,

TimB48

7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0
Adobe Reader X (10.1.4)
Amazon MP3 Downloader 1.0.9
ATI Catalyst Control Center
BT NetProtect Plus
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dropbox
DVD43 Plug-in v1.0.0.5
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High-Definition Video Playback 10
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 31
JavaFX 2.1.1
Junk Mail filter update
Medieval CUE Splitter
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero - Burning Rom
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Realtek High Definition Audio Driver
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skins
Skype Toolbars
Skype™ 5.10
Sound Forge Audio Studio 10.0
System Requirements Lab
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 PM

Posted 04 October 2012 - 02:40 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 TimB48

TimB48
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 06 October 2012 - 04:21 AM

Gringo,

Here are the logs for malwarebytes and hijackthis for your info.

No other problems currently

Thanks,

TimB48


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:17:27, on 06/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Users\lars\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623123648.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Dropbox.lnk = lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: _uninst_69500368.lnk = lars\AppData\Local\Temp\_uninst_69500368.bat
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12664 bytes



Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
lars :: LARS-PC [administrator]

Protection: Disabled

06/10/2012 12:08:38
mbam-log-2012-10-06 (12-08-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202869
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users