Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser opens a new tab randomly


  • This topic is locked This topic is locked
16 replies to this topic

#1 Darkiz

Darkiz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 29 November 2012 - 10:58 AM

Hello, I'm having this website called 'ringtonepartner.com' open up on opera from time to time.

I also received an email telling me someone was trying to log into my gmail (Suspicious sign in prevented), I didn't use the link provided there, but went to google settings and changed my password, 2 weeks later I received another email that someone was trying to log into my account again, changed my password again. A couple of days later I got an email from Guild Wars 2 that someone was trying to log in (The login ID is my email and password was the same as the email), as whenever you try to login from a different computer/ip they send an email asking for confirmation. PS: I don't have Guild Wars installed on this machine.

Those problems started to happen after I started using my notebook (the one I'm using now).


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Dark at 13:36:17 on 2012-11-29
Microsoft Windows 7 Professional 6.1.7600.0.932.81.1033.18.3767.1134 [GMT -2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Dark\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Opera\opera.exe
D:\IRC\mirc_upp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Users\Dark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dark\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp&t=a0916
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
StartupFolder: C:\Users\Dark\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dark\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 201.17.0.75 201.17.0.42 192.168.0.1
TCP: Interfaces\{D5BEAC58-441F-4B23-BDAE-12350FF509F4} : DHCPNameServer = 201.17.0.75 201.17.0.42 192.168.0.1
TCP: Interfaces\{D5BEAC58-441F-4B23-BDAE-12350FF509F4}\058696C6C69607 : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{D5BEAC58-441F-4B23-BDAE-12350FF509F4}\46C696E6B6 : DHCPNameServer = 8.8.8.8 8.8.4.4 192.168.0.1
TCP: Interfaces\{D5BEAC58-441F-4B23-BDAE-12350FF509F4}\A756A756 : DHCPNameServer = 200.222.122.133 200.165.132.147 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dark\AppData\Roaming\Mozilla\Firefox\Profiles\959havno.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Dark\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-12 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-12 203264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-11 13336]
R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-11-25 125952]
R2 WMCoreService;Mobile Broadband Core Service;C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [2009-11-9 444416]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-12 158976]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-5-12 10331840]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2009-12-22 74280]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-5-26 40448]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-5-12 342056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-12 39464]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 vncserver;VNC Server;D:\VNC Server\vncserver.exe [2012-9-9 4716424]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736]
.
=============== Created Last 30 ================
.
2012-11-28 14:01:47 -------- d-----w- C:\Users\Dark\AppData\Local\{9D4E3994-92FB-4176-84D3-63EB646A1096}
2012-11-28 04:21:30 -------- d-----w- C:\Users\Dark\AppData\Local\fontconfig
2012-11-28 04:20:27 -------- d-----w- C:\Users\Dark\AppData\Roaming\Aegisub
2012-11-28 04:20:27 -------- d-----w- C:\Users\Dark\AppData\Local\Aegisub
2012-11-28 04:19:53 -------- d-----w- C:\Program Files (x86)\Aegisub
2012-11-28 00:14:41 -------- d-----w- C:\Users\Dark\AppData\Roaming\mkvtoolnix
2012-11-27 16:49:01 -------- d-----w- C:\Users\Dark\AppData\Local\{0B801F7B-7143-4CBC-AD4C-F56C6DF77D29}
2012-11-26 07:34:52 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8D7588B-C3D2-4CBB-9C37-CBE0D10EEC8F}\offreg.dll
2012-11-26 01:34:22 -------- d-----w- C:\ProgramData\Messenger Plus! for Skype
2012-11-26 01:21:08 -------- d-----w- C:\Users\Dark\AppData\Local\{09020A4F-6121-4B6E-8A76-076A1F7BDA34}
2012-11-24 17:16:52 -------- d-----w- C:\Users\Dark\AppData\Roaming\Nitroplus
2012-11-24 16:52:30 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-11-24 16:52:30 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-11-24 16:52:30 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-11-24 16:52:29 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-11-24 16:52:29 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-11-24 16:52:24 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-11-24 16:52:24 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-11-23 18:16:50 -------- d-----w- C:\Users\Dark\AppData\Local\{39727241-093C-46A3-A073-C7C2D2E397D2}
2012-11-23 14:20:26 -------- d-----r- C:\Users\Dark\Virtual Machines
2012-11-23 14:06:34 4514816 ----a-w- C:\Windows\System32\vpc.exe
2012-11-23 14:06:34 360712 ----a-w- C:\Windows\System32\drivers\vpcvmm.sys
2012-11-23 14:06:34 2264064 ----a-w- C:\Windows\System32\VPCWizard.exe
2012-11-23 14:06:33 1210368 ----a-w- C:\Windows\System32\VMWindow.exe
2012-11-23 13:52:29 66304 ----a-w- C:\Windows\System32\drivers\vpcnfltr.sys
2012-11-23 13:50:40 -------- d-----w- C:\Program Files\Windows XP Mode
2012-11-23 06:16:22 -------- d-----w- C:\Users\Dark\AppData\Local\{FCC5C30A-59EC-410F-A618-8C837813D889}
2012-11-23 06:09:04 -------- d-----w- C:\Users\Dark\AppData\Local\{BDF4D4D1-B213-4027-9071-DEDA6520EA62}
2012-11-21 23:30:41 -------- d-----w- C:\Users\Dark\AppData\Local\Macromedia
2012-11-19 15:01:16 -------- d-----w- C:\Users\Dark\AppData\Local\{995C3FCE-DC2E-4D9E-8AF0-8396FF8CBD83}
2012-11-19 03:00:53 -------- d-----w- C:\Users\Dark\AppData\Local\{279C2C84-FE05-4889-8729-31A719758958}
2012-11-17 14:59:53 -------- d-----w- C:\Users\Dark\AppData\Local\{E1C12CC4-271D-4480-A620-DC874431055C}
2012-11-16 12:56:38 -------- d-----w- C:\Users\Dark\AppData\Local\{622393B0-ADF1-4E82-AC34-3C275E5A89D2}
2012-11-15 14:38:42 -------- d-----w- C:\Users\Dark\AppData\Local\{D83DD17B-60BF-4342-8020-6DE7CA113012}
2012-11-13 16:58:01 -------- d-----w- C:\Users\Dark\AppData\Local\{DFA38E4A-AC7F-4595-882C-3A491EE007F4}
2012-11-12 19:45:15 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-11-12 19:45:11 -------- d-----w- C:\Users\Dark\AppData\Roaming\DAEMON Tools Lite
2012-11-12 19:45:09 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-11-12 19:44:14 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-11-12 14:43:51 -------- d-----w- C:\Users\Dark\AppData\Local\{C84D007F-E551-414E-98CF-4AB8A0B02468}
2012-11-11 19:20:36 -------- d-----w- C:\Users\Dark\AppData\Roaming\foobar2000
2012-11-11 19:16:23 -------- d-----w- C:\Program Files (x86)\foobar2000
2012-11-11 13:21:01 -------- d-----w- C:\Users\Dark\AppData\Local\{BEFC4CDB-9002-4B30-BAF3-3C6816269589}
2012-11-10 20:42:07 -------- d-----w- C:\Users\Dark\AppData\Local\{4F805563-FF61-461C-A46C-8563C9172B6C}
2012-11-09 19:29:29 -------- d-----w- C:\.komodotools
2012-11-09 19:00:24 -------- d-----w- C:\Users\Dark\AppData\Local\ActiveState
2012-11-09 18:58:03 -------- d-----w- C:\Program Files (x86)\ActiveState Komodo Edit 7
2012-11-09 18:23:37 -------- d-----w- C:\Users\Dark\AppData\Local\{C6CA1090-68CD-49D5-BF89-860A0511AF9E}
2012-11-08 13:49:21 -------- d-----w- C:\Users\Dark\AppData\Local\{63B4E06B-D738-49DF-BDB8-FA5C3EBCD7B5}
2012-11-07 14:15:02 -------- d-----w- C:\madVR
2012-11-07 14:14:24 -------- d-----w- C:\Program Files (x86)\Haali
2012-11-07 14:13:23 -------- d-----w- C:\Program Files (x86)\LAV Filters
2012-11-06 12:30:32 -------- d-----w- C:\Users\Dark\AppData\Local\{0EB00B99-466C-431B-B39A-9D884E621BFE}
2012-11-05 15:51:35 -------- d-----w- C:\Users\Dark\AppData\Local\{BEA272BC-2333-45D7-B2BB-FED8EC9E9600}
2012-11-04 22:09:41 -------- d-----w- C:\Windows\SysWow64\Log Files
2012-11-04 15:39:12 -------- d-----w- C:\Users\Dark\AppData\Local\{D42164AC-A8BB-4542-AD92-61D107D4D37C}
2012-11-04 02:30:56 -------- d-----w- C:\Users\Dark\AppData\Local\{790D48B0-5B90-4FE0-9699-7800FA2925A8}
2012-11-03 14:29:46 -------- d-----w- C:\Users\Dark\AppData\Local\{9A4B9DF6-22DC-4963-9965-5A268BA51F47}
.
==================== Find3M ====================
.
2012-10-11 02:34:57 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 02:34:57 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 13:37:27.58 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 AM

Posted 02 December 2012 - 03:47 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Darkiz

Darkiz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 December 2012 - 06:22 PM

Security Check:

Results of screen317's Security Check version 0.99.56
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 26
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Mozilla Firefox (17.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


AdwCleaner:

# AdwCleaner v2.011 - Logfile created 12/02/2012 at 21:09:49
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Professional (64 bits)
# User : Dark - DARKNOTE
# Boot Mode : Normal
# Running from : C:\Users\Dark\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Users\Dark\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Dark\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.plusnetwork.com/?sp=hp&t=a0916 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Users\Dark\AppData\Roaming\Mozilla\Firefox\Profiles\959havno.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Dark\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxp://www.plusnetwork.com/?sp=hp&t=a0916",
Deleted [l.1639] : homepage = "hxxp://www.plusnetwork.com/?sp=hp&t=a0916",

-\\ Opera v12.11.1661.0

File : C:\Users\Dark\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4284 octets] - [02/12/2012 21:09:49]

########## EOF - C:\AdwCleaner[S1].txt - [4344 octets] ##########


RogueKiller:

For this one I have 2 logs in the desktop, one from when I pressed report called "RKreport[2]..." and one called "RKreport[1]..", which I believe was created during scan, since I'm in doubt from filenames I'm pasting both.

RKreport[1]_S_12022012_02d2113:

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Dark [Admin rights]
Mode : Scan -- Date : 12/02/2012 21:13:22

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] 54c6f22ba2f4d3c442b85f76a52578a6
[BSP] 4cf846a81000bc61b7a1c3f6ad3bc28c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 102300 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209717248 | Size: 374538 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12022012_02d2113.txt >>
RKreport[1]_S_12022012_02d2113.txt


RKreport[2]_D_12022012_02d2113:

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Dark [Admin rights]
Mode : Remove -- Date : 12/02/2012 21:13:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] 54c6f22ba2f4d3c442b85f76a52578a6
[BSP] 4cf846a81000bc61b7a1c3f6ad3bc28c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 102300 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209717248 | Size: 374538 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12022012_02d2113.txt >>
RKreport[1]_S_12022012_02d2113.txt ; RKreport[2]_D_12022012_02d2113.txt

Edited by Darkiz, 02 December 2012 - 06:24 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 AM

Posted 02 December 2012 - 06:41 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Darkiz

Darkiz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 December 2012 - 07:11 PM

ComboFix 12-12-02.01 - Dark 02-Dec-12 21:49:11.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.932.81.1033.18.3767.2519 [GMT -2:00]
Running from: c:\users\Dark\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 23:54 . 2012-12-02 23:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-02 23:54 . 2012-12-02 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 03:50 . 2008-10-27 12:04 518480 ----a-w- c:\windows\system32\XAudio2_3.dll
2012-11-28 04:21 . 2012-11-28 04:21 -------- d-----w- c:\users\Dark\AppData\Local\fontconfig
2012-11-28 04:20 . 2012-11-28 22:36 -------- d-----w- c:\users\Dark\AppData\Roaming\Aegisub
2012-11-28 04:20 . 2012-11-28 04:20 -------- d-----w- c:\users\Dark\AppData\Local\Aegisub
2012-11-28 04:19 . 2012-11-28 04:19 -------- d-----w- c:\program files (x86)\Aegisub
2012-11-28 00:14 . 2012-11-28 00:14 -------- d-----w- c:\users\Dark\AppData\Roaming\mkvtoolnix
2012-11-26 07:34 . 2012-12-01 06:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8D7588B-C3D2-4CBB-9C37-CBE0D10EEC8F}\offreg.dll
2012-11-26 01:34 . 2012-11-30 12:31 -------- d-----w- c:\programdata\Messenger Plus! for Skype
2012-11-24 17:16 . 2012-11-24 17:16 -------- d-----w- c:\users\Dark\AppData\Roaming\Nitroplus
2012-11-24 16:52 . 2004-10-22 04:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-11-24 16:52 . 2004-10-22 04:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-11-24 16:52 . 2004-10-22 04:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-11-24 16:52 . 2004-10-22 04:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-11-24 16:52 . 2004-10-22 04:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-11-24 16:52 . 2012-11-24 16:52 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-11-24 16:52 . 2012-11-24 16:52 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-11-23 14:20 . 2012-11-23 14:46 -------- d-----r- c:\users\Dark\Virtual Machines
2012-11-23 14:06 . 2009-12-31 10:04 360712 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2012-11-23 14:06 . 2009-12-31 09:52 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2012-11-23 14:06 . 2009-12-31 09:52 4514816 ----a-w- c:\windows\system32\vpc.exe
2012-11-23 14:06 . 2009-12-31 07:29 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2012-11-23 13:52 . 2009-09-23 01:51 13312 ----a-w- c:\windows\system32\drivers\en-US\vpcvmm.sys.mui
2012-11-23 13:52 . 2009-09-23 01:46 66304 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2012-11-23 13:52 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcnfltr.sys.mui
2012-11-23 13:52 . 2009-09-23 01:18 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2012-11-23 13:52 . 2009-09-23 01:51 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui
2012-11-23 13:52 . 2009-09-23 01:32 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2012-11-23 13:52 . 2009-09-23 01:32 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2012-11-23 13:52 . 2009-09-23 01:32 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2012-11-23 13:52 . 2009-09-23 01:32 187904 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2012-11-23 13:52 . 2009-09-23 01:32 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2012-11-23 13:52 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcuxd.sys.mui
2012-11-23 13:52 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui
2012-11-23 13:52 . 2009-09-23 01:33 936448 ----a-w- c:\windows\system32\vmsal.exe
2012-11-23 13:50 . 2012-11-23 13:51 -------- d-----w- c:\program files\Windows XP Mode
2012-11-21 23:30 . 2012-11-21 23:30 -------- d-----w- c:\users\Dark\AppData\Local\Macromedia
2012-11-21 23:27 . 2012-11-21 23:27 -------- d-----w- c:\users\Dark\AppData\Local\Mozilla
2012-11-12 19:45 . 2012-11-12 19:45 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-12 19:45 . 2012-11-12 20:01 -------- d-----w- c:\users\Dark\AppData\Roaming\DAEMON Tools Lite
2012-11-12 19:45 . 2012-11-12 19:45 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-11-12 19:44 . 2012-11-12 20:01 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-11-11 19:20 . 2012-11-23 17:42 -------- d-----w- c:\users\Dark\AppData\Roaming\foobar2000
2012-11-11 19:16 . 2012-11-11 19:16 -------- d-----w- c:\program files (x86)\foobar2000
2012-11-09 19:29 . 2012-11-09 19:29 -------- d-----w- C:\.komodotools
2012-11-09 19:00 . 2012-11-09 19:00 -------- d-----w- c:\users\Dark\AppData\Local\ActiveState
2012-11-09 18:58 . 2012-11-09 18:58 -------- d-----w- c:\program files (x86)\ActiveState Komodo Edit 7
2012-11-07 14:20 . 2012-11-07 14:20 -------- d-----w- c:\users\Dark\AppData\Roaming\Media Player Classic
2012-11-07 14:15 . 2012-11-07 14:24 -------- d-----w- C:\madVR
2012-11-07 14:14 . 2012-11-07 14:14 -------- d-----w- c:\program files (x86)\Haali
2012-11-07 14:13 . 2012-11-07 14:13 -------- d-----w- c:\program files (x86)\LAV Filters
2012-11-04 22:09 . 2012-11-04 22:09 -------- d-----w- c:\windows\SysWow64\Log Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 02:34 . 2012-05-25 16:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 02:34 . 2011-05-23 03:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-09 3077528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-09-24 802304]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-11-22 125952]
.
c:\users\Dark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dark\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-27 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 342056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 39464]
R3 dump_wmimmc;dump_wmimmc;d:\pangya\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\garena plus\Room\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 vncserver;VNC Server;d:\vnc server\vncserver.exe [2012-08-15 4716424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-12 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-21 203264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-11-22 125952]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-21 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 02:34]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94247339-3900004076-640291794-1000Core.job
- c:\users\Dark\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 11:38]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94247339-3900004076-640291794-1000UA.job
- c:\users\Dark\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 11:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-10 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-21 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-21 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-21 414744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 201.17.0.75 201.17.0.42 192.168.0.1
FF - ProfilePath - c:\users\Dark\AppData\Roaming\Mozilla\Firefox\Profiles\959havno.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Cheat Engine 5.6.1_is1 - c:\users\Dark\Desktop\ATL\grinder v3\Cheat Engine\unins000.exe
AddRemove-DB-Main 9.1.3 - c:\program files (x86)\DB-Main 9.1.3\dbm-uninst.exe
AddRemove-Sandwiched By My Wife And Her Sister_is1 - d:\irc\downloads\Sandwiched By My Wife And Her Sister\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-02 21:58:55
ComboFix-quarantined-files.txt 2012-12-02 23:58
.
Pre-Run: 37,808,185,344 bytes free
Post-Run: 38,111,727,616 bytes free
.
- - End Of File - - BC02C559FA8AB907753D63F60ADA31DC

  • No problems.
  • For the computer I can't say anything now as I can't check since the website would open every 6 hours or so. And the other issue was regarding my password leaking.

And thanks for the help so far.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 AM

Posted 02 December 2012 - 08:24 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Darkiz

Darkiz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 December 2012 - 09:01 PM

Hello, thanks for the reply, here are the logs:

TDSSKiller:

23:34:06.0444 4724 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:34:07.0208 4724 ============================================================
23:34:07.0208 4724 Current date / time: 2012/12/02 23:34:07.0208
23:34:07.0208 4724 SystemInfo:
23:34:07.0208 4724
23:34:07.0208 4724 OS Version: 6.1.7600 ServicePack: 0.0
23:34:07.0208 4724 Product type: Workstation
23:34:07.0208 4724 ComputerName: DARKNOTE
23:34:07.0208 4724 UserName: Dark
23:34:07.0208 4724 Windows directory: C:\Windows
23:34:07.0208 4724 System windows directory: C:\Windows
23:34:07.0208 4724 Running under WOW64
23:34:07.0208 4724 Processor architecture: Intel x64
23:34:07.0208 4724 Number of processors: 4
23:34:07.0208 4724 Page size: 0x1000
23:34:07.0208 4724 Boot type: Normal boot
23:34:07.0208 4724 ============================================================
23:34:07.0630 4724 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:34:07.0630 4724 ============================================================
23:34:07.0630 4724 \Device\Harddisk0\DR0:
23:34:07.0630 4724 MBR partitions:
23:34:07.0630 4724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:34:07.0630 4724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CE000
23:34:07.0630 4724 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x2DB85000
23:34:07.0630 4724 ============================================================
23:34:07.0661 4724 C: <-> \Device\Harddisk0\DR0\Partition2
23:34:07.0708 4724 D: <-> \Device\Harddisk0\DR0\Partition3
23:34:07.0708 4724 ============================================================
23:34:07.0708 4724 Initialize success
23:34:07.0708 4724 ============================================================
23:34:21.0233 4368 ============================================================
23:34:21.0233 4368 Scan started
23:34:21.0233 4368 Mode: Manual;
23:34:21.0233 4368 ============================================================
23:34:21.0685 4368 ================ Scan system memory ========================
23:34:21.0685 4368 System memory - ok
23:34:21.0685 4368 ================ Scan services =============================
23:34:21.0857 4368 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:34:21.0857 4368 1394ohci - ok
23:34:21.0904 4368 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:34:21.0904 4368 ACPI - ok
23:34:21.0919 4368 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:34:21.0919 4368 AcpiPmi - ok
23:34:22.0107 4368 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:34:22.0107 4368 AdobeFlashPlayerUpdateSvc - ok
23:34:22.0169 4368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:34:22.0169 4368 adp94xx - ok
23:34:22.0200 4368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:34:22.0200 4368 adpahci - ok
23:34:22.0231 4368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:34:22.0231 4368 adpu320 - ok
23:34:22.0263 4368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:34:22.0263 4368 AeLookupSvc - ok
23:34:22.0309 4368 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
23:34:22.0325 4368 AFD - ok
23:34:22.0341 4368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:34:22.0341 4368 agp440 - ok
23:34:22.0372 4368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:34:22.0387 4368 ALG - ok
23:34:22.0403 4368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:34:22.0403 4368 aliide - ok
23:34:22.0450 4368 [ 893D2125996BB8B92054D743D75FDC09 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:34:22.0450 4368 AMD External Events Utility - ok
23:34:22.0497 4368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:34:22.0497 4368 amdide - ok
23:34:22.0512 4368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:34:22.0512 4368 AmdK8 - ok
23:34:22.0699 4368 [ 6AA57C2C6B586CAC8910A142928A79C7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:34:22.0840 4368 amdkmdag - ok
23:34:22.0887 4368 [ 2705B5AF991EFF9396109FBE63635FC9 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:34:22.0902 4368 amdkmdap - ok
23:34:22.0933 4368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:34:22.0933 4368 AmdPPM - ok
23:34:22.0965 4368 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:34:22.0965 4368 amdsata - ok
23:34:22.0980 4368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:34:22.0996 4368 amdsbs - ok
23:34:23.0011 4368 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:34:23.0011 4368 amdxata - ok
23:34:23.0043 4368 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
23:34:23.0043 4368 AmUStor - ok
23:34:23.0074 4368 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
23:34:23.0089 4368 AppID - ok
23:34:23.0121 4368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:34:23.0121 4368 AppIDSvc - ok
23:34:23.0167 4368 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
23:34:23.0167 4368 Appinfo - ok
23:34:23.0214 4368 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:34:23.0214 4368 AppMgmt - ok
23:34:23.0245 4368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:34:23.0245 4368 arc - ok
23:34:23.0261 4368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:34:23.0277 4368 arcsas - ok
23:34:23.0292 4368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:34:23.0292 4368 AsyncMac - ok
23:34:23.0323 4368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:34:23.0323 4368 atapi - ok
23:34:23.0370 4368 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
23:34:23.0370 4368 AtiHdmiService - ok
23:34:23.0417 4368 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:34:23.0433 4368 AudioEndpointBuilder - ok
23:34:23.0448 4368 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:34:23.0464 4368 AudioSrv - ok
23:34:23.0495 4368 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:34:23.0495 4368 AxInstSV - ok
23:34:23.0557 4368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:34:23.0557 4368 b06bdrv - ok
23:34:23.0604 4368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:34:23.0620 4368 b57nd60a - ok
23:34:23.0729 4368 [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
23:34:23.0807 4368 BCM43XX - ok
23:34:23.0854 4368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:34:23.0854 4368 BDESVC - ok
23:34:23.0901 4368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:34:23.0916 4368 Beep - ok
23:34:23.0963 4368 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
23:34:23.0979 4368 BFE - ok
23:34:24.0041 4368 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
23:34:24.0057 4368 BITS - ok
23:34:24.0072 4368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:34:24.0088 4368 blbdrive - ok
23:34:24.0119 4368 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:34:24.0119 4368 bowser - ok
23:34:24.0150 4368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:34:24.0166 4368 BrFiltLo - ok
23:34:24.0166 4368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:34:24.0166 4368 BrFiltUp - ok
23:34:24.0181 4368 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:34:24.0181 4368 BridgeMP - ok
23:34:24.0213 4368 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
23:34:24.0228 4368 Browser - ok
23:34:24.0228 4368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:34:24.0228 4368 Brserid - ok
23:34:24.0244 4368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:34:24.0244 4368 BrSerWdm - ok
23:34:24.0275 4368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:34:24.0275 4368 BrUsbMdm - ok
23:34:24.0291 4368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:34:24.0291 4368 BrUsbSer - ok
23:34:24.0337 4368 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:34:24.0353 4368 BthEnum - ok
23:34:24.0353 4368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:34:24.0369 4368 BTHMODEM - ok
23:34:24.0384 4368 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:34:24.0400 4368 BthPan - ok
23:34:24.0431 4368 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:34:24.0447 4368 BTHPORT - ok
23:34:24.0493 4368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:34:24.0493 4368 bthserv - ok
23:34:24.0540 4368 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:34:24.0540 4368 BTHUSB - ok
23:34:24.0571 4368 [ 73A1C54749FE4F0019241E36C796AB86 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
23:34:24.0587 4368 btwampfl - ok
23:34:24.0603 4368 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:34:24.0603 4368 btwaudio - ok
23:34:24.0634 4368 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
23:34:24.0634 4368 btwavdt - ok
23:34:24.0727 4368 [ 4E6AC6475EF653BDFFDA67A74B9591D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:34:24.0759 4368 btwdins - ok
23:34:24.0805 4368 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:34:24.0805 4368 btwl2cap - ok
23:34:24.0837 4368 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:34:24.0837 4368 btwrchid - ok
23:34:24.0837 4368 catchme - ok
23:34:24.0868 4368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:34:24.0868 4368 cdfs - ok
23:34:24.0915 4368 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:34:24.0930 4368 cdrom - ok
23:34:24.0961 4368 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
23:34:24.0961 4368 CertPropSvc - ok
23:34:24.0977 4368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:34:24.0977 4368 circlass - ok
23:34:25.0008 4368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:34:25.0008 4368 CLFS - ok
23:34:25.0102 4368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:34:25.0102 4368 clr_optimization_v2.0.50727_32 - ok
23:34:25.0149 4368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:34:25.0149 4368 clr_optimization_v2.0.50727_64 - ok
23:34:25.0195 4368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:34:25.0195 4368 CmBatt - ok
23:34:25.0211 4368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:34:25.0211 4368 cmdide - ok
23:34:25.0258 4368 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
23:34:25.0258 4368 CNG - ok
23:34:25.0305 4368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:34:25.0305 4368 Compbatt - ok
23:34:25.0336 4368 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:34:25.0336 4368 CompositeBus - ok
23:34:25.0351 4368 COMSysApp - ok
23:34:25.0383 4368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:34:25.0383 4368 crcdisk - ok
23:34:25.0429 4368 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:34:25.0429 4368 CryptSvc - ok
23:34:25.0461 4368 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
23:34:25.0476 4368 CSC - ok
23:34:25.0507 4368 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
23:34:25.0507 4368 CscService - ok
23:34:25.0570 4368 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:34:25.0570 4368 DcomLaunch - ok
23:34:25.0585 4368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:34:25.0601 4368 defragsvc - ok
23:34:25.0632 4368 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:34:25.0648 4368 DfsC - ok
23:34:25.0679 4368 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
23:34:25.0695 4368 Dhcp - ok
23:34:25.0726 4368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:34:25.0726 4368 discache - ok
23:34:25.0773 4368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:34:25.0773 4368 Disk - ok
23:34:25.0819 4368 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:34:25.0819 4368 Dnscache - ok
23:34:25.0851 4368 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
23:34:25.0851 4368 dot3svc - ok
23:34:25.0866 4368 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
23:34:25.0866 4368 DPS - ok
23:34:25.0913 4368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:34:25.0913 4368 drmkaud - ok
23:34:25.0960 4368 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:34:25.0960 4368 dtsoftbus01 - ok
23:34:26.0038 4368 dump_wmimmc - ok
23:34:26.0100 4368 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:34:26.0131 4368 DXGKrnl - ok
23:34:26.0194 4368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:34:26.0194 4368 EapHost - ok
23:34:26.0287 4368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:34:26.0397 4368 ebdrv - ok
23:34:26.0443 4368 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
23:34:26.0443 4368 EFS - ok
23:34:26.0521 4368 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:34:26.0521 4368 ehRecvr - ok
23:34:26.0553 4368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:34:26.0553 4368 ehSched - ok
23:34:26.0599 4368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:34:26.0615 4368 elxstor - ok
23:34:26.0646 4368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:34:26.0646 4368 ErrDev - ok
23:34:26.0693 4368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:34:26.0693 4368 EventSystem - ok
23:34:26.0709 4368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:34:26.0709 4368 exfat - ok
23:34:26.0740 4368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:34:26.0740 4368 fastfat - ok
23:34:26.0771 4368 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
23:34:26.0787 4368 Fax - ok
23:34:26.0833 4368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:34:26.0833 4368 fdc - ok
23:34:26.0865 4368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:34:26.0865 4368 fdPHost - ok
23:34:26.0880 4368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:34:26.0880 4368 FDResPub - ok
23:34:26.0896 4368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:34:26.0911 4368 FileInfo - ok
23:34:26.0927 4368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:34:26.0927 4368 Filetrace - ok
23:34:26.0958 4368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:34:26.0958 4368 flpydisk - ok
23:34:26.0974 4368 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:34:26.0989 4368 FltMgr - ok
23:34:27.0067 4368 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
23:34:27.0099 4368 FontCache - ok
23:34:27.0161 4368 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:34:27.0161 4368 FontCache3.0.0.0 - ok
23:34:27.0192 4368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:34:27.0192 4368 FsDepends - ok
23:34:27.0223 4368 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:34:27.0223 4368 Fs_Rec - ok
23:34:27.0239 4368 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:34:27.0255 4368 fvevol - ok
23:34:27.0270 4368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:34:27.0270 4368 gagp30kx - ok
23:34:27.0364 4368 GGSAFERDriver - ok
23:34:27.0442 4368 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
23:34:27.0457 4368 gpsvc - ok
23:34:27.0489 4368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:34:27.0489 4368 hcw85cir - ok
23:34:27.0520 4368 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:34:27.0535 4368 HdAudAddService - ok
23:34:27.0567 4368 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:34:27.0567 4368 HDAudBus - ok
23:34:27.0582 4368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:34:27.0582 4368 HidBatt - ok
23:34:27.0598 4368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:34:27.0598 4368 HidBth - ok
23:34:27.0613 4368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:34:27.0613 4368 HidIr - ok
23:34:27.0629 4368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:34:27.0629 4368 hidserv - ok
23:34:27.0676 4368 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:34:27.0676 4368 HidUsb - ok
23:34:27.0707 4368 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:34:27.0707 4368 hkmsvc - ok
23:34:27.0723 4368 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:34:27.0723 4368 HomeGroupListener - ok
23:34:27.0754 4368 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:34:27.0754 4368 HomeGroupProvider - ok
23:34:27.0769 4368 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:34:27.0785 4368 HpSAMD - ok
23:34:27.0816 4368 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:34:27.0832 4368 HTTP - ok
23:34:27.0879 4368 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:34:27.0879 4368 hwpolicy - ok
23:34:27.0910 4368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:34:27.0910 4368 i8042prt - ok
23:34:27.0957 4368 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:34:27.0957 4368 iaStor - ok
23:34:28.0035 4368 [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:34:28.0035 4368 IAStorDataMgrSvc - ok
23:34:28.0081 4368 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:34:28.0081 4368 iaStorV - ok
23:34:28.0159 4368 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:34:28.0175 4368 idsvc - ok
23:34:28.0440 4368 [ B744E1375CD1DB3EB7B89781B8C93D9F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:34:28.0674 4368 igfx - ok
23:34:28.0721 4368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:34:28.0721 4368 iirsp - ok
23:34:28.0768 4368 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
23:34:28.0799 4368 IKEEXT - ok
23:34:28.0830 4368 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
23:34:28.0830 4368 Impcd - ok
23:34:28.0924 4368 [ A0EAB13A78CC5FB960EC76E3D6408DA3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:34:28.0971 4368 IntcAzAudAddService - ok
23:34:29.0002 4368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:34:29.0002 4368 intelide - ok
23:34:29.0251 4368 [ B744E1375CD1DB3EB7B89781B8C93D9F ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
23:34:29.0485 4368 intelkmd - ok
23:34:29.0517 4368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:34:29.0517 4368 intelppm - ok
23:34:29.0548 4368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:34:29.0548 4368 IPBusEnum - ok
23:34:29.0579 4368 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:34:29.0579 4368 IpFilterDriver - ok
23:34:29.0610 4368 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:34:29.0610 4368 iphlpsvc - ok
23:34:29.0626 4368 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:34:29.0626 4368 IPMIDRV - ok
23:34:29.0626 4368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:34:29.0641 4368 IPNAT - ok
23:34:29.0673 4368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:34:29.0673 4368 IRENUM - ok
23:34:29.0704 4368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:34:29.0704 4368 isapnp - ok
23:34:29.0719 4368 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:34:29.0735 4368 iScsiPrt - ok
23:34:29.0751 4368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:34:29.0751 4368 kbdclass - ok
23:34:29.0766 4368 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:34:29.0766 4368 kbdhid - ok
23:34:29.0782 4368 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
23:34:29.0782 4368 KeyIso - ok
23:34:29.0813 4368 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:34:29.0829 4368 KSecDD - ok
23:34:29.0860 4368 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:34:29.0860 4368 KSecPkg - ok
23:34:29.0891 4368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:34:29.0891 4368 ksthunk - ok
23:34:29.0922 4368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:34:29.0938 4368 KtmRm - ok
23:34:29.0985 4368 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
23:34:29.0985 4368 L1C - ok
23:34:30.0031 4368 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:34:30.0047 4368 LanmanServer - ok
23:34:30.0063 4368 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:34:30.0078 4368 LanmanWorkstation - ok
23:34:30.0125 4368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:34:30.0125 4368 lltdio - ok
23:34:30.0156 4368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:34:30.0156 4368 lltdsvc - ok
23:34:30.0187 4368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:34:30.0203 4368 lmhosts - ok
23:34:30.0219 4368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:34:30.0219 4368 LSI_FC - ok
23:34:30.0250 4368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:34:30.0250 4368 LSI_SAS - ok
23:34:30.0281 4368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:34:30.0281 4368 LSI_SAS2 - ok
23:34:30.0297 4368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:34:30.0312 4368 LSI_SCSI - ok
23:34:30.0343 4368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:34:30.0343 4368 luafv - ok
23:34:30.0375 4368 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:34:30.0390 4368 Mcx2Svc - ok
23:34:30.0406 4368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:34:30.0406 4368 megasas - ok
23:34:30.0421 4368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:34:30.0437 4368 MegaSR - ok
23:34:30.0515 4368 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:34:30.0515 4368 Microsoft Office Groove Audit Service - ok
23:34:30.0546 4368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:34:30.0562 4368 MMCSS - ok
23:34:30.0577 4368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:34:30.0577 4368 Modem - ok
23:34:30.0593 4368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:34:30.0593 4368 monitor - ok
23:34:30.0640 4368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:34:30.0640 4368 mouclass - ok
23:34:30.0671 4368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:34:30.0671 4368 mouhid - ok
23:34:30.0687 4368 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:34:30.0687 4368 mountmgr - ok
23:34:30.0718 4368 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:34:30.0718 4368 mpio - ok
23:34:30.0733 4368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:34:30.0733 4368 mpsdrv - ok
23:34:30.0780 4368 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:34:30.0796 4368 MpsSvc - ok
23:34:30.0843 4368 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:34:30.0843 4368 MRxDAV - ok
23:34:30.0874 4368 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:34:30.0874 4368 mrxsmb - ok
23:34:30.0921 4368 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:34:30.0921 4368 mrxsmb10 - ok
23:34:30.0952 4368 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:34:30.0967 4368 mrxsmb20 - ok
23:34:30.0983 4368 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:34:30.0983 4368 msahci - ok
23:34:30.0999 4368 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:34:31.0014 4368 msdsm - ok
23:34:31.0030 4368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:34:31.0030 4368 MSDTC - ok
23:34:31.0045 4368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:34:31.0045 4368 Msfs - ok
23:34:31.0139 4368 [ C9EAFDA6575D7ABAA4C704B78768564C ] MsgPlusService C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
23:34:31.0139 4368 MsgPlusService - ok
23:34:31.0155 4368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:34:31.0155 4368 mshidkmdf - ok
23:34:31.0170 4368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:34:31.0170 4368 msisadrv - ok
23:34:31.0201 4368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:34:31.0201 4368 MSiSCSI - ok
23:34:31.0201 4368 msiserver - ok
23:34:31.0233 4368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:34:31.0233 4368 MSKSSRV - ok
23:34:31.0248 4368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:34:31.0248 4368 MSPCLOCK - ok
23:34:31.0264 4368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:34:31.0264 4368 MSPQM - ok
23:34:31.0295 4368 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:34:31.0295 4368 MsRPC - ok
23:34:31.0311 4368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:34:31.0311 4368 mssmbios - ok
23:34:31.0326 4368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:34:31.0326 4368 MSTEE - ok
23:34:31.0326 4368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:34:31.0326 4368 MTConfig - ok
23:34:31.0357 4368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:34:31.0357 4368 Mup - ok
23:34:31.0389 4368 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
23:34:31.0404 4368 napagent - ok
23:34:31.0451 4368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:34:31.0451 4368 NativeWifiP - ok
23:34:31.0498 4368 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:34:31.0545 4368 NDIS - ok
23:34:31.0591 4368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:34:31.0591 4368 NdisCap - ok
23:34:31.0623 4368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:34:31.0623 4368 NdisTapi - ok
23:34:31.0654 4368 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:34:31.0654 4368 Ndisuio - ok
23:34:31.0669 4368 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:34:31.0669 4368 NdisWan - ok
23:34:31.0685 4368 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:34:31.0685 4368 NDProxy - ok
23:34:31.0701 4368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:34:31.0716 4368 NetBIOS - ok
23:34:31.0732 4368 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:34:31.0732 4368 NetBT - ok
23:34:31.0747 4368 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
23:34:31.0747 4368 Netlogon - ok
23:34:31.0794 4368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:34:31.0794 4368 Netman - ok
23:34:31.0825 4368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:34:31.0825 4368 netprofm - ok
23:34:31.0872 4368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:34:31.0872 4368 NetTcpPortSharing - ok
23:34:31.0903 4368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:34:31.0903 4368 nfrd960 - ok
23:34:31.0935 4368 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:34:31.0935 4368 NlaSvc - ok
23:34:31.0981 4368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:34:31.0981 4368 Npfs - ok
23:34:31.0997 4368 npggsvc - ok
23:34:32.0013 4368 NPPTNT2 - ok
23:34:32.0028 4368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:34:32.0044 4368 nsi - ok
23:34:32.0044 4368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:34:32.0044 4368 nsiproxy - ok
23:34:32.0106 4368 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:34:32.0137 4368 Ntfs - ok
23:34:32.0169 4368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:34:32.0169 4368 Null - ok
23:34:32.0200 4368 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:34:32.0200 4368 nvraid - ok
23:34:32.0215 4368 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:34:32.0215 4368 nvstor - ok
23:34:32.0262 4368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:34:32.0262 4368 nv_agp - ok
23:34:32.0356 4368 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:34:32.0356 4368 odserv - ok
23:34:32.0371 4368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:34:32.0371 4368 ohci1394 - ok
23:34:32.0449 4368 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:34:32.0449 4368 ose - ok
23:34:32.0496 4368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:34:32.0512 4368 p2pimsvc - ok
23:34:32.0527 4368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:34:32.0543 4368 p2psvc - ok
23:34:32.0559 4368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:34:32.0559 4368 Parport - ok
23:34:32.0574 4368 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:34:32.0574 4368 partmgr - ok
23:34:32.0590 4368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:34:32.0590 4368 PcaSvc - ok
23:34:32.0621 4368 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
23:34:32.0621 4368 pci - ok
23:34:32.0652 4368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:34:32.0652 4368 pciide - ok
23:34:32.0668 4368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:34:32.0683 4368 pcmcia - ok
23:34:32.0699 4368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:34:32.0699 4368 pcw - ok
23:34:32.0715 4368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:34:32.0730 4368 PEAUTH - ok
23:34:32.0777 4368 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:34:32.0808 4368 PeerDistSvc - ok
23:34:32.0964 4368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:34:32.0964 4368 PerfHost - ok
23:34:33.0027 4368 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
23:34:33.0058 4368 pla - ok
23:34:33.0105 4368 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:34:33.0120 4368 PlugPlay - ok
23:34:33.0136 4368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:34:33.0136 4368 PNRPAutoReg - ok
23:34:33.0183 4368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:34:33.0183 4368 PNRPsvc - ok
23:34:33.0214 4368 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:34:33.0214 4368 PolicyAgent - ok
23:34:33.0261 4368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:34:33.0261 4368 Power - ok
23:34:33.0307 4368 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:34:33.0307 4368 PptpMiniport - ok
23:34:33.0323 4368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:34:33.0339 4368 Processor - ok
23:34:33.0370 4368 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
23:34:33.0370 4368 ProfSvc - ok
23:34:33.0385 4368 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:34:33.0401 4368 ProtectedStorage - ok
23:34:33.0417 4368 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:34:33.0417 4368 Psched - ok
23:34:33.0479 4368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:34:33.0526 4368 ql2300 - ok
23:34:33.0541 4368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:34:33.0541 4368 ql40xx - ok
23:34:33.0573 4368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:34:33.0588 4368 QWAVE - ok
23:34:33.0604 4368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:34:33.0604 4368 QWAVEdrv - ok
23:34:33.0619 4368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:34:33.0619 4368 RasAcd - ok
23:34:33.0651 4368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:34:33.0651 4368 RasAgileVpn - ok
23:34:33.0651 4368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:34:33.0666 4368 RasAuto - ok
23:34:33.0697 4368 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:34:33.0697 4368 Rasl2tp - ok
23:34:33.0713 4368 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
23:34:33.0729 4368 RasMan - ok
23:34:33.0760 4368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:34:33.0760 4368 RasPppoe - ok
23:34:33.0775 4368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:34:33.0775 4368 RasSstp - ok
23:34:33.0791 4368 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:34:33.0791 4368 rdbss - ok
23:34:33.0838 4368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:34:33.0838 4368 rdpbus - ok
23:34:33.0869 4368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:34:33.0869 4368 RDPCDD - ok
23:34:33.0900 4368 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:34:33.0900 4368 RDPDR - ok
23:34:33.0931 4368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:34:33.0931 4368 RDPENCDD - ok
23:34:33.0963 4368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:34:33.0963 4368 RDPREFMP - ok
23:34:33.0994 4368 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:34:33.0994 4368 RDPWD - ok
23:34:34.0041 4368 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:34:34.0041 4368 rdyboost - ok
23:34:34.0072 4368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:34:34.0072 4368 RemoteAccess - ok
23:34:34.0103 4368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:34:34.0103 4368 RemoteRegistry - ok
23:34:34.0150 4368 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:34:34.0150 4368 RFCOMM - ok
23:34:34.0165 4368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:34:34.0165 4368 RpcEptMapper - ok
23:34:34.0197 4368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:34:34.0197 4368 RpcLocator - ok
23:34:34.0228 4368 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
23:34:34.0243 4368 RpcSs - ok
23:34:34.0275 4368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:34:34.0275 4368 rspndr - ok
23:34:34.0306 4368 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
23:34:34.0306 4368 s3cap - ok
23:34:34.0321 4368 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
23:34:34.0321 4368 SamSs - ok
23:34:34.0337 4368 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:34:34.0337 4368 sbp2port - ok
23:34:34.0368 4368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:34:34.0368 4368 SCardSvr - ok
23:34:34.0399 4368 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:34:34.0399 4368 scfilter - ok
23:34:34.0446 4368 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
23:34:34.0462 4368 Schedule - ok
23:34:34.0493 4368 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:34:34.0493 4368 SCPolicySvc - ok
23:34:34.0524 4368 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:34:34.0524 4368 SDRSVC - ok
23:34:34.0571 4368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:34:34.0571 4368 secdrv - ok
23:34:34.0587 4368 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
23:34:34.0587 4368 seclogon - ok
23:34:34.0602 4368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:34:34.0602 4368 SENS - ok
23:34:34.0618 4368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:34:34.0618 4368 SensrSvc - ok
23:34:34.0633 4368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:34:34.0633 4368 Serenum - ok
23:34:34.0665 4368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:34:34.0665 4368 Serial - ok
23:34:34.0680 4368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:34:34.0696 4368 sermouse - ok
23:34:34.0727 4368 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
23:34:34.0727 4368 SessionEnv - ok
23:34:34.0743 4368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:34:34.0743 4368 sffdisk - ok
23:34:34.0743 4368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:34:34.0743 4368 sffp_mmc - ok
23:34:34.0743 4368 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:34:34.0743 4368 sffp_sd - ok
23:34:34.0758 4368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:34:34.0758 4368 sfloppy - ok
23:34:34.0774 4368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:34:34.0789 4368 SharedAccess - ok
23:34:34.0805 4368 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:34:34.0821 4368 ShellHWDetection - ok
23:34:34.0836 4368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:34:34.0852 4368 SiSRaid2 - ok
23:34:34.0852 4368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:34:34.0852 4368 SiSRaid4 - ok
23:34:34.0883 4368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:34:34.0883 4368 Smb - ok
23:34:34.0914 4368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:34:34.0930 4368 SNMPTRAP - ok
23:34:34.0945 4368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:34:34.0945 4368 spldr - ok
23:34:34.0977 4368 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
23:34:34.0992 4368 Spooler - ok
23:34:35.0086 4368 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
23:34:35.0164 4368 sppsvc - ok
23:34:35.0179 4368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:34:35.0195 4368 sppuinotify - ok
23:34:35.0226 4368 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:34:35.0226 4368 srv - ok
23:34:35.0273 4368 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:34:35.0289 4368 srv2 - ok
23:34:35.0320 4368 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:34:35.0320 4368 srvnet - ok
23:34:35.0351 4368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:34:35.0351 4368 SSDPSRV - ok
23:34:35.0367 4368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:34:35.0367 4368 SstpSvc - ok
23:34:35.0398 4368 Steam Client Service - ok
23:34:35.0429 4368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:34:35.0429 4368 stexstor - ok
23:34:35.0476 4368 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
23:34:35.0491 4368 stisvc - ok
23:34:35.0523 4368 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
23:34:35.0523 4368 storflt - ok
23:34:35.0554 4368 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:34:35.0554 4368 StorSvc - ok
23:34:35.0585 4368 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
23:34:35.0585 4368 storvsc - ok
23:34:35.0601 4368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:34:35.0601 4368 swenum - ok
23:34:35.0647 4368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:34:35.0663 4368 swprv - ok
23:34:35.0710 4368 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:34:35.0710 4368 SynTP - ok
23:34:35.0772 4368 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
23:34:35.0819 4368 SysMain - ok
23:34:35.0819 4368 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:34:35.0835 4368 TabletInputService - ok
23:34:35.0850 4368 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
23:34:35.0866 4368 TapiSrv - ok
23:34:35.0881 4368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:34:35.0881 4368 TBS - ok
23:34:35.0959 4368 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:34:35.0991 4368 Tcpip - ok
23:34:36.0053 4368 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:34:36.0069 4368 TCPIP6 - ok
23:34:36.0100 4368 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:34:36.0100 4368 tcpipreg - ok
23:34:36.0115 4368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:34:36.0115 4368 TDPIPE - ok
23:34:36.0131 4368 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:34:36.0131 4368 TDTCP - ok
23:34:36.0162 4368 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:34:36.0162 4368 tdx - ok
23:34:36.0178 4368 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:34:36.0178 4368 TermDD - ok
23:34:36.0225 4368 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
23:34:36.0240 4368 TermService - ok
23:34:36.0256 4368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:34:36.0256 4368 Themes - ok
23:34:36.0271 4368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:34:36.0271 4368 THREADORDER - ok
23:34:36.0303 4368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:34:36.0303 4368 TrkWks - ok
23:34:36.0349 4368 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:34:36.0349 4368 TrustedInstaller - ok
23:34:36.0365 4368 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:34:36.0365 4368 tssecsrv - ok
23:34:36.0396 4368 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:34:36.0396 4368 tunnel - ok
23:34:36.0427 4368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:34:36.0427 4368 uagp35 - ok
23:34:36.0443 4368 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:34:36.0459 4368 udfs - ok
23:34:36.0505 4368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:34:36.0505 4368 UI0Detect - ok
23:34:36.0537 4368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:34:36.0537 4368 uliagpkx - ok
23:34:36.0568 4368 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:34:36.0568 4368 umbus - ok
23:34:36.0583 4368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:34:36.0583 4368 UmPass - ok
23:34:36.0615 4368 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
23:34:36.0630 4368 UmRdpService - ok
23:34:36.0661 4368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:34:36.0661 4368 upnphost - ok
23:34:36.0693 4368 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:34:36.0693 4368 usbccgp - ok
23:34:36.0724 4368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:34:36.0724 4368 usbcir - ok
23:34:36.0739 4368 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:34:36.0739 4368 usbehci - ok
23:34:36.0771 4368 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:34:36.0771 4368 usbhub - ok
23:34:36.0817 4368 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:34:36.0817 4368 usbohci - ok
23:34:36.0817 4368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:34:36.0833 4368 usbprint - ok
23:34:36.0849 4368 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:34:36.0849 4368 USBSTOR - ok
23:34:36.0849 4368 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:34:36.0849 4368 usbuhci - ok
23:34:36.0895 4368 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:34:36.0895 4368 usbvideo - ok
23:34:36.0927 4368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:34:36.0927 4368 UxSms - ok
23:34:36.0942 4368 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
23:34:36.0958 4368 VaultSvc - ok
23:34:36.0973 4368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:34:36.0973 4368 vdrvroot - ok
23:34:37.0005 4368 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
23:34:37.0005 4368 vds - ok
23:34:37.0051 4368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:34:37.0051 4368 vga - ok
23:34:37.0067 4368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:34:37.0067 4368 VgaSave - ok
23:34:37.0098 4368 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:34:37.0098 4368 vhdmp - ok
23:34:37.0114 4368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:34:37.0114 4368 viaide - ok
23:34:37.0145 4368 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
23:34:37.0145 4368 vmbus - ok
23:34:37.0161 4368 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
23:34:37.0161 4368 VMBusHID - ok
23:34:37.0192 4368 [ 93F279A2C172562050700A18FA84BE2E ] vncmirror C:\Windows\system32\DRIVERS\vncmirror.sys
23:34:37.0192 4368 vncmirror - ok
23:34:37.0348 4368 [ A3EDF2CEB34822F8F57A3F81F1D675F2 ] vncserver D:\VNC Server\vncserver.exe
23:34:37.0473 4368 vncserver - ok
23:34:37.0504 4368 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:34:37.0519 4368 volmgr - ok
23:34:37.0535 4368 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:34:37.0551 4368 volmgrx - ok
23:34:37.0582 4368 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:34:37.0597 4368 volsnap - ok
23:34:37.0644 4368 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
23:34:37.0644 4368 vpcbus - ok
23:34:37.0675 4368 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:34:37.0675 4368 vpcnfltr - ok
23:34:37.0691 4368 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
23:34:37.0691 4368 vpcusb - ok
23:34:37.0738 4368 [ 510D250A08C09850F5C78CA2011B3B62 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
23:34:37.0753 4368 vpcvmm - ok
23:34:37.0785 4368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:34:37.0800 4368 vsmraid - ok
23:34:37.0847 4368 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
23:34:37.0894 4368 VSS - ok
23:34:37.0925 4368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:34:37.0925 4368 vwifibus - ok
23:34:37.0941 4368 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:34:37.0941 4368 vwififlt - ok
23:34:37.0972 4368 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:34:37.0972 4368 vwifimp - ok
23:34:37.0987 4368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:34:38.0003 4368 W32Time - ok
23:34:38.0050 4368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:34:38.0050 4368 WacomPen - ok
23:34:38.0081 4368 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:34:38.0081 4368 WANARP - ok
23:34:38.0112 4368 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:34:38.0112 4368 Wanarpv6 - ok
23:34:38.0159 4368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:34:38.0206 4368 WatAdminSvc - ok
23:34:38.0268 4368 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
23:34:38.0315 4368 wbengine - ok
23:34:38.0331 4368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:34:38.0331 4368 WbioSrvc - ok
23:34:38.0362 4368 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:34:38.0362 4368 wcncsvc - ok
23:34:38.0377 4368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:34:38.0393 4368 WcsPlugInService - ok
23:34:38.0409 4368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:34:38.0409 4368 Wd - ok
23:34:38.0424 4368 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:34:38.0440 4368 Wdf01000 - ok
23:34:38.0455 4368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:34:38.0455 4368 WdiServiceHost - ok
23:34:38.0455 4368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:34:38.0471 4368 WdiSystemHost - ok
23:34:38.0487 4368 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
23:34:38.0502 4368 WebClient - ok
23:34:38.0518 4368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:34:38.0518 4368 Wecsvc - ok
23:34:38.0533 4368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:34:38.0549 4368 wercplsupport - ok
23:34:38.0565 4368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:34:38.0565 4368 WerSvc - ok
23:34:38.0596 4368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:34:38.0596 4368 WfpLwf - ok
23:34:38.0611 4368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:34:38.0611 4368 WIMMount - ok
23:34:38.0627 4368 WinDefend - ok
23:34:38.0627 4368 WinHttpAutoProxySvc - ok
23:34:38.0689 4368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:34:38.0689 4368 Winmgmt - ok
23:34:38.0767 4368 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
23:34:38.0830 4368 WinRM - ok
23:34:38.0892 4368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:34:38.0923 4368 Wlansvc - ok
23:34:39.0064 4368 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:34:39.0126 4368 wlidsvc - ok
23:34:39.0189 4368 [ 4CA6449B0FD7B5E5FEA82CEDAB50D845 ] WMCoreService C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
23:34:39.0204 4368 WMCoreService - ok
23:34:39.0235 4368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:34:39.0235 4368 WmiAcpi - ok
23:34:39.0267 4368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:34:39.0282 4368 wmiApSrv - ok
23:34:39.0298 4368 WMPNetworkSvc - ok
23:34:39.0345 4368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:34:39.0345 4368 WPCSvc - ok
23:34:39.0360 4368 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:34:39.0360 4368 WPDBusEnum - ok
23:34:39.0391 4368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:34:39.0391 4368 ws2ifsl - ok
23:34:39.0423 4368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:34:39.0423 4368 wscsvc - ok
23:34:39.0423 4368 WSearch - ok
23:34:39.0501 4368 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
23:34:39.0579 4368 wuauserv - ok
23:34:39.0625 4368 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:34:39.0625 4368 WudfPf - ok
23:34:39.0657 4368 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:34:39.0657 4368 WUDFRd - ok
23:34:39.0703 4368 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:34:39.0703 4368 wudfsvc - ok
23:34:39.0719 4368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:34:39.0735 4368 WwanSvc - ok
23:34:39.0750 4368 ================ Scan global ===============================
23:34:39.0781 4368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:34:39.0828 4368 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:34:39.0844 4368 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:34:39.0875 4368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:34:39.0906 4368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:34:39.0906 4368 [Global] - ok
23:34:39.0906 4368 ================ Scan MBR ==================================
23:34:39.0922 4368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:34:40.0249 4368 \Device\Harddisk0\DR0 - ok
23:34:40.0249 4368 ================ Scan VBR ==================================
23:34:40.0249 4368 [ 857A30EE0326AC595845ADAFBB73CE9B ] \Device\Harddisk0\DR0\Partition1
23:34:40.0249 4368 \Device\Harddisk0\DR0\Partition1 - ok
23:34:40.0265 4368 [ F0FD94E44C5914EBCFCFE4C075A296E4 ] \Device\Harddisk0\DR0\Partition2
23:34:40.0265 4368 \Device\Harddisk0\DR0\Partition2 - ok
23:34:40.0281 4368 [ 694BF1A567E538467D98B7E0561967EF ] \Device\Harddisk0\DR0\Partition3
23:34:40.0296 4368 \Device\Harddisk0\DR0\Partition3 - ok
23:34:40.0296 4368 ============================================================
23:34:40.0296 4368 Scan finished
23:34:40.0296 4368 ============================================================
23:34:40.0312 4956 Detected object count: 0
23:34:40.0312 4956 Actual detected object count: 0


aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-02 23:36:18
-----------------------------
23:36:18.185 OS Version: Windows x64 6.1.7600
23:36:18.185 Number of processors: 4 586 0x2505
23:36:18.185 ComputerName: DARKNOTE UserName: Dark
23:36:18.591 Initialize success
23:46:38.719 AVAST engine defs: 12120200
23:47:04.100 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:47:04.100 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
23:47:04.116 Disk 0 MBR read successfully
23:47:04.116 Disk 0 MBR scan
23:47:04.116 Disk 0 Windows 7 default MBR code
23:47:04.131 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:47:04.147 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102300 MB offset 206848
23:47:04.178 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 374538 MB offset 209717248
23:47:04.194 Disk 0 scanning C:\Windows\system32\drivers
23:47:14.162 Service scanning
23:47:57.811 Modules scanning
23:47:58.388 Disk 0 trace - called modules:
23:47:58.435 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:47:58.435 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c4e060]
23:47:58.451 3 CLASSPNP.SYS[fffff88001b8b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049c5050]
23:47:59.340 AVAST engine scan C:\Windows
23:48:01.898 AVAST engine scan C:\Windows\system32
23:50:48.460 AVAST engine scan C:\Windows\system32\drivers
23:51:03.701 AVAST engine scan C:\Users\Dark
23:52:52.433 Disk 0 MBR has been saved successfully to "C:\Users\Dark\Desktop\MBR.dat"
23:52:52.449 The log file has been saved successfully to "C:\Users\Dark\Desktop\aswMBR.txt"
23:54:48.858 AVAST engine scan C:\ProgramData
23:55:36.266 Scan finished successfully
23:56:47.278 Disk 0 MBR has been saved successfully to "C:\Users\Dark\Desktop\MBR.dat"
23:56:47.278 The log file has been saved successfully to "C:\Users\Dark\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 AM

Posted 02 December 2012 - 09:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Darkiz

Darkiz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 December 2012 - 09:34 PM

Hello, so far the website hasn't "opened itself", but since it's kinda random I can't say for sure if it's gone; here is the log.

ComboFix 12-12-02.01 - Dark 03-Dec-12 0:24.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.932.81.1033.18.3767.2337 [GMT -2:00]
Running from: c:\users\Dark\Desktop\ComboFix.exe
Command switches used :: c:\users\Dark\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 02:27 . 2012-12-03 02:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-03 02:27 . 2012-12-03 02:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 03:50 . 2008-10-27 12:04 518480 ----a-w- c:\windows\system32\XAudio2_3.dll
2012-11-28 04:21 . 2012-11-28 04:21 -------- d-----w- c:\users\Dark\AppData\Local\fontconfig
2012-11-28 04:20 . 2012-11-28 22:36 -------- d-----w- c:\users\Dark\AppData\Roaming\Aegisub
2012-11-28 04:20 . 2012-11-28 04:20 -------- d-----w- c:\users\Dark\AppData\Local\Aegisub
2012-11-28 04:19 . 2012-11-28 04:19 -------- d-----w- c:\program files (x86)\Aegisub
2012-11-28 00:14 . 2012-11-28 00:14 -------- d-----w- c:\users\Dark\AppData\Roaming\mkvtoolnix
2012-11-26 07:34 . 2012-12-01 06:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8D7588B-C3D2-4CBB-9C37-CBE0D10EEC8F}\offreg.dll
2012-11-26 01:34 . 2012-11-30 12:31 -------- d-----w- c:\programdata\Messenger Plus! for Skype
2012-11-24 17:16 . 2012-11-24 17:16 -------- d-----w- c:\users\Dark\AppData\Roaming\Nitroplus
2012-11-24 16:52 . 2004-10-22 04:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-11-24 16:52 . 2004-10-22 04:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-11-24 16:52 . 2004-10-22 04:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-11-24 16:52 . 2004-10-22 04:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-11-24 16:52 . 2004-10-22 04:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-11-24 16:52 . 2012-11-24 16:52 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-11-24 16:52 . 2012-11-24 16:52 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-11-23 14:20 . 2012-11-23 14:46 -------- d-----r- c:\users\Dark\Virtual Machines
2012-11-23 14:06 . 2009-12-31 10:04 360712 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2012-11-23 14:06 . 2009-12-31 09:52 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2012-11-23 14:06 . 2009-12-31 09:52 4514816 ----a-w- c:\windows\system32\vpc.exe
2012-11-23 14:06 . 2009-12-31 07:29 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2012-11-23 13:52 . 2009-09-23 01:51 13312 ----a-w- c:\windows\system32\drivers\en-US\vpcvmm.sys.mui
2012-11-23 13:52 . 2009-09-23 01:46 66304 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2012-11-23 13:52 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcnfltr.sys.mui
2012-11-23 13:52 . 2009-09-23 01:18 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2012-11-23 13:52 . 2009-09-23 01:51 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui
2012-11-23 13:52 . 2009-09-23 01:32 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2012-11-23 13:52 . 2009-09-23 01:32 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2012-11-23 13:52 . 2009-09-23 01:32 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2012-11-23 13:52 . 2009-09-23 01:32 187904 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2012-11-23 13:52 . 2009-09-23 01:32 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2012-11-23 13:52 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcuxd.sys.mui
2012-11-23 13:52 . 2009-09-23 01:51 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui
2012-11-23 13:52 . 2009-09-23 01:33 936448 ----a-w- c:\windows\system32\vmsal.exe
2012-11-23 13:50 . 2012-11-23 13:51 -------- d-----w- c:\program files\Windows XP Mode
2012-11-21 23:30 . 2012-11-21 23:30 -------- d-----w- c:\users\Dark\AppData\Local\Macromedia
2012-11-21 23:27 . 2012-11-21 23:27 -------- d-----w- c:\users\Dark\AppData\Local\Mozilla
2012-11-12 19:45 . 2012-11-12 19:45 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-12 19:45 . 2012-11-12 20:01 -------- d-----w- c:\users\Dark\AppData\Roaming\DAEMON Tools Lite
2012-11-12 19:45 . 2012-11-12 19:45 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-11-12 19:44 . 2012-11-12 20:01 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-11-11 19:20 . 2012-11-23 17:42 -------- d-----w- c:\users\Dark\AppData\Roaming\foobar2000
2012-11-11 19:16 . 2012-11-11 19:16 -------- d-----w- c:\program files (x86)\foobar2000
2012-11-09 19:29 . 2012-11-09 19:29 -------- d-----w- C:\.komodotools
2012-11-09 19:00 . 2012-11-09 19:00 -------- d-----w- c:\users\Dark\AppData\Local\ActiveState
2012-11-09 18:58 . 2012-11-09 18:58 -------- d-----w- c:\program files (x86)\ActiveState Komodo Edit 7
2012-11-07 14:20 . 2012-11-07 14:20 -------- d-----w- c:\users\Dark\AppData\Roaming\Media Player Classic
2012-11-07 14:15 . 2012-11-07 14:24 -------- d-----w- C:\madVR
2012-11-07 14:14 . 2012-11-07 14:14 -------- d-----w- c:\program files (x86)\Haali
2012-11-07 14:13 . 2012-11-07 14:13 -------- d-----w- c:\program files (x86)\LAV Filters
2012-11-04 22:09 . 2012-11-04 22:09 -------- d-----w- c:\windows\SysWow64\Log Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 02:34 . 2012-05-25 16:41 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 02:34 . 2011-05-23 03:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-09 3077528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-21 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-09-24 802304]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-11-22 125952]
.
c:\users\Dark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dark\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-27 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 342056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 39464]
R3 dump_wmimmc;dump_wmimmc;d:\pangya\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\garena plus\Room\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 vncserver;VNC Server;d:\vnc server\vncserver.exe [2012-08-15 4716424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-12 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-21 203264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-11-22 125952]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-10-21 10331840]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17250666
*NewlyCreated* - 54581174
*NewlyCreated* - ASWMBR
*Deregistered* - 17250666
*Deregistered* - 54581174
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 02:34]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94247339-3900004076-640291794-1000Core.job
- c:\users\Dark\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 11:38]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94247339-3900004076-640291794-1000UA.job
- c:\users\Dark\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 11:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-10 320000]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-21 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-21 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-21 414744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 201.17.0.75 201.17.0.42 192.168.0.1
FF - ProfilePath - c:\users\Dark\AppData\Roaming\Mozilla\Firefox\Profiles\959havno.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cheat Engine 5.6.1_is1 - c:\users\Dark\Desktop\ATL\grinder v3\Cheat Engine\unins000.exe
AddRemove-DB-Main 9.1.3 - c:\program files (x86)\DB-Main 9.1.3\dbm-uninst.exe
AddRemove-Sandwiched By My Wife And Her Sister_is1 - d:\irc\downloads\Sandwiched By My Wife And Her Sister\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-03 00:28:57
ComboFix-quarantined-files.txt 2012-12-03 02:28
ComboFix2.txt 2012-12-02 23:58
.
Pre-Run: 37,776,359,424 bytes free
Post-Run: 37,859,217,408 bytes free
.
- - End Of File - - 0615DFEAB709ACB43AF6BE559D305CDF

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 AM

Posted 02 December 2012 - 09:39 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Ask Toolbar
Java™ 6 Update 25 (64-bit)
Java™ 6 Update 26
Java™ SE Development Kit 6 Update 25 (64-bit)
ƒÊTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Darkiz

Darkiz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 02 December 2012 - 10:14 PM

Hello,


MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.03.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Dark :: DARKNOTE [administrator]

Protection: Disabled

03-Dec-12 01:04:27
mbam-log-2012-12-03 (01-04-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228648
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:11:22, on 03-Dec-12
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Users\Dark\Desktop\HijackThis.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Dropbox.lnk = Dark\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VNC Server (vncserver) - RealVNC Ltd - D:\VNC Server\vncserver.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Mobile Broadband Core Service (WMCoreService) - Unknown owner - C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8834 bytes

Edited by Darkiz, 02 December 2012 - 10:15 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 AM

Posted 02 December 2012 - 10:22 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
      O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - Startup: Dropbox.lnk = Dark\AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Darkiz

Darkiz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 03 December 2012 - 12:13 AM

Hello,

C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Yuna Software\Messenger Plus!\Settings\Settings.exe a variant of Win32/MessengerPlus.A application
C:\Users\Dark\Desktop\desktop\ATL\grinder v3\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application
C:\Users\Dark\Desktop\desktop\ATL\grinder v3\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application
C:\Users\Dark\Desktop\desktop\ATL\grinder v3\Cheat Engine\dbk32.sys probably a variant of Win32/HackTool.CheatEngine.AA application
C:\Users\Dark\Desktop\desktop\ATL\grinder v3\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application
C:\Users\Dark\Desktop\desktop\ATL\grinder v3\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application
C:\Users\Dark\Downloads\DTLite4461-0327.exe Win32/OpenCandy application
D:\Windows 7 Ultimate (64 Bit)\File Sharing Programs\Frost-Wire 4.21.1.exe Win32/OpenCandy application
D:\Windows 7 Ultimate (64 Bit)\Other Windows 7 Activation Tools\Windows 7 Loader eXtreme Edition 3.5.0.3.exe a variant of Win32/HackKMS.A application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 AM

Posted 03 December 2012 - 12:19 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\Yuna Software\Messenger Plus!\Settings\Settings.exe"
    del /f /s /q "C:\Users\Dark\Downloads\DTLite4461-0327.exe"
    del /f /s /q "D:\Windows 7 Ultimate (64 Bit)\File Sharing Programs\Frost-Wire 4.21.1.exe"
    del /f /s /q "D:\Windows 7 Ultimate (64 Bit)\Other Windows 7 Activation Tools\Windows 7 Loader eXtreme Edition 3.5.0.3.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Darkiz

Darkiz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 03 December 2012 - 12:45 AM

All done, thanks a lot for your help! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users