Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS and google keeps redirecting


  • This topic is locked This topic is locked
30 replies to this topic

#1 Fairouz

Fairouz

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 02 July 2013 - 02:41 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by co at 9:26:13 on 2013-07-02
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.2980.1130 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Connectify\ConnectifyService.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Connectify\ConnectifyD.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Connectify\DispatchUI.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\co\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchou.com/?id=7c4e86d400000000000060d8195a807f
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: privitize Toolbar: {1C46A0DD-D53E-46C4-A435-CA11103E255E} -
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [OrderReminder] C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\co\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\co\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{815E6C48-35D3-4A7E-8A50-BAA8AF200D4E} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{E96A42F5-912D-4BF6-994C-163435DA19E0} : DHCPNameServer = 10.0.0.138
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Connectify Dispatch] C:\Program Files (x86)\Connectify\DispatchUI.exe autorun
x64-Run: [Connectify Hotspot] C:\Program Files (x86)\Connectify\Connectify.exe autorun
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-10-13 55856]
R1 cnnctfy3;Connectify LightWeight Filter;C:\windows\System32\drivers\cnnctfy3.sys [2013-4-25 34840]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-13 89600]
R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2012-8-12 156672]
R2 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-24 48488]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-13 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-2 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-2 701512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2013-3-14 794272]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-13 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-13 2656280]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-10-13 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-10-13 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-7-2 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-26 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-10-13 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-1-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-26 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-07-02 07:04:42 -------- d-----w- C:\Program Files\HitmanPro
2013-07-02 07:04:19 -------- d-----w- C:\ProgramData\HitmanPro
2013-07-02 06:54:51 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-07-02 06:54:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 06:48:29 93 ----a-w- C:\windows\DeleteOnReboot.bat
2013-07-02 06:23:38 -------- d-----w- C:\ProgramData\StarApp
2013-07-02 06:18:55 -------- d-----w- C:\Users\co\AppData\Roaming\DownLite
2013-07-02 06:15:48 -------- d-----w- C:\Program Files (x86)\hosts
2013-07-02 05:29:28 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6BECA875-876F-4BBE-905B-7CFFD8DB5F8E}\mpengine.dll
2013-07-02 03:18:21 -------- d-----w- C:\Program Files (x86)\DiskGetor Data Recovery
2013-06-30 18:38:44 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-29 16:05:33 -------- d-----w- C:\Users\co\AppData\Local\{8D815700-89FD-4F76-B8A1-866E633F5901}
2013-06-20 21:10:17 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8137FA7F-D81F-44CC-8C91-3AD4E7D31224}\gapaengine.dll
2013-06-19 19:42:44 -------- d-----w- C:\Users\co\AppData\Local\{8BF88914-2EBD-41DA-BD34-EA1E8DE78A63}
2013-06-16 11:25:24 -------- d-----w- C:\Users\co\AppData\Local\{45CA3194-E0DF-48C4-8D75-4714E54284A6}
2013-06-16 10:59:49 -------- d-----w- C:\Users\co\AppData\Local\{04BD372E-C33A-4A68-BAF8-095B1EFBDE38}
2013-06-16 10:59:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-12 11:53:17 -------- d-----w- C:\Users\co\AppData\Local\{E0DB0147-B98E-485E-8E0D-2CCA60EFDDBC}
2013-06-12 11:33:39 -------- d-----w- C:\Users\co\AppData\Local\{6E4D4BAE-5831-407A-BA66-0660FA93526D}
2013-06-12 01:00:59 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-12 01:00:58 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:09:19 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-11 23:04:03 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-06-11 23:04:03 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-06-11 23:03:59 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-06-11 23:03:59 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-06-11 23:03:50 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-06-11 23:03:50 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-06-11 23:02:45 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-06-11 23:02:45 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-06-11 23:02:44 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-06-11 23:02:44 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-06-11 23:02:44 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-06-11 23:02:44 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-06-11 23:02:43 52224 ----a-w- C:\windows\System32\certenc.dll
2013-06-11 23:02:43 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-06-11 23:02:43 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-06-11 23:02:43 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-06-11 23:02:28 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-06-11 23:02:28 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-06-11 19:27:31 -------- d-----w- C:\Users\co\AppData\Local\{FF0126CB-C561-4963-B3C5-D484CB179D2D}
2013-06-08 12:52:32 -------- d-----w- C:\Users\co\AppData\Local\{BA439A4F-4753-4EBF-BD08-654FA30E57E8}
2013-06-06 11:35:35 -------- d-----w- C:\Users\co\AppData\Local\{5E9B550E-2A7F-4594-A9F6-B5B5E5C826FD}
2013-06-04 12:57:24 -------- d-----w- C:\Users\co\AppData\Local\{E8529E88-2DFF-4258-85F0-13FB0C58F964}
2013-06-03 17:19:57 -------- d-----w- C:\Hercules
2013-06-02 11:04:28 -------- d-----w- C:\Users\co\AppData\Local\{B6161A58-A7C8-4159-8E20-E0115FD75DDE}
.
==================== Find3M  ====================
.
2013-06-11 21:24:44 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:24:44 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-17 01:25:27 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-25 15:41:44 34840 ----a-w- C:\windows\System32\drivers\cnnctfy3.sys
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-11 10:56:52 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2013-04-11 10:56:52 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH:  9:27:34.76 ===============
 

I googled that Webhp malware and found another websites that advised of several programs like malwarebytes anti-malware and hitman pro and it removed some of the programs *not important ones* on my computers but still google keeps redirecting to webhp.

Nothing actually happens to the computer or the browser but I *for more safety* cleared my browsing data and saved passwords and totally removed google chrome fearing that the malware would get into my accounts.

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 02 July 2013 - 02:55 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Fairouz

Fairouz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 02 July 2013 - 03:05 AM

Hi, thank you Marius for your quick reply.

I did what you just said and f the log is the same as the report then that is the report

___

 

10:00:36.0070 3004 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

10:00:36.0943 3004 ============================================================

10:00:36.0943 3004 Current date / time: 2013/07/02 10:00:36.0943

10:00:36.0943 3004 SystemInfo:

10:00:36.0943 3004

10:00:36.0943 3004 OS Version: 6.1.7601 ServicePack: 1.0

10:00:36.0943 3004 Product type: Workstation

10:00:36.0943 3004 ComputerName: CO-PC

10:00:36.0943 3004 UserName: co

10:00:36.0943 3004 Windows directory: C:\windows

10:00:36.0943 3004 System windows directory: C:\windows

10:00:36.0943 3004 Running under WOW64

10:00:36.0943 3004 Processor architecture: Intel x64

10:00:36.0943 3004 Number of processors: 4

10:00:36.0943 3004 Page size: 0x1000

10:00:36.0943 3004 Boot type: Normal boot

10:00:36.0943 3004 ============================================================

10:00:38.0300 3004 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:00:38.0316 3004 ============================================================

10:00:38.0316 3004 \Device\Harddisk0\DR0:

10:00:38.0316 3004 MBR partitions:

10:00:38.0316 3004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

10:00:38.0316 3004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E830, BlocksNum 0xCA00B56

10:00:38.0332 3004 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0xE783286, BlocksNum 0x12CD6B75

10:00:38.0363 3004 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x21459E3A, BlocksNum 0x18F2AE07

10:00:38.0363 3004 ============================================================

10:00:38.0456 3004 C: <-> \Device\Harddisk0\DR0\Partition2

10:00:38.0519 3004 E: <-> \Device\Harddisk0\DR0\Partition3

10:00:38.0519 3004 F: <-> \Device\Harddisk0\DR0\Partition4

10:00:38.0644 3004 ============================================================

10:00:38.0644 3004 Initialize success

10:00:38.0644 3004 ============================================================

10:00:47.0146 6992 ============================================================

10:00:47.0146 6992 Scan started

10:00:47.0146 6992 Mode: Manual;

10:00:47.0146 6992 ============================================================

10:00:48.0097 6992 ================ Scan system memory ========================

10:00:48.0097 6992 System memory - ok

10:00:48.0097 6992 ================ Scan services =============================

10:00:48.0908 6992 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

10:00:48.0908 6992 1394ohci - ok

10:00:48.0986 6992 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

10:00:49.0002 6992 ACPI - ok

10:00:49.0049 6992 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

10:00:49.0049 6992 AcpiPmi - ok

10:00:49.0392 6992 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:00:49.0392 6992 AdobeARMservice - ok

10:00:49.0969 6992 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:00:49.0969 6992 AdobeFlashPlayerUpdateSvc - ok

10:00:50.0047 6992 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

10:00:50.0078 6992 adp94xx - ok

10:00:50.0156 6992 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

10:00:50.0156 6992 adpahci - ok

10:00:50.0172 6992 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

10:00:50.0188 6992 adpu320 - ok

10:00:50.0219 6992 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

10:00:50.0219 6992 AeLookupSvc - ok

10:00:50.0376 6992 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

10:00:50.0376 6992 AESTFilters - ok

10:00:50.0501 6992 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

10:00:50.0516 6992 AFD - ok

10:00:50.0563 6992 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

10:00:50.0579 6992 agp440 - ok

10:00:50.0594 6992 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

10:00:50.0594 6992 ALG - ok

10:00:50.0641 6992 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

10:00:50.0657 6992 aliide - ok

10:00:50.0688 6992 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

10:00:50.0688 6992 amdide - ok

10:00:50.0703 6992 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

10:00:50.0719 6992 AmdK8 - ok

10:00:50.0750 6992 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

10:00:50.0750 6992 AmdPPM - ok

10:00:50.0781 6992 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

10:00:50.0781 6992 amdsata - ok

10:00:50.0813 6992 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

10:00:50.0828 6992 amdsbs - ok

10:00:50.0844 6992 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

10:00:50.0859 6992 amdxata - ok

10:00:50.0922 6992 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys

10:00:50.0922 6992 ApfiltrService - ok

10:00:50.0969 6992 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

10:00:50.0984 6992 AppID - ok

10:00:51.0000 6992 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

10:00:51.0000 6992 AppIDSvc - ok

10:00:51.0078 6992 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll

10:00:51.0078 6992 Appinfo - ok

10:00:51.0203 6992 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:00:51.0218 6992 Apple Mobile Device - ok

10:00:51.0234 6992 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

10:00:51.0249 6992 arc - ok

10:00:51.0281 6992 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

10:00:51.0281 6992 arcsas - ok

10:00:51.0561 6992 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:00:51.0561 6992 aspnet_state - ok

10:00:51.0593 6992 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

10:00:51.0593 6992 AsyncMac - ok

10:00:51.0655 6992 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

10:00:51.0655 6992 atapi - ok

10:00:51.0889 6992 [ 5493ED5D300AFC7A9A0A87FCA08E5381 ] athr C:\windows\system32\DRIVERS\athrx.sys

10:00:51.0967 6992 athr - ok

10:00:52.0076 6992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

10:00:52.0092 6992 AudioEndpointBuilder - ok

10:00:52.0139 6992 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

10:00:52.0139 6992 AudioSrv - ok

10:00:52.0263 6992 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

10:00:52.0263 6992 AxInstSV - ok

10:00:52.0357 6992 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

10:00:52.0373 6992 b06bdrv - ok

10:00:52.0435 6992 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

10:00:52.0451 6992 b57nd60a - ok

10:00:52.0513 6992 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

10:00:52.0513 6992 BDESVC - ok

10:00:52.0560 6992 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

10:00:52.0575 6992 Beep - ok

10:00:52.0685 6992 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

10:00:52.0716 6992 BFE - ok

10:00:52.0856 6992 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

10:00:52.0981 6992 BITS - ok

10:00:53.0028 6992 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

10:00:53.0028 6992 blbdrive - ok

10:00:53.0106 6992 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

10:00:53.0121 6992 Bonjour Service - ok

10:00:53.0153 6992 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

10:00:53.0153 6992 bowser - ok

10:00:53.0215 6992 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

10:00:53.0215 6992 BrFiltLo - ok

10:00:53.0246 6992 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

10:00:53.0246 6992 BrFiltUp - ok

10:00:53.0309 6992 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

10:00:53.0309 6992 Browser - ok

10:00:53.0355 6992 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

10:00:53.0387 6992 Brserid - ok

10:00:53.0418 6992 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

10:00:53.0418 6992 BrSerWdm - ok

10:00:53.0511 6992 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

10:00:53.0527 6992 BrUsbMdm - ok

10:00:53.0543 6992 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

10:00:53.0558 6992 BrUsbSer - ok

10:00:53.0761 6992 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys

10:00:53.0777 6992 BthEnum - ok

10:00:53.0808 6992 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

10:00:53.0823 6992 BTHMODEM - ok

10:00:53.0979 6992 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

10:00:53.0995 6992 BthPan - ok

10:00:54.0167 6992 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

10:00:54.0229 6992 BTHPORT - ok

10:00:54.0276 6992 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

10:00:54.0276 6992 bthserv - ok

10:00:54.0338 6992 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

10:00:54.0354 6992 BTHUSB - ok

10:00:54.0401 6992 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

10:00:54.0401 6992 cdfs - ok

10:00:54.0447 6992 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

10:00:54.0463 6992 cdrom - ok

10:00:54.0494 6992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

10:00:54.0510 6992 CertPropSvc - ok

10:00:54.0525 6992 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

10:00:54.0525 6992 circlass - ok

10:00:54.0588 6992 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

10:00:54.0603 6992 CLFS - ok

10:00:54.0791 6992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:00:55.0196 6992 clr_optimization_v2.0.50727_32 - ok

10:00:55.0337 6992 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:00:55.0352 6992 clr_optimization_v2.0.50727_64 - ok

10:00:55.0633 6992 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:00:55.0633 6992 clr_optimization_v4.0.30319_32 - ok

10:00:55.0664 6992 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:00:55.0664 6992 clr_optimization_v4.0.30319_64 - ok

10:00:55.0742 6992 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

10:00:55.0758 6992 CmBatt - ok

10:00:55.0789 6992 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

10:00:55.0789 6992 cmdide - ok

10:00:55.0867 6992 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys

10:00:55.0898 6992 CNG - ok

10:00:56.0117 6992 [ 160CB4DE30043D4D000F81DAB24135C0 ] cnnctfy3 C:\windows\system32\DRIVERS\cnnctfy3.sys

10:00:56.0117 6992 cnnctfy3 - ok

10:00:56.0210 6992 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

10:00:56.0210 6992 Compbatt - ok

10:00:56.0257 6992 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

10:00:56.0257 6992 CompositeBus - ok

10:00:56.0273 6992 COMSysApp - ok

10:00:56.0553 6992 [ BC5FFD81E69966C2BE28130E2F8BFC35 ] Connectify C:\Program Files (x86)\Connectify\ConnectifyService.exe

10:00:56.0553 6992 Connectify - ok

10:00:56.0585 6992 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

10:00:56.0600 6992 crcdisk - ok

10:00:56.0647 6992 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\windows\system32\cryptsvc.dll

10:00:56.0647 6992 CryptSvc - ok

10:00:56.0803 6992 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys

10:00:56.0803 6992 CtClsFlt - ok

10:00:56.0912 6992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

10:00:56.0928 6992 DcomLaunch - ok

10:00:57.0021 6992 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

10:00:57.0053 6992 defragsvc - ok

10:00:57.0115 6992 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

10:00:57.0115 6992 DfsC - ok

10:00:57.0318 6992 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

10:00:57.0318 6992 Dhcp - ok

10:00:57.0349 6992 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

10:00:57.0365 6992 discache - ok

10:00:57.0396 6992 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

10:00:57.0396 6992 Disk - ok

10:00:57.0505 6992 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

10:00:57.0536 6992 Dnscache - ok

10:00:57.0552 6992 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

10:00:57.0567 6992 dot3svc - ok

10:00:57.0599 6992 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

10:00:57.0599 6992 DPS - ok

10:00:57.0879 6992 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

10:00:57.0879 6992 drmkaud - ok

10:00:58.0067 6992 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

10:00:58.0129 6992 DXGKrnl - ok

10:00:58.0160 6992 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

10:00:58.0160 6992 EapHost - ok

10:00:58.0535 6992 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

10:00:58.0659 6992 ebdrv - ok

10:00:58.0706 6992 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

10:00:58.0722 6992 EFS - ok

10:00:58.0847 6992 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

10:00:58.0893 6992 elxstor - ok

10:00:58.0909 6992 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

10:00:58.0909 6992 ErrDev - ok

10:00:59.0003 6992 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

10:00:59.0018 6992 EventSystem - ok

10:00:59.0096 6992 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

10:00:59.0112 6992 exfat - ok

10:00:59.0221 6992 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

10:00:59.0237 6992 fastfat - ok

10:00:59.0424 6992 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

10:00:59.0471 6992 Fax - ok

10:00:59.0502 6992 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

10:00:59.0517 6992 fdc - ok

10:00:59.0564 6992 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

10:00:59.0564 6992 fdPHost - ok

10:00:59.0611 6992 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

10:00:59.0627 6992 FDResPub - ok

10:00:59.0658 6992 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

10:00:59.0673 6992 FileInfo - ok

10:00:59.0689 6992 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

10:00:59.0689 6992 Filetrace - ok

10:00:59.0720 6992 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

10:00:59.0720 6992 flpydisk - ok

10:00:59.0783 6992 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

10:00:59.0798 6992 FltMgr - ok

10:00:59.0954 6992 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll

10:00:59.0985 6992 FontCache - ok

10:01:00.0063 6992 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:01:00.0063 6992 FontCache3.0.0.0 - ok

10:01:00.0110 6992 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

10:01:00.0110 6992 FsDepends - ok

10:01:00.0141 6992 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys

10:01:00.0157 6992 fssfltr - ok

10:01:00.0344 6992 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

10:01:00.0391 6992 fsssvc - ok

10:01:00.0422 6992 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

10:01:00.0422 6992 Fs_Rec - ok

10:01:00.0469 6992 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

10:01:00.0469 6992 fvevol - ok

10:01:00.0500 6992 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

10:01:00.0516 6992 gagp30kx - ok

10:01:00.0625 6992 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

10:01:00.0625 6992 GamesAppService - ok

10:01:00.0734 6992 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

10:01:00.0734 6992 GEARAspiWDM - ok

10:01:00.0812 6992 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

10:01:00.0828 6992 gpsvc - ok

10:01:00.0875 6992 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

10:01:00.0875 6992 hcw85cir - ok

10:01:00.0921 6992 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

10:01:00.0937 6992 HdAudAddService - ok

10:01:00.0968 6992 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

10:01:00.0984 6992 HDAudBus - ok

10:01:00.0999 6992 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

10:01:00.0999 6992 HidBatt - ok

10:01:01.0015 6992 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

10:01:01.0015 6992 HidBth - ok

10:01:01.0031 6992 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

10:01:01.0046 6992 HidIr - ok

10:01:01.0062 6992 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

10:01:01.0062 6992 hidserv - ok

10:01:01.0124 6992 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys

10:01:01.0124 6992 HidUsb - ok

10:01:01.0155 6992 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

10:01:01.0155 6992 hkmsvc - ok

10:01:01.0202 6992 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

10:01:01.0218 6992 HomeGroupListener - ok

10:01:01.0265 6992 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

10:01:01.0280 6992 HomeGroupProvider - ok

10:01:01.0311 6992 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

10:01:01.0311 6992 HpSAMD - ok

10:01:01.0389 6992 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

10:01:01.0421 6992 HTTP - ok

10:01:01.0436 6992 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

10:01:01.0436 6992 hwpolicy - ok

10:01:01.0452 6992 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

10:01:01.0467 6992 i8042prt - ok

10:01:01.0499 6992 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

10:01:01.0514 6992 iaStor - ok

10:01:01.0623 6992 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

10:01:01.0623 6992 IAStorDataMgrSvc - ok

10:01:01.0686 6992 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

10:01:01.0701 6992 iaStorV - ok

10:01:01.0826 6992 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:01:01.0857 6992 idsvc - ok

10:01:02.0871 6992 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

10:01:03.0121 6992 igfx - ok

10:01:03.0168 6992 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

10:01:03.0168 6992 iirsp - ok

10:01:03.0277 6992 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

10:01:03.0308 6992 IKEEXT - ok

10:01:03.0386 6992 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

10:01:03.0402 6992 IntcDAud - ok

10:01:03.0433 6992 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

10:01:03.0433 6992 intelide - ok

10:01:03.0480 6992 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

10:01:03.0495 6992 intelppm - ok

10:01:03.0527 6992 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

10:01:03.0542 6992 IPBusEnum - ok

10:01:03.0573 6992 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

10:01:03.0573 6992 IpFilterDriver - ok

10:01:03.0636 6992 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

10:01:03.0698 6992 iphlpsvc - ok

10:01:03.0729 6992 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

10:01:03.0729 6992 IPMIDRV - ok

10:01:03.0776 6992 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

10:01:03.0792 6992 IPNAT - ok

10:01:03.0963 6992 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

10:01:03.0995 6992 iPod Service - ok

10:01:04.0041 6992 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

10:01:04.0041 6992 IRENUM - ok

10:01:04.0088 6992 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

10:01:04.0088 6992 isapnp - ok

10:01:04.0135 6992 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

10:01:04.0135 6992 iScsiPrt - ok

10:01:04.0182 6992 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

10:01:04.0182 6992 kbdclass - ok

10:01:04.0213 6992 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

10:01:04.0213 6992 kbdhid - ok

10:01:04.0229 6992 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

10:01:04.0229 6992 KeyIso - ok

10:01:04.0260 6992 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

10:01:04.0260 6992 KSecDD - ok

10:01:04.0291 6992 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

10:01:04.0291 6992 KSecPkg - ok

10:01:04.0353 6992 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

10:01:04.0369 6992 ksthunk - ok

10:01:04.0431 6992 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

10:01:04.0463 6992 KtmRm - ok

10:01:04.0541 6992 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

10:01:04.0556 6992 LanmanServer - ok

10:01:04.0619 6992 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

10:01:04.0634 6992 LanmanWorkstation - ok

10:01:04.0681 6992 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

10:01:04.0681 6992 lltdio - ok

10:01:04.0728 6992 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

10:01:04.0759 6992 lltdsvc - ok

10:01:04.0775 6992 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

10:01:04.0790 6992 lmhosts - ok

10:01:04.0868 6992 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

10:01:04.0884 6992 LMS - ok

10:01:04.0931 6992 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

10:01:04.0931 6992 LSI_FC - ok

10:01:04.0962 6992 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

10:01:04.0962 6992 LSI_SAS - ok

10:01:04.0993 6992 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

10:01:04.0993 6992 LSI_SAS2 - ok

10:01:05.0040 6992 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

10:01:05.0040 6992 LSI_SCSI - ok

10:01:05.0071 6992 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

10:01:05.0071 6992 luafv - ok

10:01:05.0133 6992 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

10:01:05.0133 6992 MBAMProtector - ok

10:01:05.0258 6992 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

10:01:05.0289 6992 MBAMScheduler - ok

10:01:05.0352 6992 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:01:05.0367 6992 MBAMService - ok

10:01:05.0523 6992 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

10:01:05.0539 6992 McComponentHostService - ok

10:01:05.0570 6992 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

10:01:05.0570 6992 megasas - ok

10:01:05.0664 6992 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

10:01:05.0664 6992 MegaSR - ok

10:01:05.0711 6992 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

10:01:05.0726 6992 MEIx64 - ok

10:01:05.0913 6992 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

10:01:05.0929 6992 Microsoft Office Groove Audit Service - ok

10:01:05.0976 6992 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

10:01:05.0976 6992 MMCSS - ok

10:01:06.0007 6992 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

10:01:06.0023 6992 Modem - ok

10:01:06.0054 6992 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

10:01:06.0069 6992 monitor - ok

10:01:06.0085 6992 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

10:01:06.0101 6992 mouclass - ok

10:01:06.0116 6992 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys

10:01:06.0116 6992 mouhid - ok

10:01:06.0147 6992 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

10:01:06.0147 6992 mountmgr - ok

10:01:06.0225 6992 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys

10:01:06.0225 6992 MpFilter - ok

10:01:06.0272 6992 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

10:01:06.0288 6992 mpio - ok

10:01:06.0303 6992 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

10:01:06.0303 6992 mpsdrv - ok

10:01:06.0397 6992 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

10:01:06.0428 6992 MpsSvc - ok

10:01:06.0444 6992 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

10:01:06.0459 6992 MRxDAV - ok

10:01:06.0522 6992 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

10:01:06.0522 6992 mrxsmb - ok

10:01:06.0584 6992 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

10:01:06.0600 6992 mrxsmb10 - ok

10:01:06.0615 6992 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

10:01:06.0631 6992 mrxsmb20 - ok

10:01:06.0662 6992 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

10:01:06.0662 6992 msahci - ok

10:01:06.0725 6992 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

10:01:06.0756 6992 msdsm - ok

10:01:06.0756 6992 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

10:01:06.0771 6992 MSDTC - ok

10:01:06.0787 6992 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

10:01:06.0787 6992 Msfs - ok

10:01:06.0834 6992 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

10:01:06.0834 6992 mshidkmdf - ok

10:01:06.0849 6992 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

10:01:06.0849 6992 msisadrv - ok

10:01:06.0896 6992 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

10:01:06.0912 6992 MSiSCSI - ok

10:01:06.0927 6992 msiserver - ok

10:01:06.0974 6992 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

10:01:06.0974 6992 MSKSSRV - ok

10:01:07.0083 6992 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

10:01:07.0083 6992 MsMpSvc - ok

10:01:07.0115 6992 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

10:01:07.0130 6992 MSPCLOCK - ok

10:01:07.0146 6992 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

10:01:07.0146 6992 MSPQM - ok

10:01:07.0224 6992 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

10:01:07.0255 6992 MsRPC - ok

10:01:07.0271 6992 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

10:01:07.0271 6992 mssmbios - ok

10:01:07.0317 6992 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

10:01:07.0333 6992 MSTEE - ok

10:01:07.0349 6992 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

10:01:07.0349 6992 MTConfig - ok

10:01:07.0380 6992 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

10:01:07.0380 6992 Mup - ok

10:01:07.0489 6992 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

10:01:07.0520 6992 napagent - ok

10:01:07.0614 6992 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

10:01:07.0629 6992 NativeWifiP - ok

10:01:07.0801 6992 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

10:01:07.0832 6992 NAUpdate - ok

10:01:07.0910 6992 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

10:01:07.0957 6992 NDIS - ok

10:01:08.0035 6992 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

10:01:08.0035 6992 NdisCap - ok

10:01:08.0113 6992 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

10:01:08.0113 6992 NdisTapi - ok

10:01:08.0129 6992 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

10:01:08.0144 6992 Ndisuio - ok

10:01:08.0160 6992 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

10:01:08.0160 6992 NdisWan - ok

10:01:08.0175 6992 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

10:01:08.0191 6992 NDProxy - ok

10:01:08.0285 6992 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

10:01:08.0285 6992 NetBIOS - ok

10:01:08.0300 6992 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

10:01:08.0300 6992 NetBT - ok

10:01:08.0316 6992 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

10:01:08.0316 6992 Netlogon - ok

10:01:08.0409 6992 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

10:01:08.0456 6992 Netman - ok

10:01:08.0487 6992 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:01:08.0487 6992 NetMsmqActivator - ok

10:01:08.0503 6992 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:01:08.0503 6992 NetPipeActivator - ok

10:01:08.0597 6992 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

10:01:08.0628 6992 netprofm - ok

10:01:08.0628 6992 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:01:08.0643 6992 NetTcpActivator - ok

10:01:08.0643 6992 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:01:08.0643 6992 NetTcpPortSharing - ok

10:01:08.0721 6992 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

10:01:08.0721 6992 nfrd960 - ok

10:01:08.0784 6992 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys

10:01:08.0799 6992 NisDrv - ok

10:01:08.0862 6992 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe

10:01:08.0877 6992 NisSrv - ok

10:01:08.0924 6992 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

10:01:08.0940 6992 NlaSvc - ok

10:01:09.0252 6992 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

10:01:09.0330 6992 NOBU - ok

10:01:09.0361 6992 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

10:01:09.0377 6992 Npfs - ok

10:01:09.0408 6992 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

10:01:09.0408 6992 nsi - ok

10:01:09.0439 6992 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

10:01:09.0455 6992 nsiproxy - ok

10:01:09.0626 6992 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

10:01:09.0704 6992 Ntfs - ok

10:01:09.0735 6992 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

10:01:09.0751 6992 Null - ok

10:01:09.0798 6992 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

10:01:09.0798 6992 nvraid - ok

10:01:09.0845 6992 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

10:01:09.0845 6992 nvstor - ok

10:01:09.0860 6992 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

10:01:09.0876 6992 nv_agp - ok

10:01:10.0063 6992 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:01:10.0094 6992 odserv - ok

10:01:10.0110 6992 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

10:01:10.0125 6992 ohci1394 - ok

10:01:10.0188 6992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:01:10.0188 6992 ose - ok

10:01:10.0266 6992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

10:01:10.0297 6992 p2pimsvc - ok

10:01:10.0375 6992 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

10:01:10.0406 6992 p2psvc - ok

10:01:10.0437 6992 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

10:01:10.0437 6992 Parport - ok

10:01:10.0484 6992 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

10:01:10.0500 6992 partmgr - ok

10:01:10.0531 6992 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

10:01:10.0547 6992 PcaSvc - ok

10:01:10.0562 6992 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

10:01:10.0562 6992 pci - ok

10:01:10.0578 6992 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

10:01:10.0578 6992 pciide - ok

10:01:10.0609 6992 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

10:01:10.0609 6992 pcmcia - ok

10:01:10.0796 6992 [ 4678535614BD147D1ED6F0830EA0E540 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

10:01:10.0827 6992 PCToolsSSDMonitorSvc - ok

10:01:10.0843 6992 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

10:01:10.0859 6992 pcw - ok

10:01:10.0921 6992 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

10:01:10.0952 6992 PEAUTH - ok

10:01:11.0749 6992 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

10:01:11.0764 6992 PerfHost - ok

10:01:11.0905 6992 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

10:01:11.0936 6992 pla - ok

10:01:12.0045 6992 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

10:01:12.0061 6992 PlugPlay - ok

10:01:12.0123 6992 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

10:01:12.0123 6992 PNRPAutoReg - ok

10:01:12.0186 6992 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

10:01:12.0201 6992 PNRPsvc - ok

10:01:12.0279 6992 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

10:01:12.0342 6992 PolicyAgent - ok

10:01:12.0373 6992 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

10:01:12.0373 6992 Power - ok

10:01:12.0435 6992 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

10:01:12.0451 6992 PptpMiniport - ok

10:01:12.0513 6992 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

10:01:12.0529 6992 Processor - ok

10:01:12.0560 6992 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

10:01:12.0576 6992 ProfSvc - ok

10:01:12.0607 6992 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

10:01:12.0607 6992 ProtectedStorage - ok

10:01:12.0639 6992 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

10:01:12.0639 6992 Psched - ok

10:01:12.0764 6992 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys

10:01:12.0764 6992 PxHlpa64 - ok

10:01:12.0951 6992 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

10:01:13.0029 6992 ql2300 - ok

10:01:13.0060 6992 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

10:01:13.0076 6992 ql40xx - ok

10:01:13.0138 6992 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

10:01:13.0154 6992 QWAVE - ok

10:01:13.0201 6992 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

10:01:13.0201 6992 QWAVEdrv - ok

10:01:13.0216 6992 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

10:01:13.0216 6992 RasAcd - ok

10:01:13.0263 6992 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

10:01:13.0263 6992 RasAgileVpn - ok

10:01:13.0325 6992 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

10:01:13.0341 6992 RasAuto - ok

10:01:13.0372 6992 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

10:01:13.0372 6992 Rasl2tp - ok

10:01:13.0435 6992 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

10:01:13.0450 6992 RasMan - ok

10:01:13.0528 6992 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

10:01:13.0528 6992 RasPppoe - ok

10:01:13.0591 6992 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

10:01:13.0591 6992 RasSstp - ok

10:01:13.0622 6992 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

10:01:13.0637 6992 rdbss - ok

10:01:13.0669 6992 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

10:01:13.0669 6992 rdpbus - ok

10:01:13.0731 6992 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

10:01:13.0731 6992 RDPCDD - ok

10:01:13.0762 6992 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

10:01:13.0762 6992 RDPENCDD - ok

10:01:13.0778 6992 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

10:01:13.0778 6992 RDPREFMP - ok

10:01:13.0840 6992 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys

10:01:13.0840 6992 RdpVideoMiniport - ok

10:01:13.0887 6992 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

10:01:13.0887 6992 RDPWD - ok

10:01:13.0918 6992 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

10:01:13.0934 6992 rdyboost - ok

10:01:14.0059 6992 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

10:01:14.0059 6992 RealNetworks Downloader Resolver Service - ok

10:01:14.0074 6992 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

10:01:14.0074 6992 RemoteAccess - ok

10:01:14.0121 6992 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

10:01:14.0121 6992 RemoteRegistry - ok

10:01:14.0183 6992 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

10:01:14.0199 6992 RFCOMM - ok

10:01:14.0417 6992 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

10:01:14.0511 6992 RoxMediaDB12OEM - ok

10:01:14.0542 6992 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

10:01:14.0558 6992 RoxWatch12 - ok

10:01:14.0605 6992 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

10:01:14.0605 6992 RpcEptMapper - ok

10:01:14.0651 6992 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

10:01:14.0651 6992 RpcLocator - ok

10:01:14.0714 6992 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

10:01:14.0714 6992 RpcSs - ok

10:01:14.0776 6992 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

10:01:14.0792 6992 rspndr - ok

10:01:14.0839 6992 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

10:01:14.0854 6992 RSUSBSTOR - ok

10:01:14.0917 6992 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

10:01:14.0948 6992 RTL8167 - ok

10:01:14.0948 6992 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

10:01:14.0963 6992 SamSs - ok

10:01:15.0010 6992 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

10:01:15.0010 6992 sbp2port - ok

10:01:15.0057 6992 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

10:01:15.0057 6992 SCardSvr - ok

10:01:15.0088 6992 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

10:01:15.0088 6992 scfilter - ok

10:01:15.0260 6992 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

10:01:15.0322 6992 Schedule - ok

10:01:15.0369 6992 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

10:01:15.0385 6992 SCPolicySvc - ok

10:01:15.0416 6992 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

10:01:15.0416 6992 SDRSVC - ok

10:01:15.0478 6992 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

10:01:15.0478 6992 secdrv - ok

10:01:15.0494 6992 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

10:01:15.0509 6992 seclogon - ok

10:01:15.0525 6992 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

10:01:15.0541 6992 SENS - ok

10:01:15.0587 6992 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

10:01:15.0587 6992 SensrSvc - ok

10:01:15.0634 6992 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

10:01:15.0650 6992 Serenum - ok

10:01:15.0697 6992 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

10:01:15.0697 6992 Serial - ok

10:01:15.0712 6992 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

10:01:15.0712 6992 sermouse - ok

10:01:15.0759 6992 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

10:01:15.0775 6992 SessionEnv - ok

10:01:15.0790 6992 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

10:01:15.0790 6992 sffdisk - ok

10:01:15.0821 6992 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

10:01:15.0821 6992 sffp_mmc - ok

10:01:15.0837 6992 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

10:01:15.0837 6992 sffp_sd - ok

10:01:15.0868 6992 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

10:01:15.0868 6992 sfloppy - ok

10:01:16.0102 6992 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

10:01:16.0165 6992 SftService - ok

10:01:16.0243 6992 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

10:01:16.0258 6992 SharedAccess - ok

10:01:16.0321 6992 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

10:01:16.0336 6992 ShellHWDetection - ok

10:01:16.0352 6992 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

10:01:16.0367 6992 SiSRaid2 - ok

10:01:16.0414 6992 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

10:01:16.0414 6992 SiSRaid4 - ok

10:01:16.0555 6992 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

10:01:16.0555 6992 SkypeUpdate - ok

10:01:16.0586 6992 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

10:01:16.0601 6992 Smb - ok

10:01:16.0664 6992 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

10:01:16.0664 6992 SNMPTRAP - ok

10:01:16.0711 6992 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

10:01:16.0711 6992 spldr - ok

10:01:16.0789 6992 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

10:01:16.0851 6992 Spooler - ok

10:01:17.0147 6992 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

10:01:17.0288 6992 sppsvc - ok

10:01:17.0319 6992 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

10:01:17.0319 6992 sppuinotify - ok

10:01:17.0413 6992 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

10:01:17.0428 6992 srv - ok

10:01:17.0475 6992 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

10:01:17.0491 6992 srv2 - ok

10:01:17.0506 6992 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

10:01:17.0506 6992 srvnet - ok

10:01:17.0569 6992 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

10:01:17.0584 6992 SSDPSRV - ok

10:01:17.0647 6992 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

10:01:17.0662 6992 SstpSvc - ok

10:01:17.0771 6992 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

10:01:17.0803 6992 STacSV - ok

10:01:17.0849 6992 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

10:01:17.0849 6992 stexstor - ok

10:01:17.0943 6992 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys

10:01:17.0959 6992 STHDA - ok

10:01:18.0021 6992 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

10:01:18.0021 6992 stisvc - ok

10:01:18.0099 6992 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

10:01:18.0115 6992 stllssvr - ok

10:01:18.0161 6992 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

10:01:18.0161 6992 swenum - ok

10:01:18.0224 6992 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

10:01:18.0255 6992 swprv - ok

10:01:18.0489 6992 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

10:01:18.0567 6992 SysMain - ok

10:01:18.0598 6992 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

10:01:18.0614 6992 TabletInputService - ok

10:01:18.0676 6992 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

10:01:18.0723 6992 TapiSrv - ok

10:01:18.0739 6992 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

10:01:18.0754 6992 TBS - ok

10:01:18.0879 6992 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\windows\system32\drivers\tcpip.sys

10:01:18.0926 6992 Tcpip - ok

10:01:19.0144 6992 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

10:01:19.0175 6992 TCPIP6 - ok

10:01:19.0222 6992 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

10:01:19.0222 6992 tcpipreg - ok

10:01:19.0269 6992 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

10:01:19.0285 6992 TDPIPE - ok

10:01:19.0300 6992 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

10:01:19.0316 6992 TDTCP - ok

10:01:19.0347 6992 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

10:01:19.0347 6992 tdx - ok

10:01:19.0363 6992 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

10:01:19.0378 6992 TermDD - ok

10:01:19.0456 6992 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

10:01:19.0487 6992 TermService - ok

10:01:19.0519 6992 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

10:01:19.0534 6992 Themes - ok

10:01:19.0565 6992 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

10:01:19.0581 6992 THREADORDER - ok

10:01:19.0597 6992 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

10:01:19.0597 6992 TrkWks - ok

10:01:19.0675 6992 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

10:01:19.0706 6992 TrustedInstaller - ok

10:01:19.0737 6992 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

10:01:19.0753 6992 tssecsrv - ok

10:01:19.0799 6992 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

10:01:19.0799 6992 TsUsbFlt - ok

10:01:19.0877 6992 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

10:01:19.0877 6992 TsUsbGD - ok

10:01:19.0955 6992 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

10:01:19.0971 6992 tunnel - ok

10:01:19.0987 6992 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

10:01:19.0987 6992 uagp35 - ok

10:01:20.0033 6992 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

10:01:20.0049 6992 udfs - ok

10:01:20.0096 6992 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

10:01:20.0096 6992 UI0Detect - ok

10:01:20.0143 6992 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

10:01:20.0143 6992 uliagpkx - ok

10:01:20.0174 6992 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

10:01:20.0174 6992 umbus - ok

10:01:20.0189 6992 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

10:01:20.0189 6992 UmPass - ok

10:01:20.0517 6992 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

10:01:20.0611 6992 UNS - ok

10:01:20.0673 6992 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

10:01:20.0689 6992 upnphost - ok

10:01:20.0751 6992 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

10:01:20.0751 6992 USBAAPL64 - ok

10:01:20.0798 6992 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

10:01:20.0798 6992 usbccgp - ok

10:01:20.0829 6992 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

10:01:20.0829 6992 usbcir - ok

10:01:20.0907 6992 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

10:01:20.0907 6992 usbehci - ok

10:01:21.0001 6992 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

10:01:21.0016 6992 usbhub - ok

10:01:21.0063 6992 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

10:01:21.0063 6992 usbohci - ok

10:01:21.0094 6992 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

10:01:21.0094 6992 usbprint - ok

10:01:21.0141 6992 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

10:01:21.0141 6992 usbscan - ok

10:01:21.0188 6992 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

10:01:21.0188 6992 USBSTOR - ok

10:01:21.0203 6992 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

10:01:21.0219 6992 usbuhci - ok

10:01:21.0266 6992 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

10:01:21.0266 6992 usbvideo - ok

10:01:21.0281 6992 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

10:01:21.0297 6992 UxSms - ok

10:01:21.0344 6992 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

10:01:21.0359 6992 VaultSvc - ok

10:01:21.0391 6992 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

10:01:21.0406 6992 vdrvroot - ok

10:01:21.0515 6992 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

10:01:21.0547 6992 vds - ok

10:01:21.0593 6992 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

10:01:21.0593 6992 vga - ok

10:01:21.0625 6992 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

10:01:21.0625 6992 VgaSave - ok

10:01:21.0656 6992 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

10:01:21.0656 6992 vhdmp - ok

10:01:21.0703 6992 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

10:01:21.0703 6992 viaide - ok

10:01:21.0734 6992 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

10:01:21.0749 6992 volmgr - ok

10:01:21.0796 6992 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

10:01:21.0827 6992 volmgrx - ok

10:01:21.0859 6992 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

10:01:21.0874 6992 volsnap - ok

10:01:21.0905 6992 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

10:01:21.0905 6992 vsmraid - ok

10:01:22.0061 6992 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

10:01:22.0108 6992 VSS - ok

10:01:22.0171 6992 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

10:01:22.0171 6992 vwifibus - ok

10:01:22.0217 6992 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

10:01:22.0217 6992 vwififlt - ok

10:01:22.0233 6992 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

10:01:22.0233 6992 vwifimp - ok

10:01:22.0264 6992 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

10:01:22.0280 6992 W32Time - ok

10:01:22.0295 6992 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

10:01:22.0295 6992 WacomPen - ok

10:01:22.0373 6992 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

10:01:22.0373 6992 WANARP - ok

10:01:22.0373 6992 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

10:01:22.0373 6992 Wanarpv6 - ok

10:01:22.0545 6992 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

10:01:22.0607 6992 wbengine - ok

10:01:22.0654 6992 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

10:01:22.0654 6992 WbioSrvc - ok

10:01:22.0717 6992 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

10:01:22.0732 6992 wcncsvc - ok

10:01:22.0779 6992 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

10:01:22.0795 6992 WcsPlugInService - ok

10:01:22.0826 6992 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

10:01:22.0841 6992 Wd - ok

10:01:22.0935 6992 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

10:01:22.0966 6992 Wdf01000 - ok

10:01:22.0997 6992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

10:01:22.0997 6992 WdiServiceHost - ok

10:01:22.0997 6992 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

10:01:23.0013 6992 WdiSystemHost - ok

10:01:23.0044 6992 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

10:01:23.0044 6992 WebClient - ok

10:01:23.0060 6992 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

10:01:23.0075 6992 Wecsvc - ok

10:01:23.0107 6992 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

10:01:23.0107 6992 wercplsupport - ok

10:01:23.0153 6992 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

10:01:23.0169 6992 WerSvc - ok

10:01:23.0231 6992 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

10:01:23.0247 6992 WfpLwf - ok

10:01:23.0309 6992 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys

10:01:23.0309 6992 WimFltr - ok

10:01:23.0341 6992 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

10:01:23.0341 6992 WIMMount - ok

10:01:23.0356 6992 WinDefend - ok

10:01:23.0372 6992 WinHttpAutoProxySvc - ok

10:01:23.0497 6992 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

10:01:23.0497 6992 Winmgmt - ok

10:01:23.0606 6992 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

10:01:23.0653 6992 WinRM - ok

10:01:23.0715 6992 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

10:01:23.0731 6992 WinUsb - ok

10:01:23.0824 6992 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

10:01:23.0871 6992 Wlansvc - ok

10:01:23.0949 6992 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:01:23.0949 6992 wlcrasvc - ok

10:01:24.0277 6992 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:01:24.0323 6992 wlidsvc - ok

10:01:24.0355 6992 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

10:01:24.0355 6992 WmiAcpi - ok

10:01:24.0386 6992 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

10:01:24.0401 6992 wmiApSrv - ok

10:01:24.0417 6992 WMPNetworkSvc - ok

10:01:24.0495 6992 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

10:01:24.0495 6992 WPCSvc - ok

10:01:24.0511 6992 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

10:01:24.0511 6992 WPDBusEnum - ok

10:01:24.0542 6992 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

10:01:24.0542 6992 ws2ifsl - ok

10:01:24.0557 6992 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll

10:01:24.0573 6992 wscsvc - ok

10:01:24.0573 6992 WSearch - ok

10:01:24.0729 6992 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

10:01:24.0807 6992 wuauserv - ok

10:01:24.0854 6992 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

10:01:24.0854 6992 WudfPf - ok

10:01:24.0885 6992 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

10:01:24.0885 6992 WUDFRd - ok

10:01:24.0901 6992 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

10:01:24.0916 6992 wudfsvc - ok

10:01:24.0932 6992 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll

10:01:24.0947 6992 WwanSvc - ok

10:01:24.0963 6992 ================ Scan global ===============================

10:01:25.0010 6992 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

10:01:25.0072 6992 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

10:01:25.0103 6992 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

10:01:25.0150 6992 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

10:01:25.0197 6992 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

10:01:25.0197 6992 [Global] - ok

10:01:25.0197 6992 ================ Scan MBR ==================================

10:01:25.0259 6992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

10:01:26.0211 6992 \Device\Harddisk0\DR0 - ok

10:01:26.0211 6992 ================ Scan VBR ==================================

10:01:26.0258 6992 [ 17E6064B18AA88ED8319B3238FE06A25 ] \Device\Harddisk0\DR0\Partition1

10:01:26.0258 6992 \Device\Harddisk0\DR0\Partition1 - ok

10:01:26.0289 6992 [ 672A6F6A5F9FA1588515FF59FC666869 ] \Device\Harddisk0\DR0\Partition2

10:01:26.0289 6992 \Device\Harddisk0\DR0\Partition2 - ok

10:01:26.0320 6992 [ 77C80AA262A1F941C0B2E1A5C9E82A3B ] \Device\Harddisk0\DR0\Partition3

10:01:26.0320 6992 \Device\Harddisk0\DR0\Partition3 - ok

10:01:26.0367 6992 [ F569E55BE7D372A841D46C7A179F3105 ] \Device\Harddisk0\DR0\Partition4

10:01:26.0367 6992 \Device\Harddisk0\DR0\Partition4 - ok

10:01:26.0367 6992 ============================================================

10:01:26.0367 6992 Scan finished

10:01:26.0367 6992 ============================================================

10:01:26.0398 3004 Detected object count: 0

10:01:26.0398 3004 Actual detected object count: 0



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 02 July 2013 - 03:18 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Fairouz

Fairouz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 02 July 2013 - 03:40 AM

ComboFix 13-06-30.01 - co 07/02/2013  10:31:32.1.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.2980.1027 [GMT 2:00]
Running from: c:\users\co\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6261\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
c:\windows\RPSETUP.EXE.LOG
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-02 to 2013-07-02  )))))))))))))))))))))))))))))))
.
.
2013-07-02 08:37 . 2013-07-02 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-02 07:04 . 2013-07-02 07:18 -------- d-----w- c:\program files\HitmanPro
2013-07-02 07:04 . 2013-07-02 07:13 -------- d-----w- c:\programdata\HitmanPro
2013-07-02 06:54 . 2013-07-02 06:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-02 06:54 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 06:48 . 2013-07-02 06:48 93 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-02 06:23 . 2013-07-02 06:23 -------- d-----w- c:\programdata\StarApp
2013-07-02 06:18 . 2013-07-02 06:18 -------- d-----w- c:\users\co\AppData\Roaming\DownLite
2013-07-02 06:15 . 2013-07-02 06:16 -------- d-----w- c:\program files (x86)\hosts
2013-07-02 05:29 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BECA875-876F-4BBE-905B-7CFFD8DB5F8E}\mpengine.dll
2013-07-02 03:18 . 2013-07-02 03:18 -------- d-----w- c:\program files (x86)\DiskGetor Data Recovery
2013-06-30 18:38 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-20 21:10 . 2013-06-20 21:09 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8137FA7F-D81F-44CC-8C91-3AD4E7D31224}\gapaengine.dll
2013-06-16 18:27 . 2013-06-16 18:27 -------- d-----w- c:\users\co\AppData\Roaming\Media Player Classic
2013-06-12 01:00 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-12 01:00 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-12 01:00 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 23:04 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 23:04 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-11 23:03 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 23:03 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-11 23:03 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-11 23:03 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-11 23:02 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 23:02 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-11 23:02 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 23:02 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 23:02 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 23:02 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-11 23:02 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 23:02 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-11 23:02 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-11 23:02 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-11 23:02 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-11 23:02 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-03 17:19 . 2013-06-03 17:19 -------- d-----w- C:\Hercules
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 01:01 . 2012-05-04 10:35 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 21:24 . 2012-05-12 11:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:24 . 2012-05-12 11:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-26 01:15 . 2013-05-26 01:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 01:15 . 2013-05-26 01:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-26 01:15 . 2013-05-26 01:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-26 01:15 . 2013-05-26 01:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-26 01:15 . 2013-05-26 01:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-26 01:15 . 2013-05-26 01:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-26 01:15 . 2013-05-26 01:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-26 01:15 . 2013-05-26 01:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-26 01:15 . 2013-05-26 01:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-26 01:15 . 2013-05-26 01:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-26 01:15 . 2013-05-26 01:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-26 01:15 . 2013-05-26 01:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-26 01:15 . 2013-05-26 01:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-26 01:15 . 2013-05-26 01:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-26 01:15 . 2013-05-26 01:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-26 01:15 . 2013-05-26 01:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-26 01:15 . 2013-05-26 01:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-26 01:15 . 2013-05-26 01:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-26 01:15 . 2013-05-26 01:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-26 01:15 . 2013-05-26 01:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-26 01:15 . 2013-05-26 01:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-26 01:15 . 2013-05-26 01:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-26 01:15 . 2013-05-26 01:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-26 01:15 . 2013-05-26 01:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-26 01:15 . 2013-05-26 01:15 441856 ----a-w- c:\windows\system32\html.iec
2013-05-26 01:15 . 2013-05-26 01:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-26 01:15 . 2013-05-26 01:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-26 01:15 . 2013-05-26 01:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-26 01:15 . 2013-05-26 01:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-26 01:15 . 2013-05-26 01:15 235008 ----a-w- c:\windows\system32\url.dll
2013-05-26 01:15 . 2013-05-26 01:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-26 01:15 . 2013-05-26 01:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-26 01:15 . 2013-05-26 01:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-26 01:15 . 2013-05-26 01:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-26 01:15 . 2013-05-26 01:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-26 01:15 . 2013-05-26 01:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-26 01:15 . 2013-05-26 01:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-26 01:15 . 2013-05-26 01:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-26 01:15 . 2013-05-26 01:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 01:15 . 2013-05-26 01:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-26 01:15 . 2013-05-26 01:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-26 01:15 . 2013-05-26 01:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-26 01:15 . 2013-05-26 01:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-26 01:15 . 2013-05-26 01:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-26 01:15 . 2013-05-26 01:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-26 01:15 . 2013-05-26 01:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-26 01:15 . 2013-05-26 01:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-26 01:15 . 2013-05-26 01:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-26 01:15 . 2013-05-26 01:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-21 18:03 . 2012-06-12 21:33 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-17 01:01 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 15:41 . 2013-04-25 15:41 34840 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2013-04-13 05:49 . 2013-05-15 10:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:23 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 10:56 . 2013-01-07 21:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-04-11 10:56 . 2013-01-07 21:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-04-10 06:01 . 2013-05-15 10:11 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 10:11 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 10:10 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"OrderReminder"="c:\program files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-04-11 295512]
.
c:\users\co\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\co\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 73960031
*Deregistered* - 73960031
*Deregistered* - hitmanpro37
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 21:24]
.
2012-07-26 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-06-30 c:\windows\Tasks\ReclaimerUpdateFiles_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
2013-07-01 c:\windows\Tasks\ReclaimerUpdateXML_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
2013-07-02 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2013-03-14 12:44]
.
2013-03-14 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2013-03-14 12:43]
.
2013-07-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-05-14 3121440]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-05-14 5236512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://searchou.com/?id=7c4e86d400000000000060d8195a807f
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{1C46A0DD-D53E-46C4-A435-CA11103E255E} - c:\program files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll
Wow6432Node-HKLM-Run-PDVD9LanguageShortcut - c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Stage Remote - c:\program files (x86)\Dell\Stage Remote\StageRemote.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-{25D366CE-A367-6283-B190-9E7990159650} - c:\progra~3\INSTAL~2\{7E903~1\Setup.exe
AddRemove-{DEDC5B46-D4A2-64C4-8837-7050C0ECD8C7} - c:\progra~3\INSTAL~2\{822CE~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-02  10:40:06
ComboFix-quarantined-files.txt  2013-07-02 08:40
.
Pre-Run: 40,833,257,472 bytes free
Post-Run: 42,709,319,680 bytes free
.
- - End Of File - - 1F71AA359186D16A7079FD24D4149EE0
D41D8CD98F00B204E9800998ECF8427E
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 02 July 2013 - 03:52 AM

CF-Script


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:


DIRLOOK::
c:\users\co\AppData\Roaming\DownLite
c:\program files (x86)\hosts

 



Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Fairouz

Fairouz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 02 July 2013 - 10:31 AM

Something strange happened when I tried to open the explorer after I did what you said. When I tried to open internet explorer to post this it did not open any webpage.. Just blank pages appears whenever I write any address. So I used another laptop to get chromeinstaller.exe and installed it again on my laptop and it worked and the problem of google redirecting to "webhp" no longer appears. But now internet explorer is not working at all. 
 
_____________________
ComboFix 13-06-30.01 - co 07/02/2013  17:16:50.3.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.2980.1337 [GMT 2:00]
Running from: c:\users\co\Desktop\ComboFix.exe
Command switches used :: c:\users\co\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-02 to 2013-07-02  )))))))))))))))))))))))))))))))
.
.
2013-07-02 15:22 . 2013-07-02 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-02 15:06 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7856DCCF-FF7E-4D10-9D51-5142548B70EA}\mpengine.dll
2013-07-02 14:59 . 2013-07-02 15:09 -------- d-----w- c:\program files (x86)\Google
2013-07-02 07:04 . 2013-07-02 07:18 -------- d-----w- c:\program files\HitmanPro
2013-07-02 07:04 . 2013-07-02 07:13 -------- d-----w- c:\programdata\HitmanPro
2013-07-02 06:54 . 2013-07-02 06:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-02 06:54 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 06:48 . 2013-07-02 06:48 93 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-02 06:23 . 2013-07-02 06:23 -------- d-----w- c:\programdata\StarApp
2013-07-02 06:18 . 2013-07-02 06:18 -------- d-----w- c:\users\co\AppData\Roaming\DownLite
2013-07-02 06:15 . 2013-07-02 06:16 -------- d-----w- c:\program files (x86)\hosts
2013-07-02 03:18 . 2013-07-02 03:18 -------- d-----w- c:\program files (x86)\DiskGetor Data Recovery
2013-06-30 18:38 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-20 21:10 . 2013-06-20 21:09 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8137FA7F-D81F-44CC-8C91-3AD4E7D31224}\gapaengine.dll
2013-06-16 18:27 . 2013-06-16 18:27 -------- d-----w- c:\users\co\AppData\Roaming\Media Player Classic
2013-06-12 01:00 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-12 01:00 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-12 01:00 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 23:04 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 23:04 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-11 23:03 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 23:03 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-11 23:03 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-11 23:03 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-11 23:02 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 23:02 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-11 23:02 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 23:02 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 23:02 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 23:02 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-11 23:02 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 23:02 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-11 23:02 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-11 23:02 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-11 23:02 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-11 23:02 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-03 17:19 . 2013-06-03 17:19 -------- d-----w- C:\Hercules
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 01:01 . 2012-05-04 10:35 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 21:24 . 2012-05-12 11:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:24 . 2012-05-12 11:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-26 01:15 . 2013-05-26 01:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 01:15 . 2013-05-26 01:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-26 01:15 . 2013-05-26 01:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-26 01:15 . 2013-05-26 01:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-26 01:15 . 2013-05-26 01:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-26 01:15 . 2013-05-26 01:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-26 01:15 . 2013-05-26 01:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-26 01:15 . 2013-05-26 01:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-26 01:15 . 2013-05-26 01:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-26 01:15 . 2013-05-26 01:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-26 01:15 . 2013-05-26 01:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-26 01:15 . 2013-05-26 01:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-26 01:15 . 2013-05-26 01:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-26 01:15 . 2013-05-26 01:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-26 01:15 . 2013-05-26 01:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-26 01:15 . 2013-05-26 01:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-26 01:15 . 2013-05-26 01:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-26 01:15 . 2013-05-26 01:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-26 01:15 . 2013-05-26 01:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-26 01:15 . 2013-05-26 01:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-26 01:15 . 2013-05-26 01:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-26 01:15 . 2013-05-26 01:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-26 01:15 . 2013-05-26 01:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-26 01:15 . 2013-05-26 01:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-26 01:15 . 2013-05-26 01:15 441856 ----a-w- c:\windows\system32\html.iec
2013-05-26 01:15 . 2013-05-26 01:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-26 01:15 . 2013-05-26 01:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-26 01:15 . 2013-05-26 01:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-26 01:15 . 2013-05-26 01:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-26 01:15 . 2013-05-26 01:15 235008 ----a-w- c:\windows\system32\url.dll
2013-05-26 01:15 . 2013-05-26 01:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-26 01:15 . 2013-05-26 01:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-26 01:15 . 2013-05-26 01:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-26 01:15 . 2013-05-26 01:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-26 01:15 . 2013-05-26 01:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-26 01:15 . 2013-05-26 01:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-26 01:15 . 2013-05-26 01:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-26 01:15 . 2013-05-26 01:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-26 01:15 . 2013-05-26 01:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 01:15 . 2013-05-26 01:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-26 01:15 . 2013-05-26 01:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-26 01:15 . 2013-05-26 01:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-26 01:15 . 2013-05-26 01:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-26 01:15 . 2013-05-26 01:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-26 01:15 . 2013-05-26 01:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-26 01:15 . 2013-05-26 01:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-26 01:15 . 2013-05-26 01:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-26 01:15 . 2013-05-26 01:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-26 01:15 . 2013-05-26 01:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-21 18:03 . 2012-06-12 21:33 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-17 01:01 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 15:41 . 2013-04-25 15:41 34840 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2013-04-13 05:49 . 2013-05-15 10:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:23 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 10:56 . 2013-01-07 21:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-04-11 10:56 . 2013-01-07 21:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-04-10 06:01 . 2013-05-15 10:11 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 10:11 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 10:10 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files (x86)\hosts ----
.
2013-07-02 06:16 . 2013-07-02 06:16 141661 ----a-w- c:\program files (x86)\hosts\Installer.log
2013-07-02 06:16 . 2013-07-02 06:16 896000 ----a-w- c:\program files (x86)\hosts\hosts-bg.exe
2013-07-02 06:16 . 2013-07-02 06:16 748032 ----a-w- c:\program files (x86)\hosts\hosts-bho.dll
2013-07-02 06:16 . 2013-07-02 06:16 473088 ----a-w- c:\program files (x86)\hosts\hosts-buttonutil64.dll
2013-07-02 06:16 . 2013-07-02 06:16 393216 ----a-w- c:\program files (x86)\hosts\hosts-buttonutil.dll
2013-07-02 06:16 . 2013-07-02 06:16 442880 ----a-w- c:\program files (x86)\hosts\hosts-buttonutil64.exe
2013-07-02 06:16 . 2013-07-02 06:16 338432 ----a-w- c:\program files (x86)\hosts\hosts-buttonutil.exe
2013-07-02 06:16 . 2013-07-02 06:16 311808 ----a-w- c:\program files (x86)\hosts\hosts-helper.exe
2013-07-02 06:15 . 2013-07-02 06:15 476672 ----a-w- c:\program files (x86)\hosts\hosts-codedownloader.exe
2013-07-02 06:15 . 2013-07-02 06:15 457584 ----a-w- c:\program files (x86)\hosts\Uninstall.exe
2013-06-20 15:34 . 2013-06-20 15:34 740 ----a-w- c:\program files (x86)\hosts\background.html
2013-06-20 15:34 . 2013-06-20 15:34 15086 ----a-w- c:\program files (x86)\hosts\hosts.ico
.
---- Directory of c:\users\co\AppData\Roaming\DownLite ----
.
2013-07-02 06:18 . 2013-07-02 06:18 1372834 ----a-w- c:\users\co\AppData\Roaming\DownLite\downlite.jar
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1C46A0DD-D53E-46C4-A435-CA11103E255E}"= "c:\program files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{1c46a0dd-d53e-46c4-a435-ca11103e255e}]
[HKEY_CLASSES_ROOT\privitize.privitizedskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\privitize.privitizedskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"OrderReminder"="c:\program files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-04-11 295512]
.
c:\users\co\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\co\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-02 15:09 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 21:24]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 14:59]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 14:59]
.
2012-07-26 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-07-02 c:\windows\Tasks\ReclaimerUpdateFiles_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
2013-07-01 c:\windows\Tasks\ReclaimerUpdateXML_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
2013-07-02 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2013-03-14 12:44]
.
2013-03-14 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2013-03-14 12:43]
.
2013-07-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [BU]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-05-14 3121440]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-05-14 5236512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-{25D366CE-A367-6283-B190-9E7990159650} - c:\progra~3\INSTAL~2\{7E903~1\Setup.exe
AddRemove-{DEDC5B46-D4A2-64C4-8837-7050C0ECD8C7} - c:\progra~3\INSTAL~2\{822CE~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-02  17:25:11
ComboFix-quarantined-files.txt  2013-07-02 15:25
ComboFix2.txt  2013-07-02 09:28
ComboFix3.txt  2013-07-02 08:40
.
Pre-Run: 42,479,656,960 bytes free
Post-Run: 42,416,799,744 bytes free
.
- - End Of File - - C3FA807FDCDBAFEC56771BAFE9BB36B6
D41D8CD98F00B204E9800998ECF8427E


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 03 July 2013 - 01:14 AM

I told you not to install any software except the adviced ones. Please don´t do that again.

 

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Run Malwarebytes´ Antimalware.
  • Once the program has loaded, select Perform full scan, mark all your hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Fairouz

Fairouz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 03 July 2013 - 11:04 AM

I'm sorry but I had no access to the internet on my laptop it didn't cross my mind to do the work on the other laptop.

 

___________________

 

ComboFix 13-06-30.01 - co 07/03/2013  17:00:43.4.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.2980.1413 [GMT 2:00]
Running from: c:\users\co\Desktop\ComboFix.exe
Command switches used :: c:\users\co\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\hosts
c:\program files (x86)\hosts\background.html
c:\program files (x86)\hosts\hosts-bg.exe
c:\program files (x86)\hosts\hosts-bho.dll
c:\program files (x86)\hosts\hosts-buttonutil.dll
c:\program files (x86)\hosts\hosts-buttonutil.exe
c:\program files (x86)\hosts\hosts-buttonutil64.dll
c:\program files (x86)\hosts\hosts-buttonutil64.exe
c:\program files (x86)\hosts\hosts-codedownloader.exe
c:\program files (x86)\hosts\hosts-helper.exe
c:\program files (x86)\hosts\hosts.ico
c:\program files (x86)\hosts\Installer.log
c:\program files (x86)\hosts\Uninstall.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-03 to 2013-07-03  )))))))))))))))))))))))))))))))
.
.
2013-07-03 15:07 . 2013-07-03 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-03 14:52 . 2013-07-03 14:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-03 14:52 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 15:06 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7856DCCF-FF7E-4D10-9D51-5142548B70EA}\mpengine.dll
2013-07-02 14:59 . 2013-07-02 15:09 -------- d-----w- c:\program files (x86)\Google
2013-07-02 07:04 . 2013-07-02 07:18 -------- d-----w- c:\program files\HitmanPro
2013-07-02 07:04 . 2013-07-02 07:13 -------- d-----w- c:\programdata\HitmanPro
2013-07-02 06:48 . 2013-07-02 06:48 93 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-02 06:23 . 2013-07-02 06:23 -------- d-----w- c:\programdata\StarApp
2013-07-02 06:18 . 2013-07-02 06:18 -------- d-----w- c:\users\co\AppData\Roaming\DownLite
2013-07-02 03:18 . 2013-07-02 03:18 -------- d-----w- c:\program files (x86)\DiskGetor Data Recovery
2013-06-30 18:38 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-20 21:10 . 2013-06-20 21:09 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8137FA7F-D81F-44CC-8C91-3AD4E7D31224}\gapaengine.dll
2013-06-16 18:27 . 2013-06-16 18:27 -------- d-----w- c:\users\co\AppData\Roaming\Media Player Classic
2013-06-12 01:00 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-12 01:00 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-12 01:00 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:09 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 23:04 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 23:04 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-11 23:03 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 23:03 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-11 23:03 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-11 23:03 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-11 23:02 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 23:02 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-11 23:02 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 23:02 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 23:02 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 23:02 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-11 23:02 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 23:02 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-11 23:02 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-11 23:02 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-11 23:02 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-11 23:02 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-03 17:19 . 2013-06-03 17:19 -------- d-----w- C:\Hercules
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 01:01 . 2012-05-04 10:35 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 21:24 . 2012-05-12 11:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 21:24 . 2012-05-12 11:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-26 01:15 . 2013-05-26 01:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-26 01:15 . 2013-05-26 01:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-26 01:15 . 2013-05-26 01:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-26 01:15 . 2013-05-26 01:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-26 01:15 . 2013-05-26 01:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-26 01:15 . 2013-05-26 01:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-26 01:15 . 2013-05-26 01:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-26 01:15 . 2013-05-26 01:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-26 01:15 . 2013-05-26 01:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-26 01:15 . 2013-05-26 01:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-26 01:15 . 2013-05-26 01:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-26 01:15 . 2013-05-26 01:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-26 01:15 . 2013-05-26 01:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-26 01:15 . 2013-05-26 01:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-26 01:15 . 2013-05-26 01:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-26 01:15 . 2013-05-26 01:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-26 01:15 . 2013-05-26 01:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-26 01:15 . 2013-05-26 01:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-26 01:15 . 2013-05-26 01:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-26 01:15 . 2013-05-26 01:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-26 01:15 . 2013-05-26 01:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-26 01:15 . 2013-05-26 01:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-26 01:15 . 2013-05-26 01:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-26 01:15 . 2013-05-26 01:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-26 01:15 . 2013-05-26 01:15 441856 ----a-w- c:\windows\system32\html.iec
2013-05-26 01:15 . 2013-05-26 01:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-26 01:15 . 2013-05-26 01:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-26 01:15 . 2013-05-26 01:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-26 01:15 . 2013-05-26 01:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-26 01:15 . 2013-05-26 01:15 235008 ----a-w- c:\windows\system32\url.dll
2013-05-26 01:15 . 2013-05-26 01:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-26 01:15 . 2013-05-26 01:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-26 01:15 . 2013-05-26 01:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-26 01:15 . 2013-05-26 01:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-26 01:15 . 2013-05-26 01:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-26 01:15 . 2013-05-26 01:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-26 01:15 . 2013-05-26 01:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-26 01:15 . 2013-05-26 01:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-26 01:15 . 2013-05-26 01:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-26 01:15 . 2013-05-26 01:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-26 01:15 . 2013-05-26 01:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-26 01:15 . 2013-05-26 01:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-26 01:15 . 2013-05-26 01:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-26 01:15 . 2013-05-26 01:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-26 01:15 . 2013-05-26 01:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-26 01:15 . 2013-05-26 01:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-26 01:15 . 2013-05-26 01:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-26 01:15 . 2013-05-26 01:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-26 01:15 . 2013-05-26 01:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-21 18:03 . 2012-06-12 21:33 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-17 01:01 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 15:41 . 2013-04-25 15:41 34840 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2013-04-13 05:49 . 2013-05-15 10:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:23 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 10:56 . 2013-01-07 21:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-04-11 10:56 . 2013-01-07 21:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-04-10 06:01 . 2013-05-15 10:11 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 10:11 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 10:10 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"OrderReminder"="c:\program files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2004-12-14 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-04-11 295512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\co\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\co\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-02 15:09 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 21:24]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 14:59]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 14:59]
.
2012-07-26 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-07-02 c:\windows\Tasks\ReclaimerUpdateFiles_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
2013-07-02 c:\windows\Tasks\ReclaimerUpdateXML_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
2013-07-02 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2013-03-14 12:44]
.
2013-03-14 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2013-03-14 12:43]
.
2013-07-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_co.job
- c:\users\co\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-29 16:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\co\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [BU]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Connectify Dispatch"="c:\program files (x86)\Connectify\DispatchUI.exe" [2013-05-14 3121440]
"Connectify Hotspot"="c:\program files (x86)\Connectify\Connectify.exe" [2013-05-14 5236512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-hosts - c:\program files (x86)\hosts\Uninstall.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-{25D366CE-A367-6283-B190-9E7990159650} - c:\progra~3\INSTAL~2\{7E903~1\Setup.exe
AddRemove-{DEDC5B46-D4A2-64C4-8837-7050C0ECD8C7} - c:\progra~3\INSTAL~2\{822CE~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-03  17:09:49
ComboFix-quarantined-files.txt  2013-07-03 15:09
ComboFix2.txt  2013-07-02 15:25
ComboFix3.txt  2013-07-02 09:28
ComboFix4.txt  2013-07-02 08:40
.
Pre-Run: 42,300,735,488 bytes free
Post-Run: 42,280,509,440 bytes free
.
- - End Of File - - 16093CB7D79920C6A366AF33E48C48E1
D41D8CD98F00B204E9800998ECF8427E


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.03.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
co :: CO-PC [administrator]
 
7/3/2013 5:12:16 PM
mbam-log-2013-07-03 (17-12-16).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373925
Time elapsed: 45 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 04 July 2013 - 05:21 AM

Uninstall McAfee Security Scan.

 

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Fairouz

Fairouz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 04 July 2013 - 12:09 PM

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\co\Downloads\all\Collateral.2004.720p.BrRip.x264.FERAL81.www.RapidMovieZ.com.mp4.exe Win32/Adware.1ClickDownload.W application
C:\Users\co\Downloads\all\YTDSetup.exe a variant of Win32/Bundled.Toolbar.Ask.C application


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 05 July 2013 - 12:48 AM

C:\Users\co\Downloads\all\Collateral.2004.720p.BrRip.x264.FERAL81.www.RapidMovieZ.com.mp4.exe Win32/Adware.1ClickDownload.W application
C:\Users\co\Downloads\all\YTDSetup.exe a variant of Win32/Bundled.Toolbar.Ask.C application

 

These files aren´t malware but contain security risks. I would delete them immediately. Your choice.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Fairouz

Fairouz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 July 2013 - 07:53 AM

Hi Marius,
I deleted both files.. The only problem I have is that internet explorer gives blank pages whenever I write an address and click go. It is not that I use internet explorer but I am afraid this is related to a malware somehow. Also I want to understand what is the status of my system now?
 
Thank you for your help
 
________
 
# AdwCleaner v2.304 - Logfile created 07/05/2013 at 14:37:33
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (64 bits)
# User : co - CO-PC
# Boot Mode : Normal
# Running from : C:\Users\co\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v [Unable to get version]
 
File : C:\Users\co\AppData\Roaming\Mozilla\Firefox\Profiles\rqjr78zh.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\co\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [8051 octets] - [02/07/2013 08:48:20]
AdwCleaner[S2].txt - [867 octets] - [05/07/2013 14:37:33]
 
########## EOF - C:\AdwCleaner[S2].txt - [926 octets] ##########
 

____________________

 

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 hosts     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 35  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 05 July 2013 - 08:21 AM

Java update


Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Reader update


Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Download and run OTL

  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.


    Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default.

  • Push the runscanbutton.png button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Fairouz

Fairouz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 05 July 2013 - 08:34 AM

After I installed the the newer Java version a box popped up saying "Browser launch:3"

Is that something wrong?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users