Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iteratively finding possible infections with MBAM and MBAR


  • This topic is locked This topic is locked
16 replies to this topic

#1 LindsayRivers

LindsayRivers

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 15 December 2013 - 11:19 PM

On a machine running Windows 7 64-bit Home Edition, a few days ago I ran a MalwareBytes Anti-Rootkit scan. That scan found Trojan siredef.c. After that was apparently resolved, I ran a full MalwareBytes Anti-Malware scan which reported two infected files which it removed.

 

Since then I been running further scans using MalwareBytes Anti-Malware and MalwareBytes Anti-Rootkit and a couple other anti-spyware/malware apps. I have run scans in both normal Windows mode and Safe Mode.

 

The scans have yet to come back completely clean. Some files were quarantined in the early scans, and it seems like scans later have mostly been removing registry keys, thought tonight a scan reported an infected pref.js files in a subdirectory that had a very long pathname. The same scan also detected and quarantined two registry keys that had the word "payload" in them (eek!).

 

I believe the machine is massively infected and I thank you in advance for your help. The DDS.txt log file is pasted below, and attach.txt is attached.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by g1g2 at 21:58:46 on 2013-12-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.3890 [GMT -6:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Box\Box Sync\BoxSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\g1g2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Box\Box Sync\BoxSync.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 221.130.23.154:80
uProxyOverride = <local>
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\g1g2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"
uRun: [Amazon Cloud Player] "C:\Users\g1g2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Kaspersky PURE - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll/616
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
Trusted Zone: dell.com
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{58B5782A-61AA-41AC-87D7-C9721AA590D4} : DHCPNameServer = 67.205.112.74 208.53.158.59
TCP: Interfaces\{AEE39875-9B3D-44B7-8309-DA300316C442} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2} : NameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\3425F4352495 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\35C4F47545251494E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\364757C616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\434584354525545445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\7594E484454505 : NameServer = 0.0.0.0
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\7594E484454505 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\D4F4A514D42494155554 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\
FF - prefs.js: browser.startup.homepage - hxxp://popurls.com/|http://www.toodledo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\g1g2\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-10-21 09:59; {4324f4a6-3a89-477e-b388-6bca032df78b}; C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-7-18 84536]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-7-18 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -r [?]
R2 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2013-12-9 18944]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-2-13 67584]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-5-17 120408]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-9 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-9 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-9 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-9 321064]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-10-13 352816]
S2 !SASCORE;SAS Core Service;"E:\SAS\SASCORE64.EXE" --> E:\SAS\SASCORE64.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-26 35104]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-10-18 21480]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-9 158976]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-16 25928]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-12 19456]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\System32\drivers\tap0801.sys [2005-4-13 30720]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-18 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-12 57856]
S3 usbser64;Neato Robotics USB Driver;C:\Windows\System32\drivers\usbser.sys [2013-10-8 33280]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-16 1255736]
S4 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S4 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-5-17 14848]
S4 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-15 04:20:25    --------    d-----w-    C:\AdwCleaner
2013-12-13 22:54:48    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-13 22:53:07    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-12 14:52:09    --------    d-----w-    C:\Users\g1g2\Box Sync
2013-12-12 14:51:22    --------    d-----w-    C:\Users\g1g2\AppData\Local\Box Sync
2013-12-12 14:50:50    --------    d-----w-    C:\Program Files\Box
2013-12-11 03:29:49    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 03:29:49    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 03:29:49    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-11 03:29:49    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 03:24:47    --------    d-----w-    C:\Windows\Migration
2013-12-11 03:12:13    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-11 03:12:13    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 03:12:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-12-11 03:12:10    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-12-11 03:12:05    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-12-11 03:12:05    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-11 03:12:05    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-12-11 03:12:04    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-12-11 03:12:04    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-12-11 03:12:03    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-11 03:12:03    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-12-11 03:11:05    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-12-11 03:11:05    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-12-11 03:11:05    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-12-11 03:11:05    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-12-11 03:11:05    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-12-11 03:11:05    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-12-11 03:11:04    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-12-11 03:11:04    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-12-03 20:26:42    --------    d-----w-    C:\Users\g1g2\AppData\Local\Amazon Cloud Player
.
==================== Find3M  ====================
.
2013-12-10 22:18:37    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:18:37    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-16 15:14:34    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-16 14:53:06    29280    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
2013-10-16 14:53:05    90208    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2013-10-16 14:53:05    29280    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2013-10-16 14:53:05    28504    ----a-w-    C:\Windows\System32\drivers\klim6.sys
2013-10-16 14:53:03    7717984    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH: 22:05:28.34 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 20 December 2013 - 11:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517600 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 LindsayRivers

LindsayRivers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 21 December 2013 - 11:24 AM

On a machine running Windows 7 64-bit Home Edition, a few days ago I ran a MalwareBytes Anti-Rootkit scan. That scan found Trojan siredef.c. After that was apparently resolved, I ran a full MalwareBytes Anti-Malware scan which reported two infected files which it removed.

Since then I been running further scans using MalwareBytes Anti-Malware and MalwareBytes Anti-Rootkit and a couple other anti-spyware/malware apps. I have run scans in both normal Windows mode and Safe Mode.

The scans have yet to come back completely clean. Some files were quarantined in the early scans, and it seems like scans later have mostly been removing registry keys, thought tonight a scan reported an infected pref.js files in a subdirectory that had a very long pathname. The same scan also detected and quarantined two registry keys that had the word "payload" in them (eek!).

The computer did not come with a Windows 7 DVD so I don't have an original Windows 7 disc.

I believe the machine is massively infected and I thank you in advance for your help. The new DDS.txt log file is pasted below.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by g1g2 at 10:08:05 on 2013-12-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.3347 [GMT -6:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Box\Box Sync\BoxSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
C:\Users\g1g2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Box\Box Sync\BoxSync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\Program Files\Zune\ZuneWlanCfgSvc.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\g1g2\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 221.130.23.154:80
uProxyOverride = <local>
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\g1g2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"
uRun: [Amazon Cloud Player] "C:\Users\g1g2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Kaspersky PURE - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll/616
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
Trusted Zone: dell.com
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{58B5782A-61AA-41AC-87D7-C9721AA590D4} : DHCPNameServer = 67.205.112.74 208.53.158.59
TCP: Interfaces\{AEE39875-9B3D-44B7-8309-DA300316C442} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2} : NameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\3425F4352495 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\35C4F47545251494E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\364757C616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\434584354525545445 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\7594E484454505 : NameServer = 0.0.0.0
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\7594E484454505 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\D4F4A514D42494155554 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\
FF - prefs.js: browser.startup.homepage - hxxp://popurls.com/|http://www.toodledo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\g1g2\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-7-18 84536]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-7-18 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -r [?]
R2 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2013-12-9 18944]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-2-13 67584]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-5-17 120408]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-9 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-9 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-9 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-9 321064]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-16 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-10-13 352816]
S2 !SASCORE;SAS Core Service;"E:\SAS\SASCORE64.EXE" --> E:\SAS\SASCORE64.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-26 35104]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-10-18 21480]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-9 158976]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-12 19456]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\System32\drivers\tap0801.sys [2005-4-13 30720]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-18 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-12 57856]
S3 usbser64;Neato Robotics USB Driver;C:\Windows\System32\drivers\usbser.sys [2013-10-8 33280]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-16 1255736]
S4 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S4 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-5-17 14848]
S4 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-16 15:02:09    --------    d-----w-    C:\Program Files (x86)\GnuWin32
2013-12-15 04:20:25    --------    d-----w-    C:\AdwCleaner
2013-12-13 22:54:48    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-13 22:53:07    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-12 14:52:09    --------    d-----w-    C:\Users\g1g2\Box Sync
2013-12-12 14:51:22    --------    d-----w-    C:\Users\g1g2\AppData\Local\Box Sync
2013-12-12 14:50:50    --------    d-----w-    C:\Program Files\Box
2013-12-11 03:29:49    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 03:29:49    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 03:29:49    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-11 03:29:49    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-11 03:24:47    --------    d-----w-    C:\Windows\Migration
2013-12-11 03:12:13    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-11 03:12:13    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 03:12:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-12-11 03:12:10    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-12-11 03:12:05    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-12-11 03:12:05    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-11 03:12:05    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-12-11 03:12:04    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-12-11 03:12:04    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-12-11 03:12:03    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-11 03:12:03    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-12-11 03:11:05    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-12-11 03:11:05    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-12-11 03:11:05    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-12-11 03:11:05    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-12-11 03:11:05    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-12-11 03:11:05    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-12-11 03:11:04    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-12-11 03:11:04    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-12-03 20:26:42    --------    d-----w-    C:\Users\g1g2\AppData\Local\Amazon Cloud Player
.
==================== Find3M  ====================
.
2013-12-10 22:18:37    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:18:37    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-16 15:14:34    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-16 14:53:06    29280    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
2013-10-16 14:53:05    90208    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2013-10-16 14:53:05    29280    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2013-10-16 14:53:05    28504    ----a-w-    C:\Windows\System32\drivers\klim6.sys
2013-10-16 14:53:03    7717984    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH: 10:14:34.27 ===============
 



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 21 December 2013 - 03:13 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 LindsayRivers

LindsayRivers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 22 December 2013 - 02:19 PM

Thank you for your help. I will follow all of the instructions and I will be patient. I understand the forum is busy, and I also understand that this time of year is especially busy in general. So I really appreciate your help. Here is the contents of the FRST.txt file. And the Addition.txt file is attached.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01
Ran by g1g2 (administrator) on G1G2DELL2 on 22-12-2013 13:09:33
Running from C:\Users\g1g2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Box Inc.) C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\g1g2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [BoxSync] - C:\Program Files\Box\Box Sync\BoxSync.exe [11466136 2013-12-09] (Box, Inc.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-05-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\g1g2\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-03-22] (Google Inc.)
HKCU\...\Run: [KeePass Password Safe 2] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\g1g2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
MountPoints2: E - E:\MotoCastSetup.exe -a
MountPoints2: H - H:\MotoCastSetup.exe -a
MountPoints2: {357876ec-abbb-11e0-b529-a4badbe26bf6} - E:\ToolLauncher-Bootstrap.exe
MountPoints2: {4f8343b2-c832-11e1-b862-a4badbe26bf6} - E:\MotoCastSetup.exe -a
MountPoints2: {e1501d2b-8571-11e1-8e5b-a4badbe26bf6} - F:\MotoCastSetup.exe -a
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124256 2010-01-18] (CANON INC.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-16] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\GeoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: 221.130.23.154:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {D8DB274F-6622-4D6A-A228-A6980232C202} URL =
SearchScopes: HKCU - {A631E37F-FC74-4FC6-B415-594BDFEDDA71} URL =
SearchScopes: HKCU - {D8DB274F-6622-4D6A-A228-A6980232C202} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default
FF Homepage: hxxp://popurls.com/|hxxp://www.toodledo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\g1g2\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\g1g2\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\searchplugins\startpage-https.xml
FF Extension: HTTPS-Everywhere - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\Extensions\https-everywhere@eff.org
FF Extension: MaskMe - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\Extensions\idme@abine.com
FF Extension: No Name - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\Extensions\staged
FF Extension: iMacros for Firefox - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: turkopticon - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
FF Extension: BetterPrivacy - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Greasemonkey - C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\g1g2\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\g1g2\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\g1g2\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (SumatraPDF Browser Plugin) - C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0
CHR Extension: (Tampermonkey) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0
CHR Extension: (Safe Money) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0
CHR Extension: (Content Blocker) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.2.614_0
CHR Extension: (Paranoid Browsing) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfdeaekggfbgjljcfdbfdhffoeopmbe\1.5_0
CHR Extension: (Virtual Keyboard) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.614_0
CHR Extension: (Google Voice (by Google)) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.4_0
CHR Extension: (Google Wallet) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Anti-Banner) - C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\g1g2\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-16] (Kaspersky Lab ZAO)
R2 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [18944 2013-12-09] (Box Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S4 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-05-17] ()
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34520 2013-08-08] (The OpenVPN Project)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S2 !SASCORE; "E:\SAS\SASCORE64.EXE" [x]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-05-17] (Windows ® Win 7 DDK provider)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2013-10-16] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-16] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-18] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-18] (The OpenVPN Project)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-10-13] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-10-13] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-10-13] (Paragon)
S3 usbser64; C:\Windows\System32\DRIVERS\usbser.sys [33280 2013-08-28] (Microsoft Corporation)
S0 xtoxpl; No ImagePath
S0 zvijcv; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-16] (Kaspersky Lab ZAO)
S1 SASDIFSV; \??\E:\SAS\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\E:\SAS\SASKUTIL64.SYS [x]
S3 Tcpz-x64; \??\C:\Users\g1g2\AppData\Local\Temp\Tcpz-x64.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 13:09 - 2013-12-22 13:10 - 00026237 _____ C:\Users\g1g2\Desktop\FRST.txt
2013-12-22 13:09 - 2013-12-22 13:09 - 00000000 ____D C:\FRST
2013-12-22 13:07 - 2013-12-22 13:07 - 01928280 _____ (Farbar) C:\Users\g1g2\Downloads\FRST64.exe
2013-12-22 13:07 - 2013-12-22 13:07 - 01928280 _____ (Farbar) C:\Users\g1g2\Desktop\FRST64.exe
2013-12-17 14:10 - 2013-12-17 14:10 - 00002214 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-16 09:02 - 2013-12-16 09:02 - 00000000 ____D C:\Program Files (x86)\GnuWin32
2013-12-16 09:01 - 2013-12-16 09:01 - 01899231 _____ (GnuWin32 <gnuwin32.sourceforge.net>                         ) C:\Users\g1g2\Downloads\grep-2.5.4-setup.exe
2013-12-15 22:05 - 2013-12-21 10:14 - 00027333 _____ C:\Users\g1g2\Desktop\dds.txt
2013-12-15 22:05 - 2013-12-21 10:14 - 00017549 _____ C:\Users\g1g2\Desktop\attach.txt
2013-12-15 21:55 - 2013-12-15 21:55 - 00688992 ____R (Swearware) C:\Users\g1g2\Desktop\dds.com
2013-12-14 22:35 - 2013-12-14 22:35 - 00001242 _____ C:\Users\g1g2\Desktop\JRT.txt
2013-12-14 22:29 - 2013-12-14 22:29 - 01034531 _____ (Thisisu) C:\Users\g1g2\Downloads\JRT.exe
2013-12-14 22:20 - 2013-12-14 22:23 - 00000000 ____D C:\AdwCleaner
2013-12-14 22:19 - 2013-12-14 22:19 - 01226802 _____ C:\Users\g1g2\Desktop\AdwCleaner.exe
2013-12-13 22:19 - 2013-12-17 08:37 - 00000448 _____ C:\Windows\setupact.log
2013-12-13 22:19 - 2013-12-13 22:19 - 00000000 _____ C:\Windows\setuperr.log
2013-12-13 22:18 - 2013-12-17 08:37 - 00011616 _____ C:\Windows\PFRO.log
2013-12-13 16:54 - 2013-12-14 17:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-13 16:53 - 2013-12-14 17:21 - 00000000 ____D C:\Users\g1g2\Desktop\mbar
2013-12-13 16:53 - 2013-12-14 15:34 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-13 16:52 - 2013-12-13 16:52 - 12582688 _____ (Malwarebytes Corp.) C:\Users\g1g2\Downloads\mbar-1.07.0.1008.exe
2013-12-13 16:36 - 2013-12-13 16:36 - 00742893 _____ (                                                            ) C:\Users\g1g2\Downloads\WindowsGrep23.exe
2013-12-12 16:51 - 2013-12-12 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-12 08:52 - 2013-12-19 16:45 - 00000000 ____D C:\Users\g1g2\Box Sync
2013-12-12 08:52 - 2013-12-12 08:52 - 00001547 _____ C:\Users\g1g2\Desktop\Box Sync.lnk
2013-12-12 08:51 - 2013-12-22 13:07 - 00000000 ____D C:\Users\g1g2\AppData\Local\Box Sync
2013-12-12 08:50 - 2013-12-12 08:50 - 00000000 ____D C:\Program Files\Box
2013-12-12 08:49 - 2013-12-12 08:50 - 26834208 _____ (Box Inc.) C:\Users\g1g2\Downloads\BoxSyncSetup.exe
2013-12-11 10:47 - 2013-12-11 10:47 - 00072000 _____ C:\Users\g1g2\Downloads\mybox-selected.zip
2013-12-11 10:47 - 2013-12-11 10:47 - 00000000 ____D C:\Users\g1g2\Documents\mybox
2013-12-10 21:48 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-10 21:48 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-10 21:48 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-10 21:48 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-10 21:48 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-10 21:48 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-10 21:48 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-10 21:48 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-10 21:48 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-10 21:48 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-10 21:48 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-10 21:48 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-10 21:48 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-10 21:48 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-10 21:48 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-10 21:48 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-10 21:48 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-10 21:48 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-10 21:48 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-10 21:48 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-10 21:48 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-10 21:48 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-10 21:48 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-10 21:48 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-10 21:48 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-10 21:48 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-10 21:48 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-10 21:48 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-10 21:48 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-10 21:48 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-10 21:48 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 21:29 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-10 21:29 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-10 21:29 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-10 21:29 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-10 21:22 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-10 21:20 - 2013-12-10 21:20 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-10 21:20 - 2013-12-10 21:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-10 21:20 - 2013-12-10 21:20 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-10 21:20 - 2013-12-10 21:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-10 21:20 - 2013-12-10 21:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-10 21:20 - 2013-12-10 21:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-10 21:20 - 2013-12-10 21:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-10 21:12 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 21:12 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-10 21:12 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 21:12 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 21:12 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-10 21:12 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 21:12 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 21:12 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 21:12 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 21:12 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 21:12 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 21:11 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 21:11 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 21:11 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 21:11 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 21:11 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 21:11 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 21:11 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 21:11 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-05 22:41 - 2013-12-06 22:45 - 00013249 _____ C:\Users\g1g2\Desktop\GinnDiscography.xlsx
2013-12-03 15:30 - 2013-12-06 16:35 - 00003850 _____ C:\Users\g1g2\Desktop\GFY-Review.txt
2013-12-03 14:26 - 2013-12-03 14:27 - 00000000 ____D C:\Users\g1g2\AppData\Local\Amazon Cloud Player
2013-12-03 14:26 - 2013-12-03 14:26 - 36117312 _____ (Amazon) C:\Users\g1g2\Downloads\AmazonCloudPlayerInstaller_381.exe
2013-12-03 14:26 - 2013-12-03 14:26 - 00001212 _____ C:\Users\g1g2\Desktop\Amazon Cloud Player.lnk
2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\Users\g1g2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-02 12:40 - 2013-12-02 12:40 - 04618136 _____ (Piriform Ltd) C:\Users\g1g2\Downloads\ccsetup408(1).exe
2013-12-02 12:39 - 2013-12-02 12:39 - 04618136 _____ (Piriform Ltd) C:\Users\g1g2\Downloads\ccsetup408.exe
2013-11-26 15:44 - 2013-11-26 15:44 - 00000314 _____ C:\Users\g1g2\Desktop\pack.txt

==================== One Month Modified Files and Folders =======

2013-12-22 13:10 - 2013-12-22 13:09 - 00026237 _____ C:\Users\g1g2\Desktop\FRST.txt
2013-12-22 13:09 - 2013-12-22 13:09 - 00000000 ____D C:\FRST
2013-12-22 13:09 - 2010-10-21 19:35 - 00000000 ____D C:\Users\g1g2\AppData\Roaming\KeePass
2013-12-22 13:07 - 2013-12-22 13:07 - 01928280 _____ (Farbar) C:\Users\g1g2\Downloads\FRST64.exe
2013-12-22 13:07 - 2013-12-22 13:07 - 01928280 _____ (Farbar) C:\Users\g1g2\Desktop\FRST64.exe
2013-12-22 13:07 - 2013-12-12 08:51 - 00000000 ____D C:\Users\g1g2\AppData\Local\Box Sync
2013-12-22 13:07 - 2012-08-29 18:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-22 13:07 - 2011-04-25 22:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 13:07 - 2011-03-27 21:29 - 01113836 _____ C:\Windows\WindowsUpdate.log
2013-12-22 13:07 - 2011-03-22 17:13 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004970647-1686105892-3839212022-1001UA.job
2013-12-22 10:07 - 2012-04-12 15:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-22 10:07 - 2011-04-25 22:48 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 10:02 - 2011-03-22 17:13 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004970647-1686105892-3839212022-1001Core.job
2013-12-21 10:14 - 2013-12-15 22:05 - 00027333 _____ C:\Users\g1g2\Desktop\dds.txt
2013-12-21 10:14 - 2013-12-15 22:05 - 00017549 _____ C:\Users\g1g2\Desktop\attach.txt
2013-12-21 10:05 - 2012-02-23 08:09 - 00000000 ____D C:\Users\g1g2\AppData\Roaming\The Bat! Pwd
2013-12-20 09:15 - 2011-06-24 16:14 - 00000000 ____D C:\Program Files (x86)\Everything
2013-12-19 16:45 - 2013-12-12 08:52 - 00000000 ____D C:\Users\g1g2\Box Sync
2013-12-18 08:47 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-18 08:47 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-17 14:10 - 2013-12-17 14:10 - 00002214 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-17 14:10 - 2011-04-25 22:48 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 09:00 - 2010-09-09 12:37 - 00000000 ____D C:\dell
2013-12-17 08:44 - 2009-07-13 23:13 - 00893836 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-17 08:38 - 2010-10-16 17:13 - 00000000 ____D C:\Users\g1g2\AppData\Local\SoftThinks
2013-12-17 08:37 - 2013-12-13 22:19 - 00000448 _____ C:\Windows\setupact.log
2013-12-17 08:37 - 2013-12-13 22:18 - 00011616 _____ C:\Windows\PFRO.log
2013-12-17 08:37 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-16 09:02 - 2013-12-16 09:02 - 00000000 ____D C:\Program Files (x86)\GnuWin32
2013-12-16 09:01 - 2013-12-16 09:01 - 01899231 _____ (GnuWin32 <gnuwin32.sourceforge.net>                         ) C:\Users\g1g2\Downloads\grep-2.5.4-setup.exe
2013-12-15 21:55 - 2013-12-15 21:55 - 00688992 ____R (Swearware) C:\Users\g1g2\Desktop\dds.com
2013-12-14 22:35 - 2013-12-14 22:35 - 00001242 _____ C:\Users\g1g2\Desktop\JRT.txt
2013-12-14 22:29 - 2013-12-14 22:29 - 01034531 _____ (Thisisu) C:\Users\g1g2\Downloads\JRT.exe
2013-12-14 22:23 - 2013-12-14 22:20 - 00000000 ____D C:\AdwCleaner
2013-12-14 22:19 - 2013-12-14 22:19 - 01226802 _____ C:\Users\g1g2\Desktop\AdwCleaner.exe
2013-12-14 17:21 - 2013-12-13 16:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-14 17:21 - 2013-12-13 16:53 - 00000000 ____D C:\Users\g1g2\Desktop\mbar
2013-12-14 15:34 - 2013-12-13 16:53 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-13 22:19 - 2013-12-13 22:19 - 00000000 _____ C:\Windows\setuperr.log
2013-12-13 22:18 - 2013-02-01 15:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-13 22:00 - 2011-07-15 22:32 - 00000000 ____D C:\Users\g1g2\Documents\BH
2013-12-13 16:52 - 2013-12-13 16:52 - 12582688 _____ (Malwarebytes Corp.) C:\Users\g1g2\Downloads\mbar-1.07.0.1008.exe
2013-12-13 16:36 - 2013-12-13 16:36 - 00742893 _____ (                                                            ) C:\Users\g1g2\Downloads\WindowsGrep23.exe
2013-12-13 11:08 - 2010-09-09 12:43 - 00000000 ____D C:\Windows\Panther
2013-12-12 16:51 - 2013-12-12 16:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-12 10:29 - 2010-10-19 14:05 - 00000000 ____D C:\Users\g1g2\AppData\Roaming\Domain Punch Professional v2
2013-12-12 08:52 - 2013-12-12 08:52 - 00001547 _____ C:\Users\g1g2\Desktop\Box Sync.lnk
2013-12-12 08:52 - 2010-10-16 17:13 - 00000000 ____D C:\Users\g1g2
2013-12-12 08:51 - 2013-06-09 08:47 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-12 08:50 - 2013-12-12 08:50 - 00000000 ____D C:\Program Files\Box
2013-12-12 08:50 - 2013-12-12 08:49 - 26834208 _____ (Box Inc.) C:\Users\g1g2\Downloads\BoxSyncSetup.exe
2013-12-11 13:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 10:47 - 2013-12-11 10:47 - 00072000 _____ C:\Users\g1g2\Downloads\mybox-selected.zip
2013-12-11 10:47 - 2013-12-11 10:47 - 00000000 ____D C:\Users\g1g2\Documents\mybox
2013-12-10 21:53 - 2013-07-18 09:03 - 00000000 ___SD C:\Users\g1g2\Documents\Passwords Database
2013-12-10 21:44 - 2012-11-18 21:29 - 00001419 _____ C:\Users\g1g2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-10 21:39 - 2009-07-13 22:45 - 00403560 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 21:36 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-10 21:27 - 2010-12-03 06:30 - 00885958 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-10 21:20 - 2013-12-10 21:20 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-10 21:20 - 2013-12-10 21:20 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-10 21:20 - 2013-12-10 21:20 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-10 21:20 - 2013-12-10 21:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-10 21:20 - 2013-12-10 21:20 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-10 21:20 - 2013-12-10 21:20 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-10 21:20 - 2013-12-10 21:20 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-10 21:20 - 2013-12-10 21:20 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-10 21:20 - 2013-12-10 21:20 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-10 21:18 - 2011-12-30 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 21:16 - 2013-07-16 12:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-10 21:13 - 2010-10-16 20:23 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 16:18 - 2012-08-29 18:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 16:18 - 2012-04-26 20:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 16:18 - 2011-12-06 13:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 10:02 - 2011-12-14 17:40 - 00127342 _____ C:\Users\g1g2\Documents\IMeMine.kdbx
2013-12-09 10:02 - 2011-04-25 22:48 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-09 10:02 - 2011-04-25 22:48 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 22:45 - 2013-12-05 22:41 - 00013249 _____ C:\Users\g1g2\Desktop\GinnDiscography.xlsx
2013-12-06 16:35 - 2013-12-03 15:30 - 00003850 _____ C:\Users\g1g2\Desktop\GFY-Review.txt
2013-12-05 22:01 - 2011-03-22 17:13 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2004970647-1686105892-3839212022-1001UA
2013-12-05 22:01 - 2011-03-22 17:13 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2004970647-1686105892-3839212022-1001Core
2013-12-04 15:29 - 2012-01-21 23:09 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-03 14:27 - 2013-12-03 14:26 - 00000000 ____D C:\Users\g1g2\AppData\Local\Amazon Cloud Player
2013-12-03 14:26 - 2013-12-03 14:26 - 36117312 _____ (Amazon) C:\Users\g1g2\Downloads\AmazonCloudPlayerInstaller_381.exe
2013-12-03 14:26 - 2013-12-03 14:26 - 00001212 _____ C:\Users\g1g2\Desktop\Amazon Cloud Player.lnk
2013-12-03 14:26 - 2013-12-03 14:26 - 00000000 ____D C:\Users\g1g2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-02 12:40 - 2013-12-02 12:40 - 04618136 _____ (Piriform Ltd) C:\Users\g1g2\Downloads\ccsetup408(1).exe
2013-12-02 12:40 - 2010-10-16 20:54 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-12-02 12:39 - 2013-12-02 12:39 - 04618136 _____ (Piriform Ltd) C:\Users\g1g2\Downloads\ccsetup408.exe
2013-11-26 15:44 - 2013-11-26 15:44 - 00000314 _____ C:\Users\g1g2\Desktop\pack.txt
2013-11-26 05:54 - 2013-12-10 21:48 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 04:19 - 2013-12-10 21:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 04:18 - 2013-12-10 21:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 04:11 - 2013-12-10 21:48 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 03:48 - 2013-12-10 21:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 03:46 - 2013-12-10 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 03:41 - 2013-12-10 21:48 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 03:29 - 2013-12-10 21:48 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 03:27 - 2013-12-10 21:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 03:23 - 2013-12-10 21:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 03:21 - 2013-12-10 21:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 03:18 - 2013-12-10 21:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 03:18 - 2013-12-10 21:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 03:16 - 2013-12-10 21:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 02:57 - 2013-12-10 21:48 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 02:38 - 2013-12-10 21:48 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 02:38 - 2013-12-10 21:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 02:35 - 2013-12-10 21:48 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 02:32 - 2013-12-10 21:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 02:28 - 2013-12-10 21:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 02:16 - 2013-12-10 21:48 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 02:02 - 2013-12-10 21:48 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 01:48 - 2013-12-10 21:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 01:32 - 2013-12-10 21:48 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 01:26 - 2013-12-10 21:48 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 01:07 - 2013-12-10 21:48 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 00:40 - 2013-12-10 21:48 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 00:34 - 2013-12-10 21:48 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 00:34 - 2013-12-10 21:48 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 00:33 - 2013-12-10 21:48 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 00:27 - 2013-12-10 21:48 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-25 08:48 - 2010-10-27 14:47 - 00000000 ____D C:\Users\g1g2\AppData\Roaming\FileZilla
2013-11-23 12:26 - 2013-12-10 21:12 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 11:47 - 2013-12-10 21:12 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

Some content of TEMP:
====================
C:\Users\g1g2\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 14:08

==================== End Of Log ============================

Attached Files



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 22 December 2013 - 05:55 PM

Please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 LindsayRivers

LindsayRivers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 23 December 2013 - 10:55 AM

TDSSKiller log:
 

09:09:44.0509 6156  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:10:11.0020 6156  ============================================================
09:10:11.0020 6156  Current date / time: 2013/12/23 09:10:11.0020
09:10:11.0020 6156  SystemInfo:
09:10:11.0020 6156  
09:10:11.0020 6156  OS Version: 6.1.7601 ServicePack: 1.0
09:10:11.0020 6156  Product type: Workstation
09:10:11.0020 6156  ComputerName: G1G2DELL2
09:10:11.0020 6156  UserName: g1g2
09:10:11.0020 6156  Windows directory: C:\Windows
09:10:11.0020 6156  System windows directory: C:\Windows
09:10:11.0020 6156  Running under WOW64
09:10:11.0020 6156  Processor architecture: Intel x64
09:10:11.0020 6156  Number of processors: 4
09:10:11.0020 6156  Page size: 0x1000
09:10:11.0020 6156  Boot type: Normal boot
09:10:11.0020 6156  ============================================================
09:10:12.0003 6156  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:10:12.0034 6156  Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:10:12.0034 6156  ============================================================
09:10:12.0034 6156  \Device\Harddisk0\DR0:
09:10:12.0034 6156  MBR partitions:
09:10:12.0034 6156  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x13C3000
09:10:12.0034 6156  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D7000, BlocksNum 0x5616E800
09:10:12.0034 6156  \Device\Harddisk1\DR1:
09:10:12.0034 6156  MBR partitions:
09:10:12.0034 6156  ============================================================
09:10:12.0065 6156  C: <-> \Device\Harddisk0\DR0\Partition2
09:10:12.0065 6156  ============================================================
09:10:12.0065 6156  Initialize success
09:10:12.0065 6156  ============================================================
09:10:23.0921 4032  ============================================================
09:10:23.0921 4032  Scan started
09:10:23.0921 4032  Mode: Manual; TDLFS;
09:10:23.0921 4032  ============================================================
09:10:24.0389 4032  ================ Scan system memory ========================
09:10:24.0389 4032  System memory - ok
09:10:24.0389 4032  ================ Scan services =============================
09:10:24.0405 4032  !SASCORE - ok
09:10:24.0514 4032  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:10:24.0514 4032  1394ohci - ok
09:10:24.0545 4032  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:10:24.0545 4032  ACPI - ok
09:10:24.0561 4032  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:10:24.0561 4032  AcpiPmi - ok
09:10:24.0670 4032  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:10:24.0670 4032  AdobeFlashPlayerUpdateSvc - ok
09:10:24.0701 4032  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:10:24.0717 4032  adp94xx - ok
09:10:24.0733 4032  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:10:24.0733 4032  adpahci - ok
09:10:24.0748 4032  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:10:24.0748 4032  adpu320 - ok
09:10:24.0764 4032  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:10:24.0764 4032  AeLookupSvc - ok
09:10:24.0826 4032  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
09:10:24.0826 4032  AFD - ok
09:10:24.0857 4032  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:10:24.0857 4032  agp440 - ok
09:10:24.0873 4032  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
09:10:24.0873 4032  ALG - ok
09:10:24.0904 4032  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:10:24.0920 4032  aliide - ok
09:10:24.0951 4032  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:10:24.0951 4032  amdide - ok
09:10:24.0951 4032  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:10:24.0967 4032  AmdK8 - ok
09:10:24.0982 4032  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:10:24.0982 4032  AmdPPM - ok
09:10:24.0998 4032  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:10:24.0998 4032  amdsata - ok
09:10:25.0013 4032  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:10:25.0013 4032  amdsbs - ok
09:10:25.0029 4032  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:10:25.0029 4032  amdxata - ok
09:10:25.0045 4032  [ 363571BC0C79E394E69300D1F2E3DDAE ] androidusb      C:\Windows\system32\Drivers\androidusb.sys
09:10:25.0045 4032  androidusb - ok
09:10:25.0076 4032  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
09:10:25.0076 4032  AppID - ok
09:10:25.0076 4032  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:10:25.0091 4032  AppIDSvc - ok
09:10:25.0107 4032  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
09:10:25.0107 4032  Appinfo - ok
09:10:25.0123 4032  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:10:25.0138 4032  arc - ok
09:10:25.0154 4032  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:10:25.0154 4032  arcsas - ok
09:10:25.0247 4032  [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:10:25.0247 4032  aspnet_state - ok
09:10:25.0279 4032  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:10:25.0279 4032  AsyncMac - ok
09:10:25.0279 4032  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:10:25.0279 4032  atapi - ok
09:10:25.0325 4032  [ 195786ED7A26E1913A4F9799FDBC2C71 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
09:10:25.0357 4032  athr - ok
09:10:25.0388 4032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:10:25.0403 4032  AudioEndpointBuilder - ok
09:10:25.0403 4032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:10:25.0403 4032  AudioSrv - ok
09:10:25.0466 4032  avp - ok
09:10:25.0497 4032  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:10:25.0497 4032  AxInstSV - ok
09:10:25.0528 4032  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:10:25.0528 4032  b06bdrv - ok
09:10:25.0559 4032  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:10:25.0575 4032  b57nd60a - ok
09:10:25.0669 4032  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
09:10:25.0669 4032  BBSvc - ok
09:10:25.0700 4032  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
09:10:25.0715 4032  BBUpdate - ok
09:10:25.0762 4032  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:10:25.0762 4032  BDESVC - ok
09:10:25.0762 4032  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:10:25.0762 4032  Beep - ok
09:10:25.0825 4032  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
09:10:25.0840 4032  BFE - ok
09:10:25.0856 4032  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
09:10:25.0871 4032  BITS - ok
09:10:25.0887 4032  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:10:25.0887 4032  blbdrive - ok
09:10:25.0918 4032  [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
09:10:25.0918 4032  Bonjour Service - ok
09:10:25.0949 4032  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:10:25.0949 4032  bowser - ok
09:10:25.0996 4032  [ 4749D442BC3040A721DE165957B031CB ] BoxSyncUpdateService C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
09:10:25.0996 4032  BoxSyncUpdateService - ok
09:10:26.0012 4032  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:10:26.0012 4032  BrFiltLo - ok
09:10:26.0012 4032  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:10:26.0012 4032  BrFiltUp - ok
09:10:26.0043 4032  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
09:10:26.0043 4032  Browser - ok
09:10:26.0059 4032  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:10:26.0074 4032  Brserid - ok
09:10:26.0090 4032  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:10:26.0090 4032  BrSerWdm - ok
09:10:26.0105 4032  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:10:26.0105 4032  BrUsbMdm - ok
09:10:26.0105 4032  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:10:26.0121 4032  BrUsbSer - ok
09:10:26.0137 4032  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
09:10:26.0137 4032  BthEnum - ok
09:10:26.0152 4032  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:10:26.0152 4032  BTHMODEM - ok
09:10:26.0199 4032  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
09:10:26.0199 4032  BthPan - ok
09:10:26.0230 4032  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
09:10:26.0230 4032  BTHPORT - ok
09:10:26.0261 4032  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
09:10:26.0261 4032  bthserv - ok
09:10:26.0277 4032  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
09:10:26.0293 4032  BTHUSB - ok
09:10:26.0324 4032  [ BA1498A4C7E7372654433648A61434A7 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
09:10:26.0324 4032  btwaudio - ok
09:10:26.0355 4032  [ BA66CEB74D49E00820C2C8D34C9CAA83 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
09:10:26.0355 4032  btwavdt - ok
09:10:26.0402 4032  [ 541590DC8948E19F7F9F7C8E2E067D99 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:10:26.0417 4032  btwdins - ok
09:10:26.0449 4032  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
09:10:26.0449 4032  btwl2cap - ok
09:10:26.0464 4032  [ 138771EA158E3D7A14B0E0E357C8CA93 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
09:10:26.0464 4032  btwrchid - ok
09:10:26.0495 4032  [ 58BF7714A312698108A96D0DE2BB6825 ] cbVSCService11  C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
09:10:26.0495 4032  cbVSCService11 - ok
09:10:26.0511 4032  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:10:26.0511 4032  cdfs - ok
09:10:26.0558 4032  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:10:26.0558 4032  cdrom - ok
09:10:26.0573 4032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:10:26.0589 4032  CertPropSvc - ok
09:10:26.0589 4032  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:10:26.0605 4032  circlass - ok
09:10:26.0620 4032  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
09:10:26.0620 4032  CLFS - ok
09:10:26.0683 4032  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:10:26.0683 4032  clr_optimization_v2.0.50727_32 - ok
09:10:26.0714 4032  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:10:26.0729 4032  clr_optimization_v2.0.50727_64 - ok
09:10:26.0792 4032  [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:10:26.0792 4032  clr_optimization_v4.0.30319_32 - ok
09:10:26.0807 4032  [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:10:26.0807 4032  clr_optimization_v4.0.30319_64 - ok
09:10:26.0823 4032  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:10:26.0823 4032  CmBatt - ok
09:10:26.0854 4032  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:10:26.0854 4032  cmdide - ok
09:10:26.0901 4032  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
09:10:26.0901 4032  CNG - ok
09:10:26.0917 4032  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:10:26.0917 4032  Compbatt - ok
09:10:26.0932 4032  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:10:26.0932 4032  CompositeBus - ok
09:10:26.0932 4032  COMSysApp - ok
09:10:26.0995 4032  [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134         C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
09:10:26.0995 4032  cpuz134 - ok
09:10:27.0010 4032  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:10:27.0010 4032  crcdisk - ok
09:10:27.0057 4032  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:10:27.0073 4032  CryptSvc - ok
09:10:27.0104 4032  [ 04199CA5C4A6F6E935906A74EAFCA8E7 ] CSCrySec        C:\Windows\system32\DRIVERS\CSCrySec.sys
09:10:27.0104 4032  CSCrySec - ok
09:10:27.0197 4032  [ 0F9FE82E229C039F0AC1996E44059653 ] CSObjectsSrv    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
09:10:27.0213 4032  CSObjectsSrv - ok
09:10:27.0244 4032  [ 7D7F90460F1309B5205BF8CDFAD63E42 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
09:10:27.0244 4032  CSVirtualDiskDrv - ok
09:10:27.0307 4032  [ FD557A50A65E44041CD2FCEF4BEB04DB ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:10:27.0322 4032  cvhsvc - ok
09:10:27.0369 4032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:10:27.0369 4032  DcomLaunch - ok
09:10:27.0400 4032  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
09:10:27.0416 4032  defragsvc - ok
09:10:27.0431 4032  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:10:27.0478 4032  DfsC - ok
09:10:27.0525 4032  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:10:27.0525 4032  Dhcp - ok
09:10:27.0541 4032  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
09:10:27.0541 4032  discache - ok
09:10:27.0572 4032  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:10:27.0587 4032  Disk - ok
09:10:27.0603 4032  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:10:27.0603 4032  Dnscache - ok
09:10:27.0650 4032  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
09:10:27.0650 4032  DockLoginService - ok
09:10:27.0697 4032  [ FA122BC1451B1B35B7814FBE1ACF1924 ] Dokan           C:\Windows\system32\drivers\dokan.sys
09:10:27.0697 4032  Dokan - ok
09:10:27.0728 4032  [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter    C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
09:10:27.0728 4032  DokanMounter - ok
09:10:27.0759 4032  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:10:27.0759 4032  dot3svc - ok
09:10:27.0790 4032  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
09:10:27.0790 4032  DPS - ok
09:10:27.0821 4032  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:10:27.0821 4032  drmkaud - ok
09:10:27.0868 4032  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:10:27.0884 4032  DXGKrnl - ok
09:10:27.0915 4032  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
09:10:27.0915 4032  EapHost - ok
09:10:27.0993 4032  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:10:28.0071 4032  ebdrv - ok
09:10:28.0102 4032  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
09:10:28.0102 4032  EFS - ok
09:10:28.0149 4032  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:10:28.0165 4032  ehRecvr - ok
09:10:28.0180 4032  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
09:10:28.0180 4032  ehSched - ok
09:10:28.0227 4032  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:10:28.0227 4032  elxstor - ok
09:10:28.0258 4032  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:10:28.0258 4032  ErrDev - ok
09:10:28.0289 4032  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
09:10:28.0289 4032  EventSystem - ok
09:10:28.0305 4032  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
09:10:28.0321 4032  exfat - ok
09:10:28.0336 4032  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:10:28.0336 4032  fastfat - ok
09:10:28.0367 4032  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
09:10:28.0367 4032  Fax - ok
09:10:28.0399 4032  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:10:28.0399 4032  fdc - ok
09:10:28.0414 4032  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:10:28.0414 4032  fdPHost - ok
09:10:28.0430 4032  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:10:28.0430 4032  FDResPub - ok
09:10:28.0445 4032  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:10:28.0445 4032  FileInfo - ok
09:10:28.0461 4032  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:10:28.0461 4032  Filetrace - ok
09:10:28.0539 4032  [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
09:10:28.0539 4032  FlipShare Service - ok
09:10:28.0586 4032  [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
09:10:28.0617 4032  FlipShareServer - ok
09:10:28.0633 4032  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:10:28.0633 4032  flpydisk - ok
09:10:28.0648 4032  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:10:28.0648 4032  FltMgr - ok
09:10:28.0695 4032  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
09:10:28.0726 4032  FontCache - ok
09:10:28.0757 4032  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:10:28.0757 4032  FontCache3.0.0.0 - ok
09:10:28.0773 4032  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:10:28.0773 4032  FsDepends - ok
09:10:28.0789 4032  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:10:28.0789 4032  Fs_Rec - ok
09:10:28.0804 4032  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:10:28.0820 4032  fvevol - ok
09:10:28.0820 4032  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:10:28.0835 4032  gagp30kx - ok
09:10:28.0851 4032  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
09:10:28.0851 4032  GoToAssist - ok
09:10:28.0882 4032  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
09:10:28.0898 4032  gpsvc - ok
09:10:28.0960 4032  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:10:28.0960 4032  gupdate - ok
09:10:28.0976 4032  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:10:28.0976 4032  gupdatem - ok
09:10:29.0007 4032  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:10:29.0007 4032  gusvc - ok
09:10:29.0038 4032  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:10:29.0038 4032  hcw85cir - ok
09:10:29.0054 4032  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:10:29.0054 4032  HDAudBus - ok
09:10:29.0085 4032  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
09:10:29.0085 4032  HECIx64 - ok
09:10:29.0101 4032  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:10:29.0101 4032  HidBatt - ok
09:10:29.0116 4032  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:10:29.0116 4032  HidBth - ok
09:10:29.0132 4032  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:10:29.0132 4032  HidIr - ok
09:10:29.0147 4032  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
09:10:29.0147 4032  hidserv - ok
09:10:29.0194 4032  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
09:10:29.0194 4032  HidUsb - ok
09:10:29.0210 4032  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:10:29.0210 4032  hkmsvc - ok
09:10:29.0241 4032  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:10:29.0241 4032  HomeGroupListener - ok
09:10:29.0272 4032  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:10:29.0272 4032  HomeGroupProvider - ok
09:10:29.0288 4032  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:10:29.0288 4032  HpSAMD - ok
09:10:29.0319 4032  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:10:29.0335 4032  HTTP - ok
09:10:29.0335 4032  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:10:29.0350 4032  hwpolicy - ok
09:10:29.0366 4032  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:10:29.0366 4032  i8042prt - ok
09:10:29.0397 4032  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:10:29.0413 4032  iaStorV - ok
09:10:29.0444 4032  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:10:29.0459 4032  idsvc - ok
09:10:29.0475 4032  IEEtwCollectorService - ok
09:10:29.0662 4032  [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:10:29.0865 4032  igfx - ok
09:10:29.0896 4032  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:10:29.0896 4032  iirsp - ok
09:10:29.0943 4032  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:10:29.0959 4032  IKEEXT - ok
09:10:29.0990 4032  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
09:10:29.0990 4032  Impcd - ok
09:10:30.0052 4032  [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:10:30.0083 4032  IntcAzAudAddService - ok
09:10:30.0115 4032  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
09:10:30.0115 4032  IntcDAud - ok
09:10:30.0146 4032  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
09:10:30.0146 4032  intelide - ok
09:10:30.0161 4032  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:10:30.0161 4032  intelppm - ok
09:10:30.0193 4032  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:10:30.0193 4032  IPBusEnum - ok
09:10:30.0224 4032  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:10:30.0224 4032  IpFilterDriver - ok
09:10:30.0255 4032  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:10:30.0271 4032  iphlpsvc - ok
09:10:30.0286 4032  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:10:30.0286 4032  IPMIDRV - ok
09:10:30.0302 4032  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:10:30.0302 4032  IPNAT - ok
09:10:30.0317 4032  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:10:30.0317 4032  IRENUM - ok
09:10:30.0333 4032  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:10:30.0333 4032  isapnp - ok
09:10:30.0349 4032  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:10:30.0349 4032  iScsiPrt - ok
09:10:30.0364 4032  [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
09:10:30.0364 4032  k57nd60a - ok
09:10:30.0380 4032  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:10:30.0380 4032  kbdclass - ok
09:10:30.0380 4032  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:10:30.0380 4032  kbdhid - ok
09:10:30.0395 4032  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
09:10:30.0395 4032  KeyIso - ok
09:10:30.0567 4032  [ 1C6256096A341051509D36AD724830BE ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
09:10:30.0598 4032  KL1 - ok
09:10:30.0676 4032  [ 788E5F92721849A17BD64883C49EB825 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
09:10:30.0692 4032  KLIF - ok
09:10:30.0707 4032  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
09:10:30.0707 4032  KLIM6 - ok
09:10:30.0723 4032  [ AEB50941C6D67128B14F88DB9917C4E0 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
09:10:30.0723 4032  klkbdflt - ok
09:10:30.0739 4032  [ 72CF64FBF38CD681FA7F37176047E967 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
09:10:30.0739 4032  klmouflt - ok
09:10:30.0754 4032  [ 45ECF097BC6330C2054D7D43B7AD822B ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
09:10:30.0770 4032  kltdi - ok
09:10:30.0770 4032  [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
09:10:30.0770 4032  kneps - ok
09:10:30.0817 4032  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:10:30.0817 4032  KSecDD - ok
09:10:30.0832 4032  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:10:30.0848 4032  KSecPkg - ok
09:10:30.0863 4032  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:10:30.0863 4032  ksthunk - ok
09:10:30.0879 4032  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:10:30.0895 4032  KtmRm - ok
09:10:30.0926 4032  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:10:30.0926 4032  LanmanServer - ok
09:10:30.0957 4032  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:10:30.0957 4032  LanmanWorkstation - ok
09:10:30.0988 4032  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:10:30.0988 4032  lltdio - ok
09:10:31.0004 4032  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:10:31.0019 4032  lltdsvc - ok
09:10:31.0035 4032  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:10:31.0035 4032  lmhosts - ok
09:10:31.0051 4032  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:10:31.0051 4032  LSI_FC - ok
09:10:31.0066 4032  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:10:31.0066 4032  LSI_SAS - ok
09:10:31.0082 4032  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:10:31.0082 4032  LSI_SAS2 - ok
09:10:31.0097 4032  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:10:31.0097 4032  LSI_SCSI - ok
09:10:31.0129 4032  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:10:31.0129 4032  luafv - ok
09:10:31.0160 4032  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:10:31.0160 4032  MBAMProtector - ok
09:10:31.0207 4032  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:10:31.0207 4032  MBAMScheduler - ok
09:10:31.0238 4032  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:10:31.0238 4032  MBAMService - ok
09:10:31.0253 4032  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:10:31.0269 4032  Mcx2Svc - ok
09:10:31.0269 4032  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:10:31.0269 4032  megasas - ok
09:10:31.0285 4032  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:10:31.0285 4032  MegaSR - ok
09:10:31.0316 4032  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
09:10:31.0316 4032  MMCSS - ok
09:10:31.0331 4032  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
09:10:31.0331 4032  Modem - ok
09:10:31.0363 4032  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:10:31.0363 4032  monitor - ok
09:10:31.0378 4032  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:10:31.0378 4032  mouclass - ok
09:10:31.0378 4032  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:10:31.0394 4032  mouhid - ok
09:10:31.0409 4032  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:10:31.0425 4032  mountmgr - ok
09:10:31.0441 4032  [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:10:31.0441 4032  MozillaMaintenance - ok
09:10:31.0472 4032  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:10:31.0472 4032  mpio - ok
09:10:31.0487 4032  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:10:31.0487 4032  mpsdrv - ok
09:10:31.0519 4032  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:10:31.0519 4032  MpsSvc - ok
09:10:31.0565 4032  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:10:31.0581 4032  MRxDAV - ok
09:10:31.0612 4032  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:10:31.0612 4032  mrxsmb - ok
09:10:31.0628 4032  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:10:31.0628 4032  mrxsmb10 - ok
09:10:31.0643 4032  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:10:31.0643 4032  mrxsmb20 - ok
09:10:31.0690 4032  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:10:31.0690 4032  msahci - ok
09:10:31.0690 4032  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:10:31.0690 4032  msdsm - ok
09:10:31.0721 4032  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
09:10:31.0721 4032  MSDTC - ok
09:10:31.0753 4032  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:10:31.0753 4032  Msfs - ok
09:10:31.0768 4032  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:10:31.0768 4032  mshidkmdf - ok
09:10:31.0784 4032  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:10:31.0784 4032  msisadrv - ok
09:10:31.0799 4032  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:10:31.0799 4032  MSiSCSI - ok
09:10:31.0799 4032  msiserver - ok
09:10:31.0831 4032  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:10:31.0831 4032  MSKSSRV - ok
09:10:31.0846 4032  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:10:31.0846 4032  MSPCLOCK - ok
09:10:31.0846 4032  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:10:31.0846 4032  MSPQM - ok
09:10:31.0877 4032  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:10:31.0877 4032  MsRPC - ok
09:10:31.0893 4032  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:10:31.0909 4032  mssmbios - ok
09:10:31.0955 4032  MSSQL$SQLEXPRESS - ok
09:10:32.0002 4032  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
09:10:32.0002 4032  MSSQLServerADHelper100 - ok
09:10:32.0002 4032  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:10:32.0002 4032  MSTEE - ok
09:10:32.0018 4032  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:10:32.0018 4032  MTConfig - ok
09:10:32.0033 4032  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:10:32.0033 4032  Mup - ok
09:10:32.0065 4032  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
09:10:32.0065 4032  napagent - ok
09:10:32.0096 4032  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:10:32.0096 4032  NativeWifiP - ok
09:10:32.0143 4032  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:10:32.0158 4032  NDIS - ok
09:10:32.0174 4032  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:10:32.0189 4032  NdisCap - ok
09:10:32.0205 4032  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:10:32.0205 4032  NdisTapi - ok
09:10:32.0221 4032  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:10:32.0221 4032  Ndisuio - ok
09:10:32.0236 4032  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:10:32.0252 4032  NdisWan - ok
09:10:32.0267 4032  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:10:32.0267 4032  NDProxy - ok
09:10:32.0283 4032  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:10:32.0283 4032  NetBIOS - ok
09:10:32.0314 4032  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:10:32.0314 4032  NetBT - ok
09:10:32.0330 4032  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
09:10:32.0330 4032  Netlogon - ok
09:10:32.0361 4032  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
09:10:32.0361 4032  Netman - ok
09:10:32.0408 4032  [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:10:32.0408 4032  NetMsmqActivator - ok
09:10:32.0408 4032  [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:10:32.0408 4032  NetPipeActivator - ok
09:10:32.0439 4032  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
09:10:32.0439 4032  netprofm - ok
09:10:32.0455 4032  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:10:32.0455 4032  NetTcpActivator - ok
09:10:32.0455 4032  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:10:32.0455 4032  NetTcpPortSharing - ok
09:10:32.0486 4032  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:10:32.0501 4032  nfrd960 - ok
09:10:32.0533 4032  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:10:32.0548 4032  NlaSvc - ok
09:10:32.0657 4032  [ DE7FCC77F4A503AF4CA6A47D49B3713D ] NPF             C:\Windows\system32\drivers\npf.sys
09:10:32.0657 4032  NPF - ok
09:10:32.0673 4032  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:10:32.0673 4032  Npfs - ok
09:10:32.0689 4032  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
09:10:32.0689 4032  nsi - ok
09:10:32.0704 4032  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:10:32.0704 4032  nsiproxy - ok
09:10:32.0751 4032  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:10:32.0782 4032  Ntfs - ok
09:10:32.0798 4032  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
09:10:32.0798 4032  Null - ok
09:10:32.0813 4032  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:10:32.0829 4032  nvraid - ok
09:10:32.0845 4032  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:10:32.0845 4032  nvstor - ok
09:10:32.0876 4032  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:10:32.0876 4032  nv_agp - ok
09:10:32.0876 4032  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:10:32.0876 4032  ohci1394 - ok
09:10:32.0954 4032  [ BE23B64744161E3781759663682D9B24 ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
09:10:32.0954 4032  OpenVPNService - ok
09:10:32.0969 4032  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:10:32.0985 4032  ose - ok
09:10:33.0110 4032  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:10:33.0203 4032  osppsvc - ok
09:10:33.0235 4032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:10:33.0235 4032  p2pimsvc - ok
09:10:33.0250 4032  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:10:33.0266 4032  p2psvc - ok
09:10:33.0281 4032  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:10:33.0281 4032  Parport - ok
09:10:33.0313 4032  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:10:33.0313 4032  partmgr - ok
09:10:33.0344 4032  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:10:33.0344 4032  PcaSvc - ok
09:10:33.0359 4032  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
09:10:33.0359 4032  pci - ok
09:10:33.0359 4032  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
09:10:33.0375 4032  pciide - ok
09:10:33.0391 4032  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:10:33.0391 4032  pcmcia - ok
09:10:33.0406 4032  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:10:33.0406 4032  pcw - ok
09:10:33.0422 4032  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:10:33.0422 4032  PEAUTH - ok
09:10:33.0484 4032  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:10:33.0484 4032  PerfHost - ok
09:10:33.0531 4032  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
09:10:33.0562 4032  pla - ok
09:10:33.0593 4032  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:10:33.0593 4032  PlugPlay - ok
09:10:33.0609 4032  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:10:33.0609 4032  PNRPAutoReg - ok
09:10:33.0625 4032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:10:33.0625 4032  PNRPsvc - ok
09:10:33.0656 4032  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:10:33.0656 4032  PolicyAgent - ok
09:10:33.0687 4032  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
09:10:33.0687 4032  Power - ok
09:10:33.0718 4032  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:10:33.0734 4032  PptpMiniport - ok
09:10:33.0749 4032  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:10:33.0749 4032  Processor - ok
09:10:33.0781 4032  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:10:33.0781 4032  ProfSvc - ok
09:10:33.0796 4032  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
09:10:33.0796 4032  ProtectedStorage - ok
09:10:33.0827 4032  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:10:33.0827 4032  Psched - ok
09:10:33.0859 4032  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
09:10:33.0859 4032  PSI - ok
09:10:33.0937 4032  [ D2C73B0F27D0750887A3DA3BD28F930C ] QBCFMonitorService c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:10:33.0937 4032  QBCFMonitorService - ok
09:10:33.0968 4032  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:10:33.0968 4032  QBFCService - ok
09:10:34.0030 4032  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:10:34.0061 4032  ql2300 - ok
09:10:34.0093 4032  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:10:34.0093 4032  ql40xx - ok
09:10:34.0108 4032  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
09:10:34.0124 4032  QWAVE - ok
09:10:34.0124 4032  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:10:34.0139 4032  QWAVEdrv - ok
09:10:34.0139 4032  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:10:34.0139 4032  RasAcd - ok
09:10:34.0155 4032  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:10:34.0155 4032  RasAgileVpn - ok
09:10:34.0171 4032  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
09:10:34.0171 4032  RasAuto - ok
09:10:34.0202 4032  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:10:34.0202 4032  Rasl2tp - ok
09:10:34.0217 4032  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
09:10:34.0233 4032  RasMan - ok
09:10:34.0249 4032  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:10:34.0249 4032  RasPppoe - ok
09:10:34.0264 4032  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:10:34.0264 4032  RasSstp - ok
09:10:34.0280 4032  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:10:34.0280 4032  rdbss - ok
09:10:34.0295 4032  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:10:34.0295 4032  rdpbus - ok
09:10:34.0311 4032  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:10:34.0311 4032  RDPCDD - ok
09:10:34.0327 4032  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:10:34.0327 4032  RDPENCDD - ok
09:10:34.0342 4032  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:10:34.0342 4032  RDPREFMP - ok
09:10:34.0358 4032  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:10:34.0358 4032  RdpVideoMiniport - ok
09:10:34.0389 4032  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:10:34.0389 4032  RDPWD - ok
09:10:34.0420 4032  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:10:34.0420 4032  rdyboost - ok
09:10:34.0436 4032  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:10:34.0451 4032  RemoteAccess - ok
09:10:34.0467 4032  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:10:34.0467 4032  RemoteRegistry - ok
09:10:34.0498 4032  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
09:10:34.0498 4032  RFCOMM - ok
09:10:34.0529 4032  [ 83A6C2CAFE236652D1559640594A0EA8 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
09:10:34.0529 4032  rpcapd - ok
09:10:34.0545 4032  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:10:34.0545 4032  RpcEptMapper - ok
09:10:34.0576 4032  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
09:10:34.0576 4032  RpcLocator - ok
09:10:34.0592 4032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
09:10:34.0607 4032  RpcSs - ok
09:10:34.0623 4032  [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
09:10:34.0623 4032  RsFx0105 - ok
09:10:34.0654 4032  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:10:34.0654 4032  rspndr - ok
09:10:34.0701 4032  [ 4A06585C8673F4458E9FBBC9DDDB4D28 ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys
09:10:34.0701 4032  RTL8187B - ok
09:10:34.0717 4032  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
09:10:34.0717 4032  SamSs - ok
09:10:34.0732 4032  SASDIFSV - ok
09:10:34.0748 4032  SASKUTIL - ok
09:10:34.0763 4032  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:10:34.0779 4032  sbp2port - ok
09:10:34.0795 4032  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:10:34.0795 4032  SCardSvr - ok
09:10:34.0810 4032  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:10:34.0810 4032  scfilter - ok
09:10:34.0857 4032  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
09:10:34.0888 4032  Schedule - ok
09:10:34.0904 4032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:10:34.0904 4032  SCPolicySvc - ok
09:10:34.0935 4032  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:10:34.0935 4032  SDRSVC - ok
09:10:34.0951 4032  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:10:34.0951 4032  secdrv - ok
09:10:34.0951 4032  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
09:10:34.0966 4032  seclogon - ok
09:10:35.0013 4032  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
09:10:35.0029 4032  Secunia PSI Agent - ok
09:10:35.0060 4032  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
09:10:35.0060 4032  SENS - ok
09:10:35.0060 4032  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:10:35.0060 4032  SensrSvc - ok
09:10:35.0075 4032  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:10:35.0091 4032  Serenum - ok
09:10:35.0107 4032  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:10:35.0107 4032  Serial - ok
09:10:35.0138 4032  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:10:35.0138 4032  sermouse - ok
09:10:35.0153 4032  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:10:35.0169 4032  SessionEnv - ok
09:10:35.0169 4032  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:10:35.0185 4032  sffdisk - ok
09:10:35.0185 4032  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:10:35.0185 4032  sffp_mmc - ok
09:10:35.0200 4032  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:10:35.0200 4032  sffp_sd - ok
09:10:35.0200 4032  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:10:35.0216 4032  sfloppy - ok
09:10:35.0247 4032  [ 2046AA7491DE7EFA4D70E615D9BC9D09 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
09:10:35.0263 4032  Sftfs - ok
09:10:35.0341 4032  [ 77C5A741A7452812F278EF2C18478862 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:10:35.0356 4032  sftlist - ok
09:10:35.0403 4032  [ 0E0446BC4D51BE4263ACB7E33491191C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:10:35.0403 4032  Sftplay - ok
09:10:35.0419 4032  [ C5FB982CD266E604ED3142102C26D62C ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:10:35.0419 4032  Sftredir - ok
09:10:35.0450 4032  [ CF53DCCE55E500F51089774E851E7363 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
09:10:35.0450 4032  SftService - ok
09:10:35.0497 4032  [ 2575511AF67AA1FA068CCC4918E2C2A3 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
09:10:35.0497 4032  Sftvol - ok
09:10:35.0528 4032  [ 39B1D0A636A400304565D4521FAD6D77 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:10:35.0543 4032  sftvsa - ok
09:10:35.0559 4032  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:10:35.0575 4032  SharedAccess - ok
09:10:35.0590 4032  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:10:35.0590 4032  ShellHWDetection - ok
09:10:35.0621 4032  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:10:35.0621 4032  SiSRaid2 - ok
09:10:35.0621 4032  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:10:35.0621 4032  SiSRaid4 - ok
09:10:35.0653 4032  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:10:35.0653 4032  Smb - ok
09:10:35.0668 4032  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:10:35.0668 4032  SNMPTRAP - ok
09:10:35.0684 4032  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:10:35.0684 4032  spldr - ok
09:10:35.0715 4032  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
09:10:35.0715 4032  Spooler - ok
09:10:35.0793 4032  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
09:10:35.0887 4032  sppsvc - ok
09:10:35.0902 4032  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:10:35.0902 4032  sppuinotify - ok
09:10:35.0933 4032  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellComms C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
09:10:35.0933 4032  sprtsvc_DellComms - ok
09:10:35.0965 4032  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
09:10:35.0965 4032  sprtsvc_DellSupportCenter - ok
09:10:36.0043 4032  [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
09:10:36.0043 4032  SQLAgent$SQLEXPRESS - ok
09:10:36.0089 4032  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:10:36.0105 4032  SQLBrowser - ok
09:10:36.0152 4032  [ 3F1292E8ABF33070BF5A3838D85DF121 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:10:36.0152 4032  SQLWriter - ok
09:10:36.0183 4032  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:10:36.0183 4032  srv - ok
09:10:36.0214 4032  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:10:36.0230 4032  srv2 - ok
09:10:36.0245 4032  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:10:36.0245 4032  srvnet - ok
09:10:36.0261 4032  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:10:36.0277 4032  SSDPSRV - ok
09:10:36.0292 4032  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:10:36.0292 4032  SstpSvc - ok
09:10:36.0339 4032  [ DB0768632C680B7C0D3AA92D80416893 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:10:36.0339 4032  Steam Client Service - ok
09:10:36.0370 4032  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:10:36.0370 4032  stexstor - ok
09:10:36.0417 4032  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\drivers\serscan.sys
09:10:36.0417 4032  StillCam - ok
09:10:36.0448 4032  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
09:10:36.0448 4032  stisvc - ok
09:10:36.0464 4032  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:10:36.0464 4032  swenum - ok
09:10:36.0479 4032  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
09:10:36.0495 4032  swprv - ok
09:10:36.0542 4032  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
09:10:36.0604 4032  SysMain - ok
09:10:36.0620 4032  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:10:36.0620 4032  TabletInputService - ok
09:10:36.0651 4032  [ 8502BFC9C990567E4049358EC063D621 ] tap0801         C:\Windows\system32\DRIVERS\tap0801.sys
09:10:36.0651 4032  tap0801 - ok
09:10:36.0682 4032  [ D0B07EED9DDEC5C69521C689B7BF455F ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
09:10:36.0682 4032  tap0901 - ok
09:10:36.0698 4032  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:10:36.0698 4032  TapiSrv - ok
09:10:36.0729 4032  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
09:10:36.0729 4032  tapoas - ok
09:10:36.0745 4032  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
09:10:36.0760 4032  TBS - ok
09:10:36.0823 4032  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:10:36.0854 4032  Tcpip - ok
09:10:36.0901 4032  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:10:36.0916 4032  TCPIP6 - ok
09:10:36.0963 4032  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:10:36.0963 4032  tcpipreg - ok
09:10:37.0119 4032  Tcpz-x64 - ok
09:10:37.0197 4032  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:10:37.0197 4032  TDPIPE - ok
09:10:37.0228 4032  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:10:37.0228 4032  TDTCP - ok
09:10:37.0259 4032  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:10:37.0259 4032  tdx - ok
09:10:37.0275 4032  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:10:37.0291 4032  TermDD - ok
09:10:37.0306 4032  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
09:10:37.0322 4032  TermService - ok
09:10:37.0337 4032  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
09:10:37.0337 4032  Themes - ok
09:10:37.0353 4032  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
09:10:37.0353 4032  THREADORDER - ok
09:10:37.0369 4032  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
09:10:37.0369 4032  TrkWks - ok
09:10:37.0400 4032  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:10:37.0415 4032  TrustedInstaller - ok
09:10:37.0447 4032  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:10:37.0447 4032  tssecsrv - ok
09:10:37.0493 4032  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:10:37.0509 4032  TsUsbFlt - ok
09:10:37.0540 4032  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:10:37.0540 4032  tunnel - ok
09:10:37.0556 4032  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:10:37.0571 4032  uagp35 - ok
09:10:37.0587 4032  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:10:37.0587 4032  udfs - ok
09:10:37.0603 4032  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:10:37.0603 4032  UI0Detect - ok
09:10:37.0649 4032  [ 34859D3801F4BD3DACFA131DD928455A ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
09:10:37.0681 4032  UimBus - ok
09:10:37.0712 4032  [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
09:10:37.0727 4032  Uim_IM - ok
09:10:37.0743 4032  [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
09:10:37.0759 4032  Uim_VIM - ok
09:10:37.0759 4032  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:10:37.0759 4032  uliagpkx - ok
09:10:37.0790 4032  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:10:37.0790 4032  umbus - ok
09:10:37.0821 4032  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:10:37.0821 4032  UmPass - ok
09:10:37.0852 4032  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
09:10:37.0852 4032  upnphost - ok
09:10:37.0899 4032  [ ACCEA6BC68D0C9A78EB97EE159028B4E ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:10:37.0899 4032  usbccgp - ok
09:10:37.0915 4032  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:10:37.0915 4032  usbcir - ok
09:10:37.0930 4032  [ 311C1DD1088E55BEAE15954D17F50646 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:10:37.0946 4032  usbehci - ok
09:10:37.0961 4032  [ 280E90CBF4B2DDD169F0728CB44D726F ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:10:37.0961 4032  usbhub - ok
09:10:37.0977 4032  [ 9406D801042FAF859CF81B2C886413DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:10:37.0977 4032  usbohci - ok
09:10:38.0008 4032  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:10:38.0008 4032  usbprint - ok
09:10:38.0039 4032  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
09:10:38.0039 4032  usbscan - ok
09:10:38.0055 4032  [ B57B4F0BEC4270A281B9F8537EB2FA04 ] usbser64        C:\Windows\system32\DRIVERS\usbser.sys
09:10:38.0055 4032  usbser64 - ok
09:10:38.0071 4032  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:10:38.0071 4032  USBSTOR - ok
09:10:38.0086 4032  [ A83D0EC9AE4C31704442099D40BA2471 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:10:38.0102 4032  usbuhci - ok
09:10:38.0117 4032  [ 92B3172E8C14C1444682F510843A9988 ] USB_RNDIS       C:\Windows\system32\DRIVERS\usb8023.sys
09:10:38.0117 4032  USB_RNDIS - ok
09:10:38.0133 4032  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
09:10:38.0133 4032  UxSms - ok
09:10:38.0180 4032  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
09:10:38.0180 4032  VaultSvc - ok
09:10:38.0195 4032  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:10:38.0195 4032  vdrvroot - ok
09:10:38.0227 4032  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
09:10:38.0227 4032  vds - ok
09:10:38.0242 4032  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:10:38.0242 4032  vga - ok
09:10:38.0258 4032  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:10:38.0258 4032  VgaSave - ok
09:10:38.0273 4032  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:10:38.0273 4032  vhdmp - ok
09:10:38.0305 4032  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:10:38.0305 4032  viaide - ok
09:10:38.0320 4032  VMnetAdapter - ok
09:10:38.0336 4032  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:10:38.0336 4032  volmgr - ok
09:10:38.0351 4032  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:10:38.0351 4032  volmgrx - ok
09:10:38.0367 4032  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:10:38.0367 4032  volsnap - ok
09:10:38.0398 4032  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:10:38.0398 4032  vsmraid - ok
09:10:38.0445 4032  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
09:10:38.0476 4032  VSS - ok
09:10:38.0476 4032  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:10:38.0492 4032  vwifibus - ok
09:10:38.0492 4032  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:10:38.0507 4032  vwififlt - ok
09:10:38.0539 4032  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:10:38.0539 4032  vwifimp - ok
09:10:38.0570 4032  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
09:10:38.0570 4032  W32Time - ok
09:10:38.0585 4032  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:10:38.0585 4032  WacomPen - ok
09:10:38.0617 4032  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:10:38.0617 4032  WANARP - ok
09:10:38.0632 4032  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:10:38.0632 4032  Wanarpv6 - ok
09:10:38.0695 4032  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:10:38.0710 4032  WatAdminSvc - ok
09:10:38.0757 4032  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
09:10:38.0788 4032  wbengine - ok
09:10:38.0804 4032  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:10:38.0804 4032  WbioSrvc - ok
09:10:38.0819 4032  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:10:38.0819 4032  wcncsvc - ok
09:10:38.0835 4032  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:10:38.0835 4032  WcsPlugInService - ok
09:10:38.0851 4032  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:10:38.0851 4032  Wd - ok
09:10:38.0897 4032  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:10:38.0897 4032  Wdf01000 - ok
09:10:38.0913 4032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:10:38.0929 4032  WdiServiceHost - ok
09:10:38.0929 4032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:10:38.0929 4032  WdiSystemHost - ok
09:10:38.0975 4032  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
09:10:38.0975 4032  WebClient - ok
09:10:38.0991 4032  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:10:39.0007 4032  Wecsvc - ok
09:10:39.0007 4032  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:10:39.0007 4032  wercplsupport - ok
09:10:39.0038 4032  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:10:39.0038 4032  WerSvc - ok
09:10:39.0053 4032  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:10:39.0053 4032  WfpLwf - ok
09:10:39.0085 4032  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
09:10:39.0085 4032  WimFltr - ok
09:10:39.0100 4032  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:10:39.0100 4032  WIMMount - ok
09:10:39.0131 4032  WinDefend - ok
09:10:39.0147 4032  WinHttpAutoProxySvc - ok
09:10:39.0194 4032  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:10:39.0225 4032  Winmgmt - ok
09:10:39.0303 4032  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
09:10:39.0365 4032  WinRM - ok
09:10:39.0397 4032  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
09:10:39.0397 4032  WinUSB - ok
09:10:39.0428 4032  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:10:39.0443 4032  Wlansvc - ok
09:10:39.0459 4032  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:10:39.0459 4032  WmiAcpi - ok
09:10:39.0490 4032  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:10:39.0490 4032  wmiApSrv - ok
09:10:39.0506 4032  WMPNetworkSvc - ok
09:10:39.0553 4032  [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm      c:\Program Files\Zune\WMZuneComm.exe
09:10:39.0568 4032  WMZuneComm - ok
09:10:39.0568 4032  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:10:39.0584 4032  WPCSvc - ok
09:10:39.0599 4032  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:10:39.0615 4032  WPDBusEnum - ok
09:10:39.0631 4032  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:10:39.0631 4032  ws2ifsl - ok
09:10:39.0646 4032  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
09:10:39.0662 4032  wscsvc - ok
09:10:39.0662 4032  WSearch - ok
09:10:39.0724 4032  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:10:39.0771 4032  wuauserv - ok
09:10:39.0787 4032  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:10:39.0787 4032  WudfPf - ok
09:10:39.0802 4032  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:10:39.0802 4032  WUDFRd - ok
09:10:39.0818 4032  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:10:39.0818 4032  wudfsvc - ok
09:10:39.0849 4032  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:10:39.0849 4032  WwanSvc - ok
09:10:39.0865 4032  xtoxpl - ok
09:10:40.0021 4032  [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc  c:\Program Files\Zune\ZuneNss.exe
09:10:40.0161 4032  ZuneNetworkSvc - ok
09:10:40.0192 4032  [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc  c:\Program Files\Zune\ZuneWlanCfgSvc.exe
09:10:40.0192 4032  ZuneWlanCfgSvc - ok
09:10:40.0192 4032  zvijcv - ok
09:10:40.0239 4032  ================ Scan global ===============================
09:10:40.0239 4032  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:10:40.0286 4032  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
09:10:40.0286 4032  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
09:10:40.0317 4032  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:10:40.0317 4032  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:10:40.0333 4032  [Global] - ok
09:10:40.0333 4032  ================ Scan MBR ==================================
09:10:40.0348 4032  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
09:10:40.0598 4032  \Device\Harddisk0\DR0 - ok
09:10:40.0598 4032  [ A8D738AC6D35DB206216445F2525CE80 ] \Device\Harddisk1\DR1
09:10:49.0006 4032  \Device\Harddisk1\DR1 - ok
09:10:49.0006 4032  ================ Scan VBR ==================================
09:10:49.0022 4032  [ 0AA15298A647F4AC78F6486970AC2FF0 ] \Device\Harddisk0\DR0\Partition1
09:10:49.0022 4032  \Device\Harddisk0\DR0\Partition1 - ok
09:10:49.0022 4032  [ ED7C32481903B58C058CCE0913D7577D ] \Device\Harddisk0\DR0\Partition2
09:10:49.0022 4032  \Device\Harddisk0\DR0\Partition2 - ok
09:10:49.0022 4032  ============================================================
09:10:49.0022 4032  Scan finished
09:10:49.0022 4032  ============================================================
09:10:49.0037 6132  Detected object count: 0
09:10:49.0037 6132  Actual detected object count: 0
09:11:37.0148 6272  Deinitialize success
 

ComboFix log:

 

ComboFix 13-12-21.01 - g1g2 12/23/2013   9:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.3863 [GMT -6:00]
Running from: c:\users\g1g2\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
c:\users\g1g2\AppData\Local\assembly\tmp
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_ctypes.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_elementtree.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_hashlib.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_multiprocessing.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_psutil_mswindows.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_socket.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_sqlite3.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_ssl.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\_yappi.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\BoxSyncWindowsUI.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\clr.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\IconLogic.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\pyexpat.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\Python.Runtime.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\python27.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\pythoncom27.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\pywintypes27.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\select.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\sqlite3.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\SyncContextMenuService.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\SyncIconOverlayService.dll
c:\users\g1g2\AppData\Local\Temp\_MEI37402\ujson.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\unicodedata.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\win32api.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\win32clipboard.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\win32com.shell.shell.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\win32cred.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\win32event.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\win32file.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\win32process.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI37402\win32security.pyd
c:\users\g1g2\AppData\Roaming\.#
c:\users\g1g2\AppData\Roaming\.#\MBX@109C@3F2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@109C@3F2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@109C@3F2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@11FC@1EC2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@11FC@1EC2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@11FC@1EC2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1200@2562920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1200@2562950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1200@2562980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1270@22C2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1270@22C2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1270@22C2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@139C@26A2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@139C@26A2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@139C@26A2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@13E4@2592920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@13E4@2592950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@13E4@2592980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@143C@2432920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@143C@2432950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@143C@2432980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1470@2552920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1470@2552950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1470@2552980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1518@332920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1518@332950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1518@332980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@162C@3C2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@162C@3C2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@162C@3C2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1654@24B2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1654@24B2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1654@24B2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@16A4@632920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@16A4@632950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@16A4@632980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@16F8@25F2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@16F8@25F2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@16F8@25F2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@17FC@2522920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@17FC@2522950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@17FC@2522980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@18EC@2542920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@18EC@2542950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@18EC@2542980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1A78@2442920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1A78@2442950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1A78@2442980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1F54@3F2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1F54@3F2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1F54@3F2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1FB8@2492920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1FB8@2492950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@1FB8@2492980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@22E4@2562920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@22E4@2562950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@22E4@2562980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@3AC@332920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@3AC@332950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@3AC@332980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@3C0@2652920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@3C0@2652950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@3C0@2652980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@4E4@1EA2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@4E4@1EA2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@4E4@1EA2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@5C8@2532920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@5C8@2532950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@5C8@2532980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@624@2572920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@624@2572950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@624@2572980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@ACC@2532920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@ACC@2532950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@ACC@2532980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@B294@2602920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@B294@2602950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@B294@2602980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@C80@662920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@C80@662950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@C80@662980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@D14@372920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@D14@372950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@D14@372980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@DDC@2502920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@DDC@2502950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@DDC@2502980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@DE4@2592920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@DE4@2592950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@DE4@2592980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@E14@25A2920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@E14@25A2950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@E14@25A2980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@E64@672920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@E64@672950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@E64@672980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@F38@392920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@F38@392950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@F38@392980.###
c:\users\g1g2\AppData\Roaming\.#\MBX@FAC@2402920.###
c:\users\g1g2\AppData\Roaming\.#\MBX@FAC@2402950.###
c:\users\g1g2\AppData\Roaming\.#\MBX@FAC@2402980.###
c:\users\g1g2\AppData\Roaming\ubot
c:\users\g1g2\downloads\mmb
c:\users\g1g2\downloads\mmb\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\files\page0_1.gif
c:\users\g1g2\downloads\mmb\files\page0_2.gif
c:\users\g1g2\downloads\mmb\files\page0_3.gif
c:\users\g1g2\downloads\mmb\files\page0_sidebar_1.gif
c:\users\g1g2\downloads\mmb\index.html
c:\users\g1g2\downloads\mmb\page1\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page1\files\page1_1.gif
c:\users\g1g2\downloads\mmb\page1\files\page1_2.gif
c:\users\g1g2\downloads\mmb\page1\files\page1_3.gif
c:\users\g1g2\downloads\mmb\page1\files\page1_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page1\page1.html
c:\users\g1g2\downloads\mmb\page10\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page10\files\page10_1.gif
c:\users\g1g2\downloads\mmb\page10\files\page10_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page10\page10.html
c:\users\g1g2\downloads\mmb\page11\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page11\files\page11_1.gif
c:\users\g1g2\downloads\mmb\page11\files\page11_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page11\page11.html
c:\users\g1g2\downloads\mmb\page12\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page12\files\page12_1.jpg
c:\users\g1g2\downloads\mmb\page12\files\page12_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page12\page12.html
c:\users\g1g2\downloads\mmb\page13\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page13\files\page13_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page13\page13.html
c:\users\g1g2\downloads\mmb\page2\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page2\files\page2_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page2\page2.html
c:\users\g1g2\downloads\mmb\page3\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page3\files\page3_1.gif
c:\users\g1g2\downloads\mmb\page3\files\page3_2.gif
c:\users\g1g2\downloads\mmb\page3\files\page3_3.gif
c:\users\g1g2\downloads\mmb\page3\files\page3_4.gif
c:\users\g1g2\downloads\mmb\page3\files\page3_5.gif
c:\users\g1g2\downloads\mmb\page3\files\page3_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page3\page3.html
c:\users\g1g2\downloads\mmb\page4\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page4\files\page4_1.gif
c:\users\g1g2\downloads\mmb\page4\files\page4_2.gif
c:\users\g1g2\downloads\mmb\page4\files\page4_3.gif
c:\users\g1g2\downloads\mmb\page4\files\page4_4.gif
c:\users\g1g2\downloads\mmb\page4\files\page4_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page4\page4.html
c:\users\g1g2\downloads\mmb\page6\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page6\files\page6_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page6\page6.html
c:\users\g1g2\downloads\mmb\page7\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page7\files\page7_1.gif
c:\users\g1g2\downloads\mmb\page7\files\page7_2.gif
c:\users\g1g2\downloads\mmb\page7\files\page7_3.gif
c:\users\g1g2\downloads\mmb\page7\files\page7_4.gif
c:\users\g1g2\downloads\mmb\page7\files\page7_5.gif
c:\users\g1g2\downloads\mmb\page7\files\page7_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page7\page7.html
c:\users\g1g2\downloads\mmb\page9\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\page9\files\page9_1.gif
c:\users\g1g2\downloads\mmb\page9\files\page9_2.gif
c:\users\g1g2\downloads\mmb\page9\files\page9_sidebar_1.gif
c:\users\g1g2\downloads\mmb\page9\page9.html
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\.rwmanifest.plist
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\alignment\align_center.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\alignment\align_left.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\banners\banner_beach.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\banners\banner_computer.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\banners\banner_default.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\banners\banner_pacific.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\banners\banner_sunset.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\sidebar\sidebar_hide.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\sidebar\sidebar_left.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\sidebar\sidebar_right.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\styles\blue.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\css\styles\pacific.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\handheld.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\beach_header.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\body_bg.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\body_top_bg.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\computer_header.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\header_bg.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\OLDcomputer_header.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\pacific\header_bg.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\pacific\pacific_header.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\sidebar_bg.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\images\sunset_header.png
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\javascript.js
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\print.css
c:\users\g1g2\downloads\mmb\rw_common\themes\flancrest\styles.css
c:\users\g1g2\downloads\mmb\rw_common\version.txt
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-23 to 2013-12-23  )))))))))))))))))))))))))))))))
.
.
2013-12-23 15:26 . 2013-12-23 15:26    --------    d-----w-    c:\users\GeoAdmin\AppData\Local\temp
2013-12-23 15:26 . 2013-12-23 15:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-22 19:09 . 2013-12-22 19:09    --------    d-----w-    C:\FRST
2013-12-16 15:02 . 2013-12-16 15:02    --------    d-----w-    c:\program files (x86)\GnuWin32
2013-12-15 04:20 . 2013-12-15 04:23    --------    d-----w-    C:\AdwCleaner
2013-12-13 22:54 . 2013-12-14 23:21    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-13 22:53 . 2013-12-14 21:34    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-12 14:52 . 2013-12-19 22:45    --------    d-----w-    c:\users\g1g2\Box Sync
2013-12-12 14:51 . 2013-12-23 15:18    --------    d-----w-    c:\users\g1g2\AppData\Local\Box Sync
2013-12-12 14:50 . 2013-12-12 14:50    --------    d-----w-    c:\program files\Box
2013-12-11 03:29 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-11 03:29 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-11 03:29 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 03:29 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 03:29 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-11 03:24 . 2013-12-11 03:24    --------    d-----w-    c:\windows\Migration
2013-12-11 03:22 . 2013-10-15 00:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-12-11 03:12 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-12-11 03:12 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 03:12 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 03:12 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-12-11 03:12 . 2013-10-30 01:24    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 03:12 . 2013-10-04 02:16    116736    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 03:12 . 2013-10-04 01:36    230400    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 03:12 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 03:12 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-12-11 03:12 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 03:12 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-12-11 03:11 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 03:11 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 03:11 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2013-12-11 03:11 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 03:11 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 03:11 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2013-12-11 03:11 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2013-12-11 03:11 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2013-12-03 20:26 . 2013-12-03 20:27    --------    d-----w-    c:\users\g1g2\AppData\Local\Amazon Cloud Player
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 03:13 . 2010-10-17 02:23    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-10 22:18 . 2012-04-27 02:33    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:18 . 2011-12-06 19:05    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-12 19:04 . 2011-02-23 18:48    2379552    ----a-w-    c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-10-16 15:14 . 2013-10-16 15:14    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-16 14:53 . 2012-09-03 23:23    29280    ----a-w-    c:\windows\system32\drivers\klmouflt.sys
2013-10-16 14:53 . 2012-11-02 20:48    90208    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-10-16 14:53 . 2012-11-02 20:48    626272    ----a-w-    c:\windows\system32\drivers\klif.sys
2013-10-16 14:53 . 2012-09-03 22:57    29280    ----a-w-    c:\windows\system32\drivers\klkbdflt.sys
2013-10-16 14:53 . 2011-03-10 23:36    28504    ----a-w-    c:\windows\system32\drivers\klim6.sys
2013-10-16 14:53 . 2012-06-19 22:28    7717984    ----a-w-    c:\windows\system32\drivers\kl1.sys
2013-10-12 02:30 . 2013-11-12 18:48    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-12 18:48    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-12 18:48    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-12 18:48    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-12 18:48    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-12 18:49    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-12 18:49    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-12 18:50    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-12 18:50    197120    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-12 18:50    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-12 18:50    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-12 18:50    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-12 18:50    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-12 18:48    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-12 18:48    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-12 18:50    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-12 18:49    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-12 18:49    154560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-12 18:49    28672    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-12 18:49    135680    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-12 18:49    28160    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-12 18:49    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-12 18:49    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-12 18:49    1447936    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-12 18:49    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-12 18:49    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-12 18:49    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-12 18:49    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-12 18:49    30720    ----a-w-    c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 23:20    459784    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Amazon Cloud Player"="c:\users\g1g2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-11-24 3139072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-10-16 356128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-05-21 18240]
.
c:\users\GeoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 xtoxpl;xtoxpl; [x]
R0 zvijcv;zvijcv; [x]
R1 SASDIFSV;SASDIFSV;e:\sas\SASDIFSV64.SYS;e:\sas\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;e:\sas\SASKUTIL64.SYS;e:\sas\SASKUTIL64.SYS [x]
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
R2 !SASCORE;SAS Core Service;e:\sas\SASCORE64.EXE;e:\sas\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v3.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 Tcpz-x64;Tcpz-x64;c:\users\g1g2\AppData\Local\Temp\Tcpz-x64.sys;c:\users\g1g2\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbser64;Neato Robotics USB Driver;c:\windows\system32\DRIVERS\usbser.sys;c:\windows\SYSNATIVE\DRIVERS\usbser.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R4 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
R4 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 73198421
*Deregistered* - 73198421
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 22:18]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 04:48]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 04:48]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004970647-1686105892-3839212022-1001Core.job
- c:\users\g1g2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 23:13]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004970647-1686105892-3839212022-1001UA.job
- c:\users\g1g2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 23:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 23:22    492040    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2013-12-09 11466136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 221.130.23.154:80
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Kaspersky PURE - c:\progra~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll/616
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}: NameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\7594E484454505: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\
FF - prefs.js: browser.startup.homepage - hxxp://popurls.com/|http://www.toodledo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KeePass Password Safe 2 - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
Wow6432Node-HKLM-Run-KeePass 2 PreLoad - c:\program files (x86)\KeePass Password Safe 2\KeePass.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
AddRemove-Draw 4 App - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-23  09:52:33
ComboFix-quarantined-files.txt  2013-12-23 15:52
.
Pre-Run: 330,602,881,024 bytes free
Post-Run: 330,270,568,448 bytes free
.
- - End Of File - - 3492419369FB58BE785E353FF060A0D9
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 26 December 2013 - 10:12 PM

Please do this next:

icon11.gif  Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above DDS::

DDS::
uInternet Settings,ProxyServer = 221.130.23.154:80
Driver::
xtoxpl
zvijcv
ClearJavaCache::
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 LindsayRivers

LindsayRivers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 27 December 2013 - 03:36 PM

Combofix log:

 

ComboFix 13-12-21.01 - g1g2 12/27/2013   8:44.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.3992 [GMT -6:00]
Running from: c:\users\g1g2\Desktop\ComboFix.exe
Command switches used :: c:\users\g1g2\Desktop\CFScript.txt
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_ctypes.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_elementtree.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_hashlib.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_multiprocessing.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_psutil_mswindows.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_socket.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_sqlite3.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_ssl.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\_yappi.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\BoxSyncWindowsUI.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\clr.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\IconLogic.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\pyexpat.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\Python.Runtime.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\python27.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\pythoncom27.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\pywintypes27.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\select.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\SQLite.Interop.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\sqlite3.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\SyncContextMenuService.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\SyncIconOverlayService.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\System.Data.SQLite.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\SystemInterface.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\SystemWrapper.dll
c:\users\g1g2\AppData\Local\Temp\_MEI70362\ujson.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\unicodedata.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\win32api.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\win32clipboard.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\win32com.shell.shell.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\win32cred.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\win32event.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\win32file.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\win32process.pyd
c:\users\g1g2\AppData\Local\Temp\_MEI70362\win32security.pyd
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XTOXPL
-------\Legacy_ZVIJCV
-------\Service_xtoxpl
-------\Service_zvijcv
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-27 to 2013-12-27  )))))))))))))))))))))))))))))))
.
.
2013-12-27 14:57 . 2013-12-27 14:57    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-12-27 14:57 . 2013-12-27 14:57    --------    d-----w-    c:\users\TEMP.g1g2dell2\AppData\Local\temp
2013-12-27 14:57 . 2013-12-27 14:57    --------    d-----w-    c:\users\GeoAdmin\AppData\Local\temp
2013-12-22 19:09 . 2013-12-22 19:09    --------    d-----w-    C:\FRST
2013-12-16 15:02 . 2013-12-16 15:02    --------    d-----w-    c:\program files (x86)\GnuWin32
2013-12-15 04:20 . 2013-12-15 04:23    --------    d-----w-    C:\AdwCleaner
2013-12-13 22:54 . 2013-12-14 23:21    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-13 22:53 . 2013-12-14 21:34    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-12 14:52 . 2013-12-19 22:45    --------    d-----w-    c:\users\g1g2\Box Sync
2013-12-12 14:51 . 2013-12-27 14:46    --------    d-----w-    c:\users\g1g2\AppData\Local\Box Sync
2013-12-12 14:50 . 2013-12-12 14:50    --------    d-----w-    c:\program files\Box
2013-12-11 03:29 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-11 03:29 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-11 03:29 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 03:29 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 03:29 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-11 03:24 . 2013-12-11 03:24    --------    d-----w-    c:\windows\Migration
2013-12-11 03:22 . 2013-10-15 00:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-12-11 03:12 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-12-11 03:12 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-11 03:12 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 03:12 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-12-11 03:12 . 2013-10-30 01:24    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-12-11 03:12 . 2013-10-04 02:16    116736    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 03:12 . 2013-10-04 01:36    230400    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 03:12 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-11 03:12 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-12-11 03:12 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-11 03:12 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-12-11 03:11 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-11 03:11 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-11 03:11 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2013-12-11 03:11 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2013-12-11 03:11 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2013-12-11 03:11 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2013-12-11 03:11 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2013-12-11 03:11 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2013-12-03 20:26 . 2013-12-03 20:27    --------    d-----w-    c:\users\g1g2\AppData\Local\Amazon Cloud Player
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 03:13 . 2010-10-17 02:23    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-10 22:18 . 2012-04-27 02:33    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:18 . 2011-12-06 19:05    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-12 19:04 . 2011-02-23 18:48    2379552    ----a-w-    c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-10-16 15:14 . 2013-10-16 15:14    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-16 14:53 . 2012-09-03 23:23    29280    ----a-w-    c:\windows\system32\drivers\klmouflt.sys
2013-10-16 14:53 . 2012-11-02 20:48    90208    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-10-16 14:53 . 2012-11-02 20:48    626272    ----a-w-    c:\windows\system32\drivers\klif.sys
2013-10-16 14:53 . 2012-09-03 22:57    29280    ----a-w-    c:\windows\system32\drivers\klkbdflt.sys
2013-10-16 14:53 . 2011-03-10 23:36    28504    ----a-w-    c:\windows\system32\drivers\klim6.sys
2013-10-16 14:53 . 2012-06-19 22:28    7717984    ----a-w-    c:\windows\system32\drivers\kl1.sys
2013-10-12 02:30 . 2013-11-12 18:48    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-12 18:48    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-12 18:48    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-12 18:48    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-12 18:48    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-12 18:49    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-12 18:49    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-12 18:50    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-12 18:50    197120    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-12 18:50    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-12 18:50    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-12 18:50    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-12 18:50    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-12 18:48    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-12 18:48    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 23:20    459784    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Amazon Cloud Player"="c:\users\g1g2\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-11-24 3139072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-10-16 356128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\GeoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;e:\sas\SASDIFSV64.SYS;e:\sas\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;e:\sas\SASKUTIL64.SYS;e:\sas\SASKUTIL64.SYS [x]
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
R2 !SASCORE;SAS Core Service;e:\sas\SASCORE64.EXE;e:\sas\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v3.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 Tcpz-x64;Tcpz-x64;c:\users\g1g2\AppData\Local\Temp\Tcpz-x64.sys;c:\users\g1g2\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbser64;Neato Robotics USB Driver;c:\windows\system32\DRIVERS\usbser.sys;c:\windows\SYSNATIVE\DRIVERS\usbser.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R4 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
R4 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 22:18]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 04:48]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-26 04:48]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004970647-1686105892-3839212022-1001Core.job
- c:\users\g1g2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 23:13]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2004970647-1686105892-3839212022-1001UA.job
- c:\users\g1g2\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-22 23:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 23:22    492040    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2013-12-23 14697024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Kaspersky PURE - c:\progra~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll/616
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}: NameServer = 192.168.1.1
TCP: Interfaces\{C2E09DA1-69BB-4443-91CC-226D6CFF29E2}\7594E484454505: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\
FF - prefs.js: browser.startup.homepage - hxxp://popurls.com/|http://www.toodledo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2013-12-27  09:32:07 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-27 15:32
ComboFix2.txt  2013-12-23 15:52
.
Pre-Run: 326,372,405,248 bytes free
Post-Run: 326,133,870,592 bytes free
.
- - End Of File - - 4EBC61F577986A78E8242868B00B3B57
CDB4DE4BBD714F152979DA2DCBEF57EB
 

MBAM log:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
g1g2 :: G1G2DELL2 [administrator]

Protection: Enabled

12/27/2013 9:36:25 AM
mbam-log-2013-12-27 (09-36-25).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1096137
Time elapsed: 3 hour(s), 58 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 27 December 2013 - 05:19 PM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please include the following in your next post:
  • adwCleaner log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 LindsayRivers

LindsayRivers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 27 December 2013 - 05:42 PM

# AdwCleaner v3.016 - Report created 27/12/2013 at 16:39:50
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : g1g2 - G1G2DELL2
# Running from : C:\Users\g1g2\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\g1g2\AppData\Roaming\Mozilla\Firefox\Profiles\zac5j0cc.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\g1g2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2401 octets] - [14/12/2013 22:20:33]
AdwCleaner[R1].txt - [802 octets] - [27/12/2013 16:39:50]
AdwCleaner[S0].txt - [2410 octets] - [14/12/2013 22:23:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [921 octets] ##########
 



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 27 December 2013 - 06:08 PM

How is your computer running now?  Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 LindsayRivers

LindsayRivers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 30 December 2013 - 04:07 PM

To be honest, I wasn't using the computer much once I started seeing all these infections. So I used it for awhile this weekend and it seems to run okay. Though I thought it was running okay before I first detected things with MalwareBytes.

 

Here is the eset log. I don't know what some of these files are.

 

C:\Program Files (x86)\Bookmarkwiz\bookmarkwiz.exe    a variant of Win32/Packed.PrivateexeProtector.F application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application
C:\Users\g1g2\AppData\Roaming\Bookmarkwiz\Bookmarkwiz\updates\Update 1.37\bookmarkwizinstall.msi    a variant of Win32/Packed.PrivateexeProtector.F application
C:\Users\g1g2\AppData\Roaming\Bookmarkwiz\Bookmarkwiz\updates\Update 1.38\bookmarkwizinstall.msi    a variant of Win32/Packed.PrivateexeProtector.F application
C:\Users\g1g2\AppData\Roaming\Bookmarkwiz\Bookmarkwiz\updates\Update 1.39.1\bookmarkwizinstall.msi    a variant of Win32/Packed.PrivateexeProtector.F application
C:\Users\g1g2\AppData\Roaming\Bookmarkwiz\Bookmarkwiz\updates\Update 1.40\bookmarkwizinstall.msi    a variant of Win32/Packed.PrivateexeProtector.F application
C:\Users\g1g2\Documents\BH\themes\391WpThemes.rar    PHP/Obfuscated.F application
C:\Users\g1g2\Downloads\ccsetup406.exe    Win32/Bundled.Toolbar.Google.D application
C:\Users\g1g2\Downloads\ccsetup408(1).exe    Win32/Bundled.Toolbar.Google.D application
C:\Users\g1g2\Downloads\ccsetup408.exe    Win32/Bundled.Toolbar.Google.D application
C:\Users\g1g2\Downloads\dfsetup216.exe    Win32/Bundled.Toolbar.Google.D application
C:\Users\g1g2\Downloads\FreeStudio.exe    Win32/OpenCandy application
C:\Users\g1g2\Downloads\hwmonitor_1.21-setup.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\g1g2\Downloads\SetupImgBurn_2.5.6.0.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\g1g2\Downloads\TubeBox_Setup_Eng.exe    a variant of MSIL/DownloadGuide.A application
C:\Users\g1g2\Downloads\Adobe Photoshop Lightroom v5.2 RC x64 FINAL Multilingual Incl Keymaker-CORE\keygen.exe    a variant of Win32/Keygen.DO application
C:\Users\g1g2\Downloads\Format Factory\FFSetup260.zip    a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\Installer\16dc04.msi    a variant of Win32/Packed.PrivateexeProtector.F application
 



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 PM

Posted 30 December 2013 - 10:59 PM

Most of those detections are freeware applications that ESET flags because they come packaged with toolbars or contain advertisements.  You have a keygen for Adobe Photoshop onboard though.  These types of files, besides being a form of theft, are very dangerous and most likely the reason you were infected in the first place.  This will remove that file from your system:

icon11.gif   Open an elevated command window:

  • Click Start and type cmd in Start Search.
  • When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.
  • Copy the contents of the following code box then right click in the command window, select paste and press "Enter"

cmd /c del /a/f/q "C:\Users\g1g2\Downloads\Adobe Photoshop Lightroom v5.2 RC x64 FINAL Multilingual Incl Keymaker-CORE\keygen.exe"
Once you've completed that, all I have left for you is some housekeeping:

icon11.gif  Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Delete the following tools along with any other logs you saved from our work:
  • DDS
  • FRST

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

icon11.gif  Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Edited by RPMcMurphy, 30 December 2013 - 11:01 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 LindsayRivers

LindsayRivers
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 31 December 2013 - 09:22 AM

Thank you very much for your help. I've finished the steps above.

 

I would like to ask you one last question: during the cleanup process, the file keepass.exe was deleted by one of the tools. This file is the executable of a freeware app (KeePass) that I use to store my usernames and passwords for websites. If it was infected, do you think there is some risk that my passwords have been compromised? Or, put another way, would I be well served to change my passwords now that my system is clean?

 

Thank you again so much, I really appreciate all your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users