Jump to content

Twotone

Honorary Members
  • Posts

    64
  • Joined

  • Last visited

Everything posted by Twotone

  1. Here is the log FSS creates. I didn't see any of the problems that they explained on that site so here is the log it created. I didn't change anything because of this. Also I appreciate your help on this matter greatly. Farbar Service Scanner Version: 08-01-2014Ran by petros (administrator) on 29-01-2014 at 15:31:11Running from "C:\Users\petros\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal**************************************************************** Internet Services:============ Connection Status:==============Localhost is accessible.There is no connection to network.Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errorsAttempt to access Yahoo.com returned error: Other errors Other Services:============== File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys[2010-11-20 21:24] - [2010-11-20 21:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C C:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys[2010-11-20 21:24] - [2010-11-20 21:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D C:\Windows\System32\dnsrslvr.dll[2010-11-20 21:24] - [2010-11-20 21:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6 C:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  2. Still not working correctly. Do you think I would have to use Farbar like in this link? http://www.selectrealsecurity.com/fix-internet-connection
  3. I did this and also checked the delete drivers in the process. All three reinstalled and it still has yellow explanation points in the device manager
  4. MBAR didn't make any reports because nothing was found. Probably because I couldn't update it. RKreport[2].txt was not made but here is the first report. RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : petros [Admin rights]Mode : Remove -- Date : 01/27/2014 14:48:27| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2552GSX +++++--- User ---[MBR] e906d7a472ab00fd879d3024d7eef17c[bSP] 116924f3641b96462b65a38ec52c3119 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228465 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 470970368 | Size: 8509 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) TOSHIBA MK2552GSX +++++--- User ---[MBR] a7658225670e42ce3b8b110f8fdbfd0d[bSP] de1dea95f42a6933d209650c8afedf8d : MBR Code unknownPartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_D_01272014_144827.txt >>RKreport[0]_S_01272014_142454.txt;RKreport[0]_S_01272014_144617.txt
  5. Still have no Internet after doing the following suggestion.
  6. I did the HiJack option but I cannot do the Eset Online Scanner because due to my problem I cannot get online.
  7. Oh I forgot to mention. Webcake wasn't anywhere to be found in Programs and Features or in the Revo Uninstaller.
  8. I skipped the Malwarebytes scan due to the fact that I can't update it fully. The previous scan was ran using the mbam-rules file you can get online. If you have the most up to date rules file from today I would love to know where to get it. Here is the Hijack this logs. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:27:46 PM, on 1/24/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v8.00 (8.00.7601.17514)Boot mode: Normal Running processes:C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Users\petros\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Toolbar - Big Fish Games - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll (file missing)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (file missing)O3 - Toolbar: Toolbar - Big Fish Games - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll (file missing)O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - Startup: OneNote Table Of Contents.onetoc2O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO15 - Trusted Zone: *.clonewarsadventures.comO15 - Trusted Zone: *.freerealms.comO15 - Trusted Zone: *.soe.comO15 - Trusted Zone: *.sony.comO16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} (SyncXfer Class) - http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cabO16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CABO16 - DPF: {81F30245-2419-4B8F-85AC-DE13CD0659D7} (RtspVaPgDLinkCtrlNew Class) - http://seafarer.mine.nu:8888/RtspVaPgDec.cabO16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cabO16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Windows Activation Technologies Service (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing) --End of file - 8594 bytes
  9. It doesn't seem like there is anything else wrong with the computer. Programs are opening as they should. Here is the most recent log from Combofix. ComboFix 14-01-23.02 - petros 01/24/2014 9:26.3.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2970 [GMT -6:00]Running from: c:\users\petros\Desktop\ComboFix.exeCommand switches used :: c:\users\petros\Desktop\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-12-24 to 2014-01-24 )))))))))))))))))))))))))))))))..2014-01-24 15:37 . 2014-01-24 15:37 -------- d-----w- c:\users\Public\AppData\Local\temp2014-01-24 15:37 . 2014-01-24 15:37 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-23 21:25 . 2014-01-23 21:25 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE1A13E2-EAC0-4716-A202-18A5D45D5479}\offreg.dll2014-01-22 21:41 . 2014-01-22 21:09 -------- d-----w- c:\windows\Panther2014-01-22 21:19 . 2014-01-22 20:54 -------- d-----w- C:\$WINDOWS.~Q2014-01-22 21:01 . 2014-01-22 21:12 -------- d-----w- C:\$INPLACE.~TR2014-01-22 20:45 . 2014-01-22 20:45 -------- d-----w- c:\users\Default\Roaming2014-01-22 20:45 . 2014-01-22 20:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software2014-01-22 20:45 . 2014-01-22 20:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help2014-01-22 19:47 . 2014-01-22 21:09 -------- d-----w- c:\users\petros2014-01-22 19:46 . 2014-01-22 19:51 -------- d-----w- c:\program files\CONEXANT2014-01-22 19:46 . 2014-01-22 19:46 -------- d-----w- c:\program files\Apoint2K2014-01-22 19:44 . 2014-01-23 15:07 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll2014-01-22 19:43 . 2014-01-23 15:06 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe2014-01-22 19:43 . 2014-01-23 15:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe2014-01-22 16:11 . 2014-01-22 16:11 -------- d-----w- C:\Patch2014-01-17 15:06 . 2014-01-17 15:06 90624 ----a-w- c:\windows\system32\drivers\bowser.sys.bak2014-01-16 23:05 . 2014-01-22 20:03 -------- d-----w- c:\programdata\Trend Micro2014-01-16 15:54 . 2014-01-22 19:57 -------- d-----w- c:\program files (x86)\Marvell2014-01-15 22:05 . 2014-01-22 20:04 -------- d-----w- c:\windows\Microsoft Antimalware2014-01-09 21:08 . 2014-01-22 20:03 -------- d-----w- c:\programdata\UVK2014-01-09 21:06 . 2014-01-22 19:52 -------- d-----w- c:\program files\UVK - Ultra Virus Killer2014-01-08 23:22 . 2014-01-10 19:02 -------- d-----w- c:\windows\ERUNT...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-16 15:58 . 2013-02-21 16:28 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{364ea597-e728-4ce4-bb4a-ed846ef47970}"= "c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-04-04 19:17 220632 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-04-04 19:17 220632 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-04-04 19:17 220632 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.c:\users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 [2009-4-3 3656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys;c:\windows\SYSNATIVE\drivers\kr10i64.sys [x]R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys;c:\windows\SYSNATIVE\drivers\kr10n64.sys [x]R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [x]R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2014-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 16:25].2014-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 19:40].2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 19:40].2014-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180488093-3999808326-1409176481-1000Core.job- c:\users\petros\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 19:40].2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180488093-3999808326-1409176481-1000UA.job- c:\users\petros\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 19:40]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-04-04 19:17 244696 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-04-04 19:17 244696 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-04-04 19:17 244696 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 237056].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-24 09:44:05ComboFix-quarantined-files.txt 2014-01-24 15:44ComboFix2.txt 2014-01-23 18:25ComboFix3.txt 2014-01-09 15:31ComboFix4.txt 2014-01-08 23:21ComboFix5.txt 2014-01-24 15:25.Pre-Run: 82,522,689,536 bytes freePost-Run: 83,086,266,368 bytes free.- - End Of File - - 172236BCEC617E9654E18F85D161E348A36C5E4F47E84449FF07ED3517B43A31
  10. ComboFix 14-01-23.02 - petros 01/23/2014 12:14:48.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2938 [GMT -6:00] Running from: c:\users\petros\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\petros\AppData\Roaming\SearchProtect c:\users\petros\AppData\Roaming\SearchProtect\bin\rep.dat c:\windows\ydi.log C:\Windows6.1-KB975778-x64.msu . . ((((((((((((((((((((((((( Files Created from 2013-12-23 to 2014-01-23 ))))))))))))))))))))))))))))))) . . 2014-01-23 18:23 . 2014-01-23 18:23 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-01-23 18:23 . 2014-01-23 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-23 16:29 . 2014-01-23 16:29 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE1A13E2-EAC0-4716-A202-18A5D45D5479}\offreg.dll 2014-01-22 21:41 . 2014-01-22 21:09 -------- d-----w- c:\windows\Panther 2014-01-22 21:19 . 2014-01-22 20:54 -------- d-----w- C:\$WINDOWS.~Q 2014-01-22 21:01 . 2014-01-22 21:12 -------- d-----w- C:\$INPLACE.~TR 2014-01-22 20:45 . 2014-01-22 20:45 -------- d-----w- c:\users\Default\Roaming 2014-01-22 20:45 . 2014-01-22 20:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2014-01-22 20:45 . 2014-01-22 20:45 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2014-01-22 19:47 . 2014-01-22 21:09 -------- d-----w- c:\users\petros 2014-01-22 19:46 . 2014-01-22 19:51 -------- d-----w- c:\program files\CONEXANT 2014-01-22 19:46 . 2014-01-22 19:46 -------- d-----w- c:\program files\Apoint2K 2014-01-22 19:44 . 2014-01-23 15:07 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll 2014-01-22 19:43 . 2014-01-23 15:06 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe 2014-01-22 19:43 . 2014-01-23 15:06 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2014-01-22 16:11 . 2014-01-22 16:11 -------- d-----w- C:\Patch 2014-01-17 15:06 . 2014-01-17 15:06 90624 ----a-w- c:\windows\system32\drivers\bowser.sys.bak 2014-01-16 23:05 . 2014-01-22 20:03 -------- d-----w- c:\programdata\Trend Micro 2014-01-16 15:54 . 2014-01-22 19:57 -------- d-----w- c:\program files (x86)\Marvell 2014-01-15 22:05 . 2014-01-22 20:04 -------- d-----w- c:\windows\Microsoft Antimalware 2014-01-09 21:08 . 2014-01-22 20:03 -------- d-----w- c:\programdata\UVK 2014-01-09 21:06 . 2014-01-22 19:52 -------- d-----w- c:\program files\UVK - Ultra Virus Killer 2014-01-08 23:22 . 2014-01-10 19:02 -------- d-----w- c:\windows\ERUNT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-16 15:58 . 2013-02-21 16:28 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{364ea597-e728-4ce4-bb4a-ed846ef47970}"= "c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-04-04 19:17 220632 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-04-04 19:17 220632 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-04-04 19:17 220632 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . c:\users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote Table Of Contents.onetoc2 [2009-4-3 3656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R0 rpcnetp;rpcnetp;rpcnetp [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x] R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys;c:\windows\SYSNATIVE\drivers\kr10i64.sys [x] R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys;c:\windows\SYSNATIVE\drivers\kr10n64.sys [x] R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - FASTFAT *Deregistered* - NisDrv . Contents of the 'Scheduled Tasks' folder . 2014-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 16:25] . 2014-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 19:40] . 2014-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 19:40] . 2014-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180488093-3999808326-1409176481-1000Core.job - c:\users\petros\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 19:40] . 2014-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180488093-3999808326-1409176481-1000UA.job - c:\users\petros\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 19:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-04-04 19:17 244696 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-04-04 19:17 244696 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-04-04 19:17 244696 ----a-w- c:\users\petros\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\petros\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 237056] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-01-23 12:25:48 ComboFix-quarantined-files.txt 2014-01-23 18:25 ComboFix2.txt 2014-01-09 15:31 ComboFix3.txt 2014-01-08 23:21 ComboFix4.txt 2013-01-31 18:57 . Pre-Run: 80,915,816,448 bytes free Post-Run: 80,668,483,584 bytes free . - - End Of File - - 9AFB2512EDD38D06CA26CCD936B768EB A36C5E4F47E84449FF07ED3517B43A31
  11. Hi. Apologies for the late response but apparently I'm not getting Malwarebytes emails since we switched mail server. I'm going to edit my account to use another email address so I know when you reply. Also I ran AdwCleaner and JRT during the malware removal process. I usually run them for any computer I work on. Here are the logs from those scans. I should have said something about that earlier. I do apologize. If you want me to re run them let me know and I will do it asap as I will be behind the computer all day today. Thanks for your help. AdwCleanerS1.txt JRT.txt
  12. All of the network drivers have the yellow explanation point. Here are the dds logs and the latest Mbam scan log is attached. I couldn't fully update because of lack of Internet so I grabbed the latest mbam-rules and scanned. I couldn't copy and paste attach.txt so I zipped it up for you. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 10.11.2Run by petros at 11:21:53 on 2014-01-16Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2706 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\CISVC.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============. dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Toolbar - Big Fish Games: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - TB: Toolbar - Big Fish Games: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dllStartupFolder: C:\Users\petros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2uPolicies-Explorer: NoDriveTypeAutoRun = dword:255uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.com TCP: NameServer = 24.159.64.23 24.217.201.67 24.177.176.38Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllx64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-12 55280]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2009-7-13 64160]R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-4 57856]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-3-4 5430272]S3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-4-8 51928]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-22 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-5-20 393728]S4 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-8-13 248320]S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-8-13 237568]S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-8-25 89600]S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-13 54136]S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-3-22 93072]S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104].=============== File Associations ===============.FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde [userChoice] [default=edit - 'Open' doesn't exist].=============== Created Last 30 ================.2014-01-16 17:09:32 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{958B3A83-822E-A913-77C3-5D23DC396BAB}\GapaEngine.dll2014-01-16 16:07:57 -------- d-----w- C:\Windows\pss2014-01-16 15:54:57 -------- d-----w- C:\Program Files (x86)\Marvell2014-01-15 22:05:01 -------- d-----w- C:\Windows\Microsoft Antimalware2014-01-10 18:33:34 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6D51196-A596-4092-8621-5792B8B1337E}\mpengine.dll2014-01-09 21:12:34 -------- d-----w- C:\Windows\Panther2014-01-09 21:08:39 -------- d-----w- C:\ProgramData\UVK2014-01-09 21:06:08 -------- d-----w- C:\Program Files\UVK - Ultra Virus Killer2014-01-08 23:22:09 -------- d-----w- C:\Windows\ERUNT.==================== Find3M ====================.2014-01-16 17:06:42 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.dll2014-01-16 17:06:10 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.exe2014-01-16 17:06:10 17408 ----a-w- C:\Windows\System32\rpcnetp.exe2014-01-16 15:58:40 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll2013-08-01 16:35:32 51992 ----a-w- C:\Program Files (x86)\WADesktop.Updater.exe.============= FINISH: 11:22:36.14 =============== Attach.zip mbam-log-2014-01-16 (11-21-42).zip
  13. Hey David I would love to help out and I have not done anything with the computer as of yet. The malware and anything else that caused it should still be on the computer. Would you know the easiest way to find it? I Have teamviewer on my computer if you want to log into it. I am logged into the infected computer from here. Malwarebytes did pick some Trojans up but I just looked at the log. I did not clean them off yet.
  14. Thank you MrC. It seems like they're talking about a different variant though. I'll read through the posts and try some things.
  15. My client got a new ransomware called Cryptolocker today. It has encrypted most of his files on his mapped network drive. I don't want to run anything that would prevent me from getting these back. What would you guys suggest I do first? Thanks in advance
  16. I haven't had any issues since. Thank you for your time and troubles.
  17. I just have Adobe Flash Player 11 ActiveX 64-bit
  18. Updates worked. I've noticed that instead of Flash player in add/remove programs it now says ax. I'm sure this doesn't matter but I figured I would let you know. Results of screen317's Security Check version 0.99.30 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Reader X (10.1.1) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log````````````
  19. LoL I didn't even realize my wife is still using IE8. Nice! This all started when I let my friend play on this computer and he started browsing myyearbook.
  20. Results of screen317's Security Check version 0.99.30 Windows 7 x64 (UAC is disabled!) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.0.45.2 Flash Player out of Date! Adobe Reader X (10.1.1) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log````````````
  21. Seems to be running fine aftera ll of this ComboFix 11-12-27.01 - Jeremy 12/27/2011 11:25:33.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2486 [GMT -6:00] Running from: c:\users\Jeremy\Desktop\ComboFix.exe Command switches used :: c:\users\Jeremy\Desktop\CFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\assembly\temp\kwrd.dll" . . ((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 ))))))))))))))))))))))))))))))) . . 2011-12-27 17:31 . 2011-12-27 17:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90031A2E-3164-4C2E-966C-313EEEE5F6FB}\offreg.dll 2011-12-27 17:30 . 2011-12-27 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-27 17:30 . 2011-12-27 17:30 -------- d-----w- c:\users\Becca\AppData\Local\temp 2011-12-26 17:32 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90031A2E-3164-4C2E-966C-313EEEE5F6FB}\mpengine.dll 2011-12-26 16:33 . 2011-12-23 05:59 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-12-26 16:33 . 2011-12-23 05:59 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3521208-A05B-4F6B-A3B6-D30A56F181CD}\gapaengine.dll 2011-12-23 23:25 . 2011-12-23 23:25 -------- d-----w- c:\program files\ESET 2011-12-23 20:51 . 2011-12-23 20:51 -------- d-----w- c:\program files (x86)\ESET 2011-12-23 07:29 . 2011-12-26 17:53 -------- d-----w- c:\programdata\Hitman Pro 2011-12-23 06:13 . 2011-12-26 17:53 -------- d-----w- c:\program files (x86)\UVK 2011-12-23 05:56 . 2011-12-26 18:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-12-23 05:56 . 2011-12-26 18:23 -------- d-----w- c:\program files\Microsoft Security Client 2011-12-23 03:59 . 2011-12-23 03:59 -------- d-----w- c:\users\Jeremy\AppData\Local\SWTOR 2011-12-23 03:53 . 2011-12-23 03:53 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-12-23 03:45 . 2011-12-23 03:53 -------- d-----w- C:\TDSSKiller_Quarantine 2011-12-21 07:28 . 2008-05-30 20:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll 2011-12-21 07:28 . 2008-05-30 20:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll 2011-12-21 05:57 . 2011-12-21 07:27 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2011-12-21 05:57 . 2011-12-21 05:57 -------- d-----w- c:\program files (x86)\Electronic Arts 2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Malwarebytes 2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\programdata\Malwarebytes 2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-21 01:58 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-21 01:54 . 2011-12-21 01:54 -------- d-----w- c:\users\Jeremy\AppData\Roaming\SUPERAntiSpyware.com 2011-12-17 04:16 . 2011-12-19 04:47 -------- d-----w- c:\users\Becca\riotsGamesLogs 2011-12-15 03:18 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-15 03:18 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-21 02:28 . 2011-06-23 17:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-15 01:36 . 2010-04-08 21:23 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-12-06 18:43 . 2010-08-04 03:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-10-30 03:16 . 2011-10-30 03:07 210966246 ----a-w- C:\Bejeweled 3.exe 2011-09-29 16:29 . 2011-11-10 03:16 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-12-26_17.01.33 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-22 07:17 . 2011-12-27 14:32 58556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-12-27 14:32 47564 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-02-22 21:42 . 2011-12-27 14:32 13384 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3427159276-2218206227-2849008751-1000_UserData.bin + 2009-10-16 20:55 . 2011-12-27 14:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-16 20:55 . 2011-12-26 16:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-10-16 20:55 . 2011-12-27 14:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-10-16 20:55 . 2011-12-26 16:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-12-26 16:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-12-27 14:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-23 10:45 . 2011-12-27 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-23 10:45 . 2011-12-26 16:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-23 10:45 . 2011-12-27 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-02-23 10:45 . 2011-12-26 16:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-28 17:06 . 2011-12-26 20:52 7898 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2011-12-26 17:00 . 2011-12-26 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-27 17:31 . 2011-12-27 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-12-26 17:00 . 2011-12-26 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-12-27 17:31 . 2011-12-27 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-12-26 16:59 440560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-12-27 17:30 440560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864] "VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-08-05 3574784] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-26 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480] "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-22 708608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 796192] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-08-05 3453440] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1000Core.job - c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 03:02] . 2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1000UA.job - c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 03:02] . 2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1001Core.job - c:\users\Becca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 23:56] . 2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1001UA.job - c:\users\Becca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 23:56] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [bU] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 496160] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Supplementary Scan ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5739g&r=27360210x116l0323z1j6t4824u248 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2011-12-27 11:41:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-27 17:41 ComboFix2.txt 2011-12-26 17:13 . Pre-Run: 135,462,871,040 bytes free Post-Run: 135,388,839,936 bytes free . - - End Of File - - CF05CC9E00688AE8FF53BA7E75E43313
  22. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=951e91f6f14fbc4fb6a726d3f24a3c96 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-27 04:23:46 # local_time=2011-12-27 10:23:46 (-0600, Central Standard Time) # country="United States" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 94 13732216 76543233 0 0 # compatibility_mode=8192 67108863 100 0 234233 234233 0 0 # scanned=189621 # found=1 # cleaned=5 # scan_time=3243 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[1].php HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 911122702 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 12/27/2011 10:22:29 AM mbam-log-2011-12-27 (10-22-29).txt Scan type: Full scan (C:\|) Objects scanned: 377999 Time elapsed: 47 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  23. MSE is no longer annoying me about having Alureon. Picked up a Coinminer. C:\Windows\assembly\temp\kwrd.dll
  24. TDSSKiller, Combofix and MBRCheck: 10:46:38.0713 4260 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 10:46:39.0321 4260 ============================================================ 10:46:39.0321 4260 Current date / time: 2011/12/26 10:46:39.0321 10:46:39.0321 4260 SystemInfo: 10:46:39.0321 4260 10:46:39.0321 4260 OS Version: 6.1.7601 ServicePack: 1.0 10:46:39.0321 4260 Product type: Workstation 10:46:39.0321 4260 ComputerName: ACER-PC 10:46:39.0321 4260 UserName: Jeremy 10:46:39.0321 4260 Windows directory: C:\Windows 10:46:39.0321 4260 System windows directory: C:\Windows 10:46:39.0321 4260 Running under WOW64 10:46:39.0321 4260 Processor architecture: Intel x64 10:46:39.0321 4260 Number of processors: 2 10:46:39.0321 4260 Page size: 0x1000 10:46:39.0321 4260 Boot type: Normal boot 10:46:39.0321 4260 ============================================================ 10:46:39.0774 4260 Initialize success 10:46:42.0192 4816 ============================================================ 10:46:42.0192 4816 Scan started 10:46:42.0192 4816 Mode: Manual; 10:46:42.0192 4816 ============================================================ 10:46:48.0463 4816 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 10:46:48.0463 4816 1394ohci - ok 10:46:48.0588 4816 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:46:48.0588 4816 ACPI - ok 10:46:48.0760 4816 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:46:48.0760 4816 AcpiPmi - ok 10:46:48.0978 4816 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 10:46:48.0994 4816 adp94xx - ok 10:46:49.0118 4816 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 10:46:49.0134 4816 adpahci - ok 10:46:49.0306 4816 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 10:46:49.0306 4816 adpu320 - ok 10:46:49.0586 4816 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 10:46:49.0586 4816 AFD - ok 10:46:49.0758 4816 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys 10:46:49.0774 4816 AgereSoftModem - ok 10:46:49.0898 4816 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:46:49.0898 4816 agp440 - ok 10:46:50.0101 4816 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:46:50.0101 4816 aliide - ok 10:46:50.0132 4816 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:46:50.0132 4816 amdide - ok 10:46:50.0320 4816 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 10:46:50.0320 4816 AmdK8 - ok 10:46:50.0460 4816 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 10:46:50.0460 4816 AmdPPM - ok 10:46:50.0600 4816 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 10:46:50.0600 4816 amdsata - ok 10:46:50.0725 4816 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 10:46:50.0725 4816 amdsbs - ok 10:46:50.0897 4816 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 10:46:50.0897 4816 amdxata - ok 10:46:51.0068 4816 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:46:51.0068 4816 AppID - ok 10:46:51.0193 4816 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 10:46:51.0209 4816 arc - ok 10:46:51.0380 4816 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 10:46:51.0380 4816 arcsas - ok 10:46:51.0505 4816 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:46:51.0505 4816 AsyncMac - ok 10:46:51.0692 4816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:46:51.0692 4816 atapi - ok 10:46:51.0989 4816 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys 10:46:52.0036 4816 atikmdag - ok 10:46:52.0332 4816 AVerFx2hbtv64 (56340775ceb97a9cf2caed7a9458c2b8) C:\Windows\system32\drivers\AVerFx2hbtv64.sys 10:46:52.0332 4816 AVerFx2hbtv64 - ok 10:46:52.0488 4816 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 10:46:52.0488 4816 b06bdrv - ok 10:46:52.0644 4816 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:46:52.0644 4816 b57nd60a - ok 10:46:52.0862 4816 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:46:52.0862 4816 Beep - ok 10:46:52.0987 4816 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 10:46:52.0987 4816 blbdrive - ok 10:46:53.0112 4816 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:46:53.0112 4816 bowser - ok 10:46:53.0252 4816 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:46:53.0252 4816 BrFiltLo - ok 10:46:53.0377 4816 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:46:53.0377 4816 BrFiltUp - ok 10:46:53.0502 4816 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:46:53.0502 4816 Brserid - ok 10:46:53.0658 4816 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:46:53.0658 4816 BrSerWdm - ok 10:46:53.0767 4816 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:46:53.0767 4816 BrUsbMdm - ok 10:46:53.0892 4816 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:46:53.0892 4816 BrUsbSer - ok 10:46:54.0095 4816 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 10:46:54.0095 4816 BTHMODEM - ok 10:46:54.0282 4816 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:46:54.0282 4816 cdfs - ok 10:46:54.0438 4816 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 10:46:54.0454 4816 cdrom - ok 10:46:54.0656 4816 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 10:46:54.0656 4816 circlass - ok 10:46:54.0828 4816 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:46:54.0828 4816 CLFS - ok 10:46:55.0015 4816 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 10:46:55.0015 4816 CmBatt - ok 10:46:55.0202 4816 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:46:55.0202 4816 cmdide - ok 10:46:55.0374 4816 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 10:46:55.0390 4816 CNG - ok 10:46:55.0514 4816 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 10:46:55.0514 4816 Compbatt - ok 10:46:55.0904 4816 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 10:46:55.0904 4816 CompositeBus - ok 10:46:56.0045 4816 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 10:46:56.0045 4816 crcdisk - ok 10:46:56.0248 4816 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:46:56.0248 4816 DfsC - ok 10:46:56.0419 4816 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:46:56.0435 4816 discache - ok 10:46:56.0544 4816 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 10:46:56.0560 4816 Disk - ok 10:46:56.0591 4816 DKbFltr - ok 10:46:56.0731 4816 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:46:56.0731 4816 drmkaud - ok 10:46:56.0903 4816 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:46:56.0934 4816 DXGKrnl - ok 10:46:57.0152 4816 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 10:46:57.0262 4816 ebdrv - ok 10:46:57.0480 4816 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 10:46:57.0496 4816 elxstor - ok 10:46:57.0808 4816 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:46:57.0808 4816 ErrDev - ok 10:46:58.0026 4816 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:46:58.0026 4816 exfat - ok 10:46:58.0135 4816 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:46:58.0135 4816 fastfat - ok 10:46:58.0276 4816 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 10:46:58.0291 4816 fdc - ok 10:46:58.0416 4816 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:46:58.0432 4816 FileInfo - ok 10:46:58.0572 4816 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:46:58.0572 4816 Filetrace - ok 10:46:58.0666 4816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 10:46:58.0666 4816 flpydisk - ok 10:46:58.0790 4816 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:46:58.0806 4816 FltMgr - ok 10:46:58.0993 4816 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:46:58.0993 4816 FsDepends - ok 10:46:59.0102 4816 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 10:46:59.0118 4816 fssfltr - ok 10:46:59.0212 4816 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 10:46:59.0212 4816 Fs_Rec - ok 10:46:59.0570 4816 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:46:59.0570 4816 fvevol - ok 10:46:59.0664 4816 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 10:46:59.0664 4816 gagp30kx - ok 10:46:59.0836 4816 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:46:59.0836 4816 hcw85cir - ok 10:46:59.0992 4816 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 10:46:59.0992 4816 HdAudAddService - ok 10:47:00.0163 4816 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 10:47:00.0163 4816 HDAudBus - ok 10:47:00.0257 4816 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 10:47:00.0257 4816 HidBatt - ok 10:47:00.0350 4816 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 10:47:00.0350 4816 HidBth - ok 10:47:00.0506 4816 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 10:47:00.0506 4816 HidIr - ok 10:47:00.0725 4816 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 10:47:00.0725 4816 HidUsb - ok 10:47:00.0912 4816 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:47:00.0912 4816 HpSAMD - ok 10:47:01.0052 4816 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:47:01.0084 4816 HTTP - ok 10:47:01.0240 4816 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:47:01.0240 4816 hwpolicy - ok 10:47:01.0442 4816 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 10:47:01.0442 4816 i8042prt - ok 10:47:01.0630 4816 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 10:47:01.0645 4816 iaStor - ok 10:47:02.0066 4816 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:47:02.0066 4816 iaStorV - ok 10:47:02.0176 4816 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 10:47:02.0191 4816 iirsp - ok 10:47:02.0347 4816 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys 10:47:02.0347 4816 int15.sys - ok 10:47:02.0597 4816 IntcAzAudAddService (430aab6c09af99d5beb311795349e9dd) C:\Windows\system32\drivers\RTKVHD64.sys 10:47:02.0659 4816 IntcAzAudAddService - ok 10:47:02.0800 4816 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:47:02.0800 4816 intelide - ok 10:47:02.0909 4816 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:47:02.0924 4816 intelppm - ok 10:47:03.0065 4816 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:47:03.0065 4816 IpFilterDriver - ok 10:47:03.0158 4816 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:47:03.0158 4816 IPMIDRV - ok 10:47:03.0361 4816 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:47:03.0361 4816 IPNAT - ok 10:47:03.0470 4816 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:47:03.0470 4816 IRENUM - ok 10:47:03.0642 4816 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:47:03.0642 4816 isapnp - ok 10:47:03.0845 4816 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:47:03.0845 4816 iScsiPrt - ok 10:47:04.0063 4816 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 10:47:04.0063 4816 kbdclass - ok 10:47:04.0188 4816 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 10:47:04.0188 4816 kbdhid - ok 10:47:04.0297 4816 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 10:47:04.0297 4816 KSecDD - ok 10:47:04.0453 4816 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 10:47:04.0469 4816 KSecPkg - ok 10:47:04.0625 4816 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:47:04.0625 4816 ksthunk - ok 10:47:04.0765 4816 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys 10:47:04.0765 4816 L1C - ok 10:47:05.0046 4816 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:47:05.0046 4816 lltdio - ok 10:47:05.0389 4816 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 10:47:05.0389 4816 LSI_FC - ok 10:47:05.0498 4816 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 10:47:05.0498 4816 LSI_SAS - ok 10:47:05.0654 4816 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:47:05.0670 4816 LSI_SAS2 - ok 10:47:05.0826 4816 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:47:05.0826 4816 LSI_SCSI - ok 10:47:05.0951 4816 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:47:05.0951 4816 luafv - ok 10:47:06.0076 4816 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 10:47:06.0076 4816 megasas - ok 10:47:06.0247 4816 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 10:47:06.0263 4816 MegaSR - ok 10:47:06.0388 4816 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:47:06.0388 4816 Modem - ok 10:47:06.0575 4816 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:47:06.0575 4816 monitor - ok 10:47:06.0762 4816 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 10:47:06.0762 4816 mouclass - ok 10:47:06.0949 4816 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 10:47:06.0949 4816 mouhid - ok 10:47:07.0090 4816 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:47:07.0090 4816 mountmgr - ok 10:47:07.0339 4816 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 10:47:07.0339 4816 MpFilter - ok 10:47:07.0448 4816 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:47:07.0448 4816 mpio - ok 10:47:07.0558 4816 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 10:47:07.0558 4816 MpNWMon - ok 10:47:07.0651 4816 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:47:07.0667 4816 mpsdrv - ok 10:47:07.0792 4816 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:47:07.0792 4816 MRxDAV - ok 10:47:07.0916 4816 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:47:07.0916 4816 mrxsmb - ok 10:47:08.0088 4816 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:47:08.0088 4816 mrxsmb10 - ok 10:47:08.0213 4816 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:47:08.0213 4816 mrxsmb20 - ok 10:47:08.0322 4816 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:47:08.0322 4816 msahci - ok 10:47:08.0447 4816 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:47:08.0447 4816 msdsm - ok 10:47:08.0540 4816 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:47:08.0556 4816 Msfs - ok 10:47:08.0634 4816 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:47:08.0634 4816 mshidkmdf - ok 10:47:08.0728 4816 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:47:08.0728 4816 msisadrv - ok 10:47:08.0868 4816 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:47:08.0868 4816 MSKSSRV - ok 10:47:09.0102 4816 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:47:09.0102 4816 MSPCLOCK - ok 10:47:09.0289 4816 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:47:09.0289 4816 MSPQM - ok 10:47:09.0508 4816 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:47:09.0508 4816 MsRPC - ok 10:47:09.0742 4816 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 10:47:09.0742 4816 mssmbios - ok 10:47:09.0882 4816 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:47:09.0882 4816 MSTEE - ok 10:47:10.0007 4816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 10:47:10.0007 4816 MTConfig - ok 10:47:10.0319 4816 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:47:10.0319 4816 Mup - ok 10:47:10.0459 4816 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:47:10.0475 4816 NativeWifiP - ok 10:47:10.0646 4816 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 10:47:10.0678 4816 NDIS - ok 10:47:10.0818 4816 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:47:10.0818 4816 NdisCap - ok 10:47:10.0943 4816 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:47:10.0943 4816 NdisTapi - ok 10:47:11.0114 4816 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:47:11.0114 4816 Ndisuio - ok 10:47:11.0520 4816 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:47:11.0520 4816 NdisWan - ok 10:47:11.0660 4816 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:47:11.0660 4816 NDProxy - ok 10:47:11.0770 4816 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:47:11.0770 4816 NetBIOS - ok 10:47:11.0910 4816 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:47:11.0910 4816 NetBT - ok 10:47:12.0238 4816 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys 10:47:12.0409 4816 NETw5s64 - ok 10:47:12.0737 4816 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys 10:47:12.0877 4816 netw5v64 - ok 10:47:13.0080 4816 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 10:47:13.0080 4816 nfrd960 - ok 10:47:13.0330 4816 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 10:47:13.0330 4816 NisDrv - ok 10:47:13.0454 4816 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:47:13.0454 4816 Npfs - ok 10:47:13.0595 4816 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:47:13.0595 4816 nsiproxy - ok 10:47:13.0735 4816 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:47:13.0813 4816 Ntfs - ok 10:47:14.0000 4816 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 10:47:14.0000 4816 NTIDrvr - ok 10:47:14.0125 4816 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:47:14.0125 4816 Null - ok 10:47:14.0328 4816 nuvotoncir (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys 10:47:14.0344 4816 nuvotoncir - ok 10:47:14.0453 4816 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys 10:47:14.0468 4816 NVHDA - ok 10:47:14.0968 4816 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys 10:47:15.0311 4816 nvlddmkm - ok 10:47:15.0482 4816 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:47:15.0482 4816 nvraid - ok 10:47:15.0654 4816 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:47:15.0670 4816 nvstor - ok 10:47:15.0826 4816 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:47:15.0826 4816 nv_agp - ok 10:47:15.0919 4816 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:47:15.0919 4816 ohci1394 - ok 10:47:16.0075 4816 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 10:47:16.0091 4816 Parport - ok 10:47:16.0231 4816 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 10:47:16.0247 4816 partmgr - ok 10:47:16.0387 4816 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:47:16.0387 4816 pci - ok 10:47:16.0481 4816 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:47:16.0481 4816 pciide - ok 10:47:16.0574 4816 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 10:47:16.0574 4816 pcmcia - ok 10:47:16.0808 4816 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys 10:47:16.0808 4816 pcouffin - ok 10:47:16.0949 4816 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:47:16.0949 4816 pcw - ok 10:47:17.0089 4816 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:47:17.0105 4816 PEAUTH - ok 10:47:17.0308 4816 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys 10:47:17.0308 4816 Point64 - ok 10:47:17.0495 4816 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:47:17.0495 4816 PptpMiniport - ok 10:47:17.0822 4816 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 10:47:17.0822 4816 Processor - ok 10:47:17.0963 4816 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:47:17.0963 4816 Psched - ok 10:47:18.0088 4816 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 10:47:18.0150 4816 ql2300 - ok 10:47:18.0259 4816 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 10:47:18.0259 4816 ql40xx - ok 10:47:18.0462 4816 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:47:18.0462 4816 QWAVEdrv - ok 10:47:18.0696 4816 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:47:18.0696 4816 RasAcd - ok 10:47:18.0836 4816 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:47:18.0836 4816 RasAgileVpn - ok 10:47:18.0992 4816 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:47:18.0992 4816 Rasl2tp - ok 10:47:19.0133 4816 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:47:19.0133 4816 RasPppoe - ok 10:47:19.0273 4816 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:47:19.0273 4816 RasSstp - ok 10:47:19.0429 4816 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:47:19.0429 4816 rdbss - ok 10:47:19.0648 4816 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 10:47:19.0648 4816 rdpbus - ok 10:47:19.0819 4816 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:47:19.0819 4816 RDPCDD - ok 10:47:19.0960 4816 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:47:19.0960 4816 RDPENCDD - ok 10:47:20.0053 4816 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:47:20.0069 4816 RDPREFMP - ok 10:47:20.0162 4816 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 10:47:20.0162 4816 RDPWD - ok 10:47:20.0303 4816 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:47:20.0303 4816 rdyboost - ok 10:47:20.0506 4816 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:47:20.0506 4816 rspndr - ok 10:47:20.0630 4816 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys 10:47:20.0646 4816 RSUSBSTOR - ok 10:47:20.0771 4816 RtsUIR - ok 10:47:20.0927 4816 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 10:47:20.0927 4816 SASDIFSV - ok 10:47:21.0067 4816 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 10:47:21.0067 4816 SASKUTIL - ok 10:47:21.0176 4816 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:47:21.0176 4816 sbp2port - ok 10:47:21.0395 4816 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:47:21.0395 4816 scfilter - ok 10:47:21.0520 4816 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:47:21.0520 4816 secdrv - ok 10:47:21.0722 4816 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 10:47:21.0722 4816 Serenum - ok 10:47:21.0878 4816 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 10:47:21.0878 4816 Serial - ok 10:47:22.0034 4816 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 10:47:22.0050 4816 sermouse - ok 10:47:22.0331 4816 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:47:22.0331 4816 sffdisk - ok 10:47:22.0580 4816 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:47:22.0580 4816 sffp_mmc - ok 10:47:22.0690 4816 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:47:22.0690 4816 sffp_sd - ok 10:47:22.0814 4816 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 10:47:22.0814 4816 sfloppy - ok 10:47:22.0955 4816 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:47:22.0955 4816 SiSRaid2 - ok 10:47:23.0064 4816 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 10:47:23.0064 4816 SiSRaid4 - ok 10:47:23.0360 4816 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:47:23.0360 4816 Smb - ok 10:47:23.0657 4816 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:47:23.0657 4816 spldr - ok 10:47:23.0844 4816 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:47:23.0844 4816 srv - ok 10:47:23.0969 4816 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:47:23.0969 4816 srv2 - ok 10:47:24.0203 4816 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:47:24.0203 4816 srvnet - ok 10:47:24.0359 4816 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 10:47:24.0359 4816 stexstor - ok 10:47:24.0499 4816 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 10:47:24.0499 4816 swenum - ok 10:47:24.0640 4816 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys 10:47:24.0655 4816 SynTP - ok 10:47:24.0827 4816 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 10:47:24.0920 4816 Tcpip - ok 10:47:25.0092 4816 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 10:47:25.0108 4816 TCPIP6 - ok 10:47:25.0435 4816 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:47:25.0435 4816 tcpipreg - ok 10:47:25.0591 4816 TcUsb (951f59af0b707415f9e567d17ff2a7c0) C:\Windows\system32\Drivers\tcusb.sys 10:47:25.0591 4816 TcUsb - ok 10:47:25.0700 4816 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:47:25.0700 4816 TDPIPE - ok 10:47:25.0810 4816 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 10:47:25.0810 4816 TDTCP - ok 10:47:25.0934 4816 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:47:25.0934 4816 tdx - ok 10:47:26.0122 4816 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 10:47:26.0122 4816 TermDD - ok 10:47:26.0246 4816 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:47:26.0246 4816 tssecsrv - ok 10:47:26.0402 4816 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:47:26.0402 4816 TsUsbFlt - ok 10:47:26.0527 4816 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:47:26.0527 4816 tunnel - ok 10:47:26.0636 4816 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 10:47:26.0636 4816 uagp35 - ok 10:47:26.0730 4816 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 10:47:26.0730 4816 UBHelper - ok 10:47:26.0824 4816 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:47:26.0839 4816 udfs - ok 10:47:26.0964 4816 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:47:26.0964 4816 uliagpkx - ok 10:47:27.0089 4816 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 10:47:27.0089 4816 umbus - ok 10:47:27.0214 4816 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 10:47:27.0229 4816 UmPass - ok 10:47:27.0510 4816 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys 10:47:27.0510 4816 usbbus - ok 10:47:27.0650 4816 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 10:47:27.0650 4816 usbccgp - ok 10:47:27.0713 4816 USBCCID - ok 10:47:27.0806 4816 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:47:27.0806 4816 usbcir - ok 10:47:27.0947 4816 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys 10:47:27.0947 4816 UsbDiag - ok 10:47:28.0103 4816 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 10:47:28.0103 4816 usbehci - ok 10:47:28.0368 4816 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:47:28.0384 4816 usbhub - ok 10:47:28.0508 4816 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys 10:47:28.0508 4816 USBModem - ok 10:47:28.0820 4816 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 10:47:28.0820 4816 usbohci - ok 10:47:28.0914 4816 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 10:47:28.0914 4816 usbprint - ok 10:47:29.0070 4816 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys 10:47:29.0070 4816 usbser - ok 10:47:29.0179 4816 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:47:29.0179 4816 USBSTOR - ok 10:47:29.0507 4816 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 10:47:29.0507 4816 usbuhci - ok 10:47:29.0710 4816 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 10:47:29.0710 4816 usbvideo - ok 10:47:30.0037 4816 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:47:30.0037 4816 vdrvroot - ok 10:47:30.0193 4816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:47:30.0193 4816 vga - ok 10:47:30.0302 4816 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:47:30.0302 4816 VgaSave - ok 10:47:30.0396 4816 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:47:30.0412 4816 vhdmp - ok 10:47:30.0552 4816 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:47:30.0552 4816 viaide - ok 10:47:30.0661 4816 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:47:30.0661 4816 volmgr - ok 10:47:30.0770 4816 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:47:30.0770 4816 volmgrx - ok 10:47:30.0880 4816 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:47:30.0880 4816 volsnap - ok 10:47:30.0989 4816 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 10:47:30.0989 4816 vsmraid - ok 10:47:31.0345 4816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 10:47:31.0345 4816 vwifibus - ok 10:47:31.0525 4816 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 10:47:31.0525 4816 vwififlt - ok 10:47:31.0747 4816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 10:47:31.0757 4816 WacomPen - ok 10:47:31.0897 4816 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:47:31.0907 4816 WANARP - ok 10:47:32.0087 4816 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:47:32.0097 4816 Wanarpv6 - ok 10:47:32.0257 4816 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 10:47:32.0257 4816 Wd - ok 10:47:32.0370 4816 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:47:32.0385 4816 Wdf01000 - ok 10:47:32.0541 4816 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:47:32.0541 4816 WfpLwf - ok 10:47:32.0713 4816 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:47:32.0728 4816 WIMMount - ok 10:47:32.0900 4816 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 10:47:32.0900 4816 WinUsb - ok 10:47:33.0072 4816 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 10:47:33.0072 4816 WmiAcpi - ok 10:47:33.0243 4816 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:47:33.0243 4816 ws2ifsl - ok 10:47:33.0384 4816 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:47:33.0384 4816 WudfPf - ok 10:47:33.0508 4816 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:47:33.0508 4816 WUDFRd - ok 10:47:33.0602 4816 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 10:47:33.0649 4816 \Device\Harddisk0\DR0 - ok 10:47:33.0664 4816 Boot (0x1200) (067c89102a1c36de46816858afaf0cb4) \Device\Harddisk0\DR0\Partition0 10:47:33.0664 4816 \Device\Harddisk0\DR0\Partition0 - ok 10:47:33.0664 4816 Boot (0x1200) (873fdf16c9d5e04d75593ce5ebad0c7c) \Device\Harddisk0\DR0\Partition1 10:47:33.0664 4816 \Device\Harddisk0\DR0\Partition1 - ok 10:47:33.0664 4816 ============================================================ 10:47:33.0664 4816 Scan finished 10:47:33.0664 4816 ============================================================ 10:47:33.0680 2740 Detected object count: 0 10:47:33.0680 2740 Actual detected object count: 0 10:47:58.0359 4216 Deinitialize success ComboFix 11-12-26.01 - Jeremy 12/26/2011 10:49:51.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2451 [GMT -6:00] Running from: c:\users\Jeremy\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll c:\users\Jeremy\AppData\Roaming\inst.exe c:\windows\system32\consrv.dll c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 ))))))))))))))))))))))))))))))) . . 2011-12-26 17:00 . 2011-12-26 17:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6280B18D-C038-48A8-8CE6-DD8F4C83D18B}\offreg.dll 2011-12-26 16:59 . 2011-12-26 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-26 16:59 . 2011-12-26 16:59 -------- d-----w- c:\users\Becca\AppData\Local\temp 2011-12-26 16:33 . 2011-12-23 05:59 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-12-26 16:33 . 2011-12-23 05:59 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3521208-A05B-4F6B-A3B6-D30A56F181CD}\gapaengine.dll 2011-12-26 16:33 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6280B18D-C038-48A8-8CE6-DD8F4C83D18B}\mpengine.dll 2011-12-23 23:25 . 2011-12-23 23:25 -------- d-----w- c:\program files\ESET 2011-12-23 20:51 . 2011-12-23 20:51 -------- d-----w- c:\program files (x86)\ESET 2011-12-23 07:29 . 2011-12-26 17:53 -------- d-----w- c:\programdata\Hitman Pro 2011-12-23 06:13 . 2011-12-26 17:53 -------- d-----w- c:\program files (x86)\UVK 2011-12-23 05:56 . 2011-12-26 18:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-12-23 05:56 . 2011-12-26 18:23 -------- d-----w- c:\program files\Microsoft Security Client 2011-12-23 03:59 . 2011-12-23 03:59 -------- d-----w- c:\users\Jeremy\AppData\Local\SWTOR 2011-12-23 03:53 . 2011-12-23 03:53 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-12-23 03:45 . 2011-12-23 03:53 -------- d-----w- C:\TDSSKiller_Quarantine 2011-12-21 07:28 . 2008-05-30 20:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll 2011-12-21 07:28 . 2008-05-30 20:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll 2011-12-21 05:57 . 2011-12-21 07:27 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2011-12-21 05:57 . 2011-12-21 05:57 -------- d-----w- c:\program files (x86)\Electronic Arts 2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Malwarebytes 2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\programdata\Malwarebytes 2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-21 01:58 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-21 01:54 . 2011-12-21 01:54 -------- d-----w- c:\users\Jeremy\AppData\Roaming\SUPERAntiSpyware.com 2011-12-17 04:16 . 2011-12-19 04:47 -------- d-----w- c:\users\Becca\riotsGamesLogs 2011-12-15 03:18 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-15 03:18 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-21 02:28 . 2011-06-23 17:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-15 01:36 . 2010-04-08 21:23 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-12-06 18:43 . 2010-08-04 03:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-10-30 03:16 . 2011-10-30 03:07 210966246 ----a-w- C:\Bejeweled 3.exe 2011-09-29 16:29 . 2011-11-10 03:16 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864] "VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-08-05 3574784] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-26 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480] "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-22 708608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 796192] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-08-05 3453440] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1000Core.job - c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 03:02] . 2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1000UA.job - c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 03:02] . 2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1001Core.job - c:\users\Becca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 23:56] . 2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1001UA.job - c:\users\Becca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 23:56] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 496160] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "combofix"="c:\combofix\CF3897.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5739g&r=27360210x116l0323z1j6t4824u248 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-swg - c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe SafeBoot-62488446.sys SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2011-12-26 11:13:49 - machine was rebooted ComboFix-quarantined-files.txt 2011-12-26 17:13 . Pre-Run: 136,275,353,600 bytes free Post-Run: 136,162,418,688 bytes free . - - End Of File - - DA5A0FE15F0D41DC9A1D58A4760F3864 MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: Phoenix System Manufacturer: Acer System Product Name: Aspire 5739G Logical Drives Mask: 0x00000014 Kernel Drivers (total 196): 0x03215000 \SystemRoot\system32\ntoskrnl.exe 0x037FE000 \SystemRoot\system32\hal.dll 0x00BCB000 \SystemRoot\system32\kdcom.dll 0x00C12000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C61000 \SystemRoot\system32\PSHED.dll 0x00C75000 \SystemRoot\system32\CLFS.SYS 0x00CD3000 \SystemRoot\system32\CI.dll 0x00EEF000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F93000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00FA2000 \SystemRoot\system32\drivers\ACPI.sys 0x00E00000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00E09000 \SystemRoot\system32\drivers\msisadrv.sys 0x00E13000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00E20000 \SystemRoot\system32\drivers\pci.sys 0x00E53000 \SystemRoot\System32\drivers\partmgr.sys 0x00E68000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00E71000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00E7D000 \SystemRoot\system32\drivers\volmgr.sys 0x00E92000 \SystemRoot\System32\drivers\volmgrx.sys 0x00D93000 \SystemRoot\System32\drivers\mountmgr.sys 0x0102F000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x0114B000 \SystemRoot\system32\drivers\atapi.sys 0x01154000 \SystemRoot\system32\drivers\ataport.SYS 0x0117E000 \SystemRoot\system32\drivers\amdxata.sys 0x01189000 \SystemRoot\system32\drivers\fltmgr.sys 0x011D5000 \SystemRoot\system32\drivers\fileinfo.sys 0x01225000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0143C000 \SystemRoot\System32\Drivers\msrpc.sys 0x0149A000 \SystemRoot\System32\Drivers\ksecdd.sys 0x014B5000 \SystemRoot\System32\Drivers\cng.sys 0x01527000 \SystemRoot\System32\drivers\pcw.sys 0x01538000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01619000 \SystemRoot\system32\drivers\ndis.sys 0x0170C000 \SystemRoot\system32\drivers\NETIO.SYS 0x0176C000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01844000 \SystemRoot\System32\drivers\tcpip.sys 0x01A48000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01A92000 \SystemRoot\system32\drivers\volsnap.sys 0x01ADE000 \SystemRoot\System32\Drivers\spldr.sys 0x01AE6000 \SystemRoot\System32\drivers\rdyboost.sys 0x01B20000 \SystemRoot\System32\Drivers\mup.sys 0x01B32000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01B3B000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01B75000 \SystemRoot\system32\DRIVERS\disk.sys 0x01B8B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x02FBE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x02E00000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x02E31000 \SystemRoot\System32\Drivers\Null.SYS 0x02E3A000 \SystemRoot\System32\Drivers\Beep.SYS 0x02E41000 \SystemRoot\System32\drivers\vga.sys 0x02E4F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x02E74000 \SystemRoot\System32\drivers\watchdog.sys 0x02E84000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x02FE8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x02FF1000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01BC9000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01BD4000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01822000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x01542000 \SystemRoot\system32\drivers\afd.sys 0x01797000 \SystemRoot\System32\DRIVERS\netbt.sys 0x0182F000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x015CB000 \SystemRoot\system32\DRIVERS\pacer.sys 0x01BE5000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x017DC000 \SystemRoot\system32\DRIVERS\netbios.sys 0x01400000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x017EB000 \SystemRoot\system32\drivers\termdd.sys 0x01838000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x01600000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x00DAD000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x0160A000 \SystemRoot\system32\drivers\nsiproxy.sys 0x0141B000 \SystemRoot\system32\drivers\mssmbios.sys 0x01426000 \SystemRoot\System32\drivers\discache.sys 0x013C8000 \SystemRoot\System32\Drivers\dfsc.sys 0x013E6000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02FFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x015F1000 \SystemRoot\system32\drivers\wmiacpi.sys 0x0F237000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0FF45000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x03EAE000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03FA2000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03E00000 \SystemRoot\system32\drivers\HDAudBus.sys 0x03E24000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03E31000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03E87000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0409D000 \SystemRoot\system32\DRIVERS\NETw5s64.sys 0x0474A000 \SystemRoot\System32\drivers\vwifibus.sys 0x04757000 \SystemRoot\system32\DRIVERS\L1C62x64.sys 0x0476C000 \SystemRoot\system32\DRIVERS\nuvotoncir.sys 0x04782000 \SystemRoot\system32\drivers\i8042prt.sys 0x047A0000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys 0x047AC000 \SystemRoot\system32\drivers\kbdclass.sys 0x04000000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x0404C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0404E000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0405D000 \??\C:\Windows\system32\drivers\UBHelper.sys 0x04065000 \??\C:\Windows\system32\drivers\NTIDrvr.sys 0x0406D000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04083000 \SystemRoot\system32\drivers\CompositeBus.sys 0x047BB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x047D1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x03E98000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0FF47000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0FF76000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0FF91000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x0FFB2000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x03FE8000 \SystemRoot\System32\Drivers\pcouffin.sys 0x047F5000 \SystemRoot\system32\drivers\swenum.sys 0x04AA3000 \SystemRoot\system32\drivers\ks.sys 0x04AE6000 \SystemRoot\system32\DRIVERS\circlass.sys 0x04AF8000 \SystemRoot\system32\drivers\umbus.sys 0x04B0A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04B64000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04B79000 \SystemRoot\system32\drivers\nvhda64v.sys 0x04B91000 \SystemRoot\system32\drivers\portcls.sys 0x04BCE000 \SystemRoot\system32\drivers\drmk.sys 0x04BF0000 \SystemRoot\system32\drivers\ksthunk.sys 0x05A0A000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x05C92000 \SystemRoot\system32\DRIVERS\agrsm64.sys 0x05DC3000 \SystemRoot\system32\drivers\modem.sys 0x05DD2000 \SystemRoot\system32\DRIVERS\hidir.sys 0x05DE3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05C00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05C09000 \SystemRoot\system32\drivers\kbdhid.sys 0x05C17000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x05C24000 \SystemRoot\System32\Drivers\tcusb.sys 0x00000000 \SystemRoot\System32\win32k.sys 0x05C37000 \SystemRoot\System32\drivers\Dxapi.sys 0x05C43000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x05C60000 \SystemRoot\System32\Drivers\usbvideo.sys 0x05BF0000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00500000 \SystemRoot\System32\TSDDD.dll 0x006B0000 \SystemRoot\System32\cdd.dll 0x008E0000 \SystemRoot\System32\ATMFD.DLL 0x04A00000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x04A1D000 \SystemRoot\System32\Drivers\crashdmp.sys 0x02E8D000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x04A2B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x04A3E000 \SystemRoot\system32\drivers\luafv.sys 0x04A61000 \SystemRoot\system32\drivers\WudfPf.sys 0x04A82000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02C61000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x02CB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02CC7000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02CDF000 \SystemRoot\system32\drivers\HTTP.sys 0x02DA8000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x02DD9000 \SystemRoot\system32\DRIVERS\bowser.sys 0x02C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x05674000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x056C2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x056E6000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0574F000 \SystemRoot\System32\DRIVERS\srv.sys 0x07020000 \SystemRoot\system32\drivers\peauth.sys 0x070C6000 \SystemRoot\System32\Drivers\secdrv.SYS 0x070D1000 \SystemRoot\System32\drivers\tcpipreg.sys 0x07154000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x77790000 \Windows\System32\ntdll.dll 0x47D90000 \Windows\System32\smss.exe 0xFFAB0000 \Windows\System32\apisetschema.dll 0xFF810000 \Windows\System32\autochk.exe 0xFED10000 \Windows\System32\shell32.dll 0xFEC90000 \Windows\System32\shlwapi.dll 0xFEBC0000 \Windows\System32\usp10.dll 0x77960000 \Windows\System32\normaliz.dll 0x77950000 \Windows\System32\psapi.dll 0xFEA90000 \Windows\System32\wininet.dll 0xFEA10000 \Windows\System32\difxapi.dll 0x77670000 \Windows\System32\kernel32.dll 0xFEA00000 \Windows\System32\nsi.dll 0xFE8F0000 \Windows\System32\msctf.dll 0xFE7C0000 \Windows\System32\rpcrt4.dll 0xFE720000 \Windows\System32\clbcatq.dll 0xFE540000 \Windows\System32\setupapi.dll 0xFE330000 \Windows\System32\ole32.dll 0xFE1B0000 \Windows\System32\urlmon.dll 0xFE1A0000 \Windows\System32\lpk.dll 0xFE130000 \Windows\System32\gdi32.dll 0xFDED0000 \Windows\System32\iertutil.dll 0xFDDF0000 \Windows\System32\oleaut32.dll 0xFDDD0000 \Windows\System32\imagehlp.dll 0xFDD30000 \Windows\System32\msvcrt.dll 0xFDD00000 \Windows\System32\imm32.dll 0xFDCB0000 \Windows\System32\ws2_32.dll 0xFDC90000 \Windows\System32\sechost.dll 0x77570000 \Windows\System32\user32.dll 0xFDBF0000 \Windows\System32\comdlg32.dll 0xFDB10000 \Windows\System32\advapi32.dll 0xFDAB0000 \Windows\System32\Wldap32.dll 0xFDA70000 \Windows\System32\cfgmgr32.dll 0xFDA30000 \Windows\System32\wintrust.dll 0xFD9C0000 \Windows\System32\KernelBase.dll 0xFD850000 \Windows\System32\crypt32.dll 0xFD830000 \Windows\System32\devobj.dll 0xFD790000 \Windows\System32\comctl32.dll 0xFD780000 \Windows\System32\msasn1.dll Processes (total 67): 0 System Idle Process 4 System 304 C:\Windows\System32\smss.exe 468 csrss.exe 532 C:\Windows\System32\wininit.exe 548 csrss.exe 584 C:\Windows\System32\services.exe 608 C:\Windows\System32\lsass.exe 616 C:\Windows\System32\lsm.exe 700 C:\Windows\System32\winlogon.exe 756 C:\Windows\System32\svchost.exe 820 C:\Windows\System32\nvvsvc.exe 860 C:\Windows\System32\svchost.exe 916 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 1008 C:\Windows\System32\svchost.exe 328 C:\Windows\System32\svchost.exe 348 C:\Windows\System32\svchost.exe 1068 C:\Windows\System32\svchost.exe 1152 C:\Windows\System32\svchost.exe 1280 C:\Windows\System32\nvvsvc.exe 1416 C:\Windows\System32\spoolsv.exe 1424 C:\Program Files\Common Files\SPBA\upeksvr.exe 1592 C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe 1856 C:\Program Files\SUPERAntiSpyware\SASCore64.exe 1884 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1920 C:\Program Files\LSI SoftModem\agr64svc.exe 1944 C:\Windows\System32\svchost.exe 1980 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 2028 C:\Windows\System32\svchost.exe 1044 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe 1472 C:\Program Files (x86)\Acer Bio Protection\BASVC.exe 1576 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 1668 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 1736 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe 1360 C:\Windows\System32\svchost.exe 1548 C:\Program Files\Acer\Acer Updater\UpdaterService.exe 2068 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2108 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 2140 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2288 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2584 C:\Windows\System32\taskhost.exe 2728 C:\Windows\System32\dwm.exe 2744 C:\Windows\explorer.exe 2844 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2916 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2924 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2932 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 3028 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1724 C:\Program Files\Microsoft Security Client\msseces.exe 2460 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 1760 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe 2788 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe 2436 C:\Program Files (x86)\Launch Manager\LManager.EXE 3076 C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe 3088 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe 3104 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe 3144 C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe 3776 C:\Windows\System32\SearchIndexer.exe 1536 C:\Program Files\Windows Media Player\wmpnetwk.exe 3804 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3476 C:\Program Files (x86)\Internet Explorer\iexplore.exe 2816 C:\Program Files (x86)\Internet Explorer\iexplore.exe 956 C:\Windows\System32\SearchProtocolHost.exe 3212 C:\Windows\System32\SearchFilterHost.exe 868 C:\Windows\System32\audiodg.exe 236 C:\Users\Jeremy\Desktop\MBRCheck.exe 3208 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`e6600000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.