Jump to content

208.73.210.29 (firefox.exe) blocked by Malwarebytes every 10 minutes


Recommended Posts

Beginning midday yesterday our general purpose machine suddenly began connecting outbound approx every 10 minutes to 208.73.210.29 whenever firefox was running. This is a spare machine that used to be a graphic design computer but is now more of an all-purpose household machine that the kids or their friends may have installed something onto, but rather than wiping out and reinstalling everything from scratch, which I simply don't have time to do, I'd like to find the problem and remove it.

I ran a full system scan with Malwarebytes and it found the installer for a macro writing program which I had installed several months prior while building a keyboard macro, but the problem only began 24 hours ago, so while that file may have been infected, I'm not sure it's the cause of what's happening now.

It also flagged two jpg files which were only partially recovered from a deletion and subsequent file recovery. The JPGs were recovered damaged, and Malwarebytes read them as something like mismatched extension, if I recall correctly, so I deleted them as well.

On later runs of Malwarebytes, it finds nothing wrong on the system, yet every ten minutes it still pops up and says it has blocked firefox.exe from connecting to 208.73.210.29 because it's a suspected malicious site... I followed the instructions here:

http://forums.malwarebytes.org//index.php?showtopic=9573

and am pasting the DDS.txt log file below:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22

Run by Mediacube at 7:47:19 on 2012-04-25

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.5538 [GMT -4:00]

.

AV: Outpost Security Suite *Enabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}

SP: Outpost Security Suite *Enabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

uRun: [AdobeBridge]

uRun: [Google Update] "C:\Users\Mediacube\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

TCP: Interfaces\{89C615C7-1B65-4F59-AF2F-08993A8FC71C} : DhcpNameServer = 167.206.245.129 167.206.245.130

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

AppInit_DLLs-X64: c:\progra~1\agnitum\outpos~1\wl_hook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mediacube\AppData\Roaming\Mozilla\Firefox\Profiles\3ygotqwa.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Users\Mediacube\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 afw;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys --> C:\Windows\system32\DRIVERS\afw.sys [?]

R1 SandBox;SandBox;\??\C:\Windows\system32\drivers\SandBox64.sys --> C:\Windows\system32\drivers\SandBox64.sys [?]

R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\system32\DRIVERS\StarPortLite.sys --> C:\Windows\system32\DRIVERS\StarPortLite.sys [?]

R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2011-7-24 3501696]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-21 654408]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]

R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-7-23 5716848]

R3 afwcore;afwcore;C:\Windows\system32\drivers\afwcore.sys --> C:\Windows\system32\drivers\afwcore.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 ASWFilt;ASWFilt;\??\C:\Windows\system32\Filt\ASWFilt64.dll --> C:\Windows\system32\Filt\ASWFilt64.dll [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys --> C:\Windows\system32\DRIVERS\Spyder3.sys [?]

R3 VBEngNT;VBEngNT;\??\C:\Windows\system32\drivers\VBEngNT.sys --> C:\Windows\system32\drivers\VBEngNT.sys [?]

R3 VBFilt;VBFilt;\??\C:\Windows\system32\Filt\VBFilt64.dll --> C:\Windows\system32\Filt\VBFilt64.dll [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 129976]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-25 05:21:38 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-25 05:21:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-25 05:21:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-25 05:21:34 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{650439F9-D64F-4195-B423-103B9893F7A0}\mpengine.dll

2012-04-25 05:20:09 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-25 05:20:09 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-25 05:20:09 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-25 05:20:07 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-25 05:20:07 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-25 05:20:07 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-25 05:20:07 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-24 21:53:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-24 21:53:09 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-24 21:53:09 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-22 01:43:30 -------- d-----w- C:\ProgramData\Camera Bits, Inc

2012-04-21 22:26:19 -------- d-----w- C:\Users\Mediacube\AppData\Roaming\Camera Bits, Inc

2012-04-21 22:23:13 -------- d-----w- C:\Program Files (x86)\Camera Bits

2012-04-21 22:16:07 -------- d-----w- C:\Windows\System32\appmgmt

2012-04-21 06:46:36 -------- d-----w- C:\Users\Mediacube\AppData\Roaming\XnView

2012-04-20 20:25:10 -------- d-----w- C:\Users\Mediacube\AppData\Local\ACD Systems

2012-04-20 20:25:09 -------- d-----w- C:\Users\Mediacube\AppData\Roaming\ACD Systems

2012-04-20 20:22:27 -------- d-----w- C:\ProgramData\ACD Systems

2012-04-20 20:22:20 -------- d-----w- C:\Program Files (x86)\Common Files\ACD Systems

2012-04-20 20:22:20 -------- d-----w- C:\Program Files (x86)\ACD Systems

2012-04-19 20:49:56 -------- d-----w- C:\Users\Mediacube\AppData\Local\QuickPar

2012-04-19 20:47:55 -------- d-----w- C:\Program Files (x86)\QuickPar

2012-04-19 16:51:23 -------- d-----w- C:\Users\Mediacube\AppData\Local\Google

2012-04-18 22:04:50 -------- d-----w- C:\Users\Mediacube\AppData\Roaming\StarBurn

2012-04-04 21:08:12 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-04-04 20:54:04 -------- d-----w- C:\ProgramData\AMD

2012-04-04 20:54:03 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-04-04 20:53:59 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-04-04 20:53:59 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2012-04-04 20:51:33 -------- d-----w- C:\Program Files\ATI

2012-04-04 20:49:54 -------- d-----w- C:\Program Files\ATI Technologies

2012-04-04 20:19:08 -------- d-----w- C:\AMD

.

==================== Find3M ====================

.

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-03-09 05:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-03-09 05:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll

2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll

2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll

2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe

2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll

2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll

2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll

2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 11:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-01-31 11:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

.

============= FINISH: 7:48:11.03 ===============

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Hello and :welcome:

Can you also please post attach.txt created by DDS?

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi Elise,

Thanks for your asistance. One other symptom I've noticed since this began, which I forgot to mention.. At times when working in a text document, or in Firefox's Web Developer Extension CSS Editor, for example when the cursor is on line 5 of a document, and the document is scrolled down to the middle or bottom, the document will randomly snap back up to the top, back to where the cursor is.. In the CSS Editor of Firefox's webDev extension, it almost seems as though the css editor refreshes, or the page quickly reloads or something, because when it happens, any changes to the CSS which were made temporarily, are lost.. but that was the first clue I had that something was strange on the machine, and then a little while later the blocked connections to the IP I listed above began.

Ok, I ran ComboFix. The recovery console was already installed. Combofix ran and then rebooted the machine, generating a log file. When the machine restarted, the C: Drive now has the Microsoft Flag icon over it and the drive shows as shared, which it was not previously. Is this normal?

Here is the Attach.txt which was run yesterday morning, at the same time as the DDS.txt which I already pasted. Below that is the combofix.txt file:

*****************************************************

Attach.txt

*****************************************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/23/2011 1:37:36 PM

System Uptime: 4/25/2012 1:25:53 AM (6 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | P55-GD65 (MS-7583)

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 1866/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 195 GiB total, 137.836 GiB free.

D: is FIXED (NTFS) - 270 GiB total, 0.995 GiB free.

E: is FIXED (NTFS) - 596 GiB total, 116.082 GiB free.

F: is FIXED (NTFS) - 466 GiB total, 13.336 GiB free.

G: is CDROM ()

I: is FIXED (NTFS) - 149 GiB total, 4.564 GiB free.

K: is FIXED (NTFS) - 932 GiB total, 78.717 GiB free.

L: is Removable

M: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Multimedia Audio Controller

Device ID: PCI\VEN_1013&DEV_6003&SUBSYS_A0121681&REV_01\5&24B448FD&0&4000F0

Manufacturer:

Name: Multimedia Audio Controller

PNP Device ID: PCI\VEN_1013&DEV_6003&SUBSYS_A0121681&REV_01\5&24B448FD&0&4000F0

Service:

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\6&2F77B173&0&2

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\6&2F77B173&0&2

Service:

.

==== System Restore Points ===================

.

RP39: 4/20/2012 4:21:55 PM - Installed ACDSee Pro 5.

RP40: 4/21/2012 6:13:34 PM - Removed ACDSee Pro 5.

RP41: 4/25/2012 1:19:52 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.1)

Audacity 1.3.13 (Unicode)

Blue Eye Macro 2.5

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Crimson Editor (remove only)

DivX Setup

Filter Forge 2.012

Filter Forge 3.007

Firestorm-Release (remove only)

Google Chrome

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

Imprudence Viewer 1.3.1 (SSE2 optimized)

Java Auto Updater

Java 6 Update 22

K-Lite Codec Pack 7.7.0 (Full)

LAME v3.98.3 for Audacity

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird (6.0.2)

Mp3tag v2.49

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

OpenOffice.org 3.3

PDF Settings CS5

Phoenix Viewer 1.6.0.1691

Photo Mechanic 4.6.8

QuickPar 0.9

Realtek High Definition Audio Driver

RocketDock 1.3.5

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Skype™ 5.6

Sony Noise Reduction Plug-In 2.0h

Sony Sound Forge 9.0

Spyder3Pro

StarBurn Version 12r10 (Build 0x20091021)

ThumbsPlus version 7.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.6195

WebTablet IE Plugin

WebTablet Netscape Plugin

WhereIsIt? 2011

.

==== Event Viewer Messages From Past Week ========

.

4/24/2012 5:41:35 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.

.

==== End Of File ===========================

*****************************************************

ComboFix.txt

*****************************************************

ComboFix 12-04-26.01 - Mediacube 04/26/2012 10:24:00.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.5590 [GMT -4:00]

Running from: c:\users\Mediacube\Desktop\ComboFix.exe

AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}

FW: Outpost Security Suite *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}

SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mediacube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

c:\users\Mediacube\AppData\Roaming\Mozilla\Firefox\Profiles\3ygotqwa.default\weave\toFetch

c:\users\Mediacube\AppData\Roaming\Mozilla\Firefox\Profiles\3ygotqwa.default\weave\toFetch\clients.json

c:\users\Mediacube\AppData\Roaming\Mozilla\Firefox\Profiles\3ygotqwa.default\weave\toFetch\tabs.json

.

.

((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))

.

.

2012-04-26 14:30 . 2012-04-26 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-25 05:21 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-25 05:21 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-25 05:21 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-25 05:21 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{650439F9-D64F-4195-B423-103B9893F7A0}\mpengine.dll

2012-04-25 05:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-25 05:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-25 05:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-25 05:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-25 05:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-25 05:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-25 05:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-24 21:53 . 2012-04-24 21:53 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-24 21:53 . 2012-04-24 21:53 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-24 21:53 . 2012-04-24 21:53 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-22 01:43 . 2012-04-22 01:43 -------- d-----w- c:\programdata\Camera Bits, Inc

2012-04-21 22:26 . 2012-04-21 22:26 -------- d-----w- c:\users\Mediacube\AppData\Roaming\Camera Bits, Inc

2012-04-21 22:23 . 2012-04-21 22:23 -------- d-----w- c:\program files (x86)\Camera Bits

2012-04-21 22:16 . 2012-04-21 22:16 -------- d-----w- c:\windows\system32\appmgmt

2012-04-21 06:46 . 2012-04-21 06:46 -------- d-----w- c:\users\Mediacube\AppData\Roaming\XnView

2012-04-20 20:25 . 2012-04-21 22:14 -------- d-----w- c:\users\Mediacube\AppData\Local\ACD Systems

2012-04-20 20:25 . 2012-04-20 20:25 -------- d-----w- c:\users\Mediacube\AppData\Roaming\ACD Systems

2012-04-20 20:22 . 2012-04-21 22:15 -------- d-----w- c:\programdata\ACD Systems

2012-04-20 20:22 . 2012-04-21 22:15 -------- d-----w- c:\program files (x86)\Common Files\ACD Systems

2012-04-20 20:22 . 2012-04-20 20:22 -------- d-----w- c:\program files (x86)\ACD Systems

2012-04-19 20:49 . 2012-04-19 20:50 -------- d-----w- c:\users\Mediacube\AppData\Local\QuickPar

2012-04-19 20:47 . 2012-04-19 20:47 -------- d-----w- c:\program files (x86)\QuickPar

2012-04-19 16:51 . 2012-04-19 16:51 -------- d-----w- c:\users\Mediacube\AppData\Local\Google

2012-04-18 22:04 . 2012-04-18 22:04 -------- d-----w- c:\users\Mediacube\AppData\Roaming\StarBurn

2012-04-04 21:08 . 2012-04-04 21:08 -------- d-----w- c:\program files (x86)\AMD APP

2012-04-04 20:59 . 2012-04-04 20:59 -------- d-----w- c:\programdata\ATI

2012-04-04 20:54 . 2012-04-04 20:54 -------- d-----w- c:\programdata\AMD

2012-04-04 20:54 . 2012-04-04 20:54 -------- d-----w- c:\program files (x86)\AMD AVT

2012-04-04 20:53 . 2012-04-04 20:53 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-04-04 20:53 . 2012-04-04 20:53 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-04-04 20:51 . 2012-04-04 20:51 -------- d-----w- c:\program files\ATI

2012-04-04 20:49 . 2012-04-04 20:53 -------- d-----w- c:\program files\ATI Technologies

2012-04-04 20:19 . 2012-04-04 20:19 -------- d-----w- C:\AMD

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2011-12-09 05:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll

2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll

2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll

2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll

2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-03-09 03:57 . 2012-03-09 03:57 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-03-09 03:47 . 2012-03-09 03:47 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-23 14:18 . 2011-06-23 18:47 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 13:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 13:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 13:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 13:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 13:06 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 13:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 13:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2010-7-26 7667970]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt64.dll [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [x]

R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt64.dll [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]

S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [x]

S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox64.sys [x]

S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [x]

S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2011-04-04 3501696]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]

S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488321904-1041780870-3181433465-1000Core.job

- c:\users\Mediacube\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 16:51]

.

2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488321904-1041780870-3181433465-1000UA.job

- c:\users\Mediacube\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 16:51]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]

@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]

2011-03-30 23:02 601528 ----a-w- c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 4510072]

"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-30 808064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

FF - ProfilePath - c:\users\Mediacube\AppData\Roaming\Mozilla\Firefox\Profiles\3ygotqwa.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.032"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.abr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ani"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.apd"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.arw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.bay"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3488321904-1041780870-3181433465-1000)

"Progid"="ACDSee Pro 5.bmp"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.bw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cr2"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.crw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cs1"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cur"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dcr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dcx"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dib"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.djv"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.djvu"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dng"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.emf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.eps"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.erf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.fff"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.fpx"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.gif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.hdr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.icl"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.icn"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.iff"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ilbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.int"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.inta"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.iw4"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.j2c"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.j2k"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jbr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jfif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jp2"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpc"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpe"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpeg"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpg"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpk"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpx"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.kdc"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.lbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mef"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mos"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mrw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.nef"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.nrw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.orf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pbr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pcd"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pct"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pcx"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pef"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pgm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pic"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pict"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pix"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.png"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ppm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.psd"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.psp"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pspbrush"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pspimage"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.raf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ras"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.raw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rgb"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rgba"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rle"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rsb"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rw2"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rwl"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.sgi"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.sr2"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.srf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.srw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.tga"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.thm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.tif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.tiff"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ttc"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ttf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wbmp"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wmf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xpm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{340D5E9D-A58B-39E4-9923-78ABD8A9AC67}*]

"haddmohofnoibjgj"=hex:6a,61,6a,6f,6f,65,6a,6b,6c,68,6a,6d,6a,6b,6c,6d,6d,65,

6a,6b,00,00

"iafdgmefofidffbolj"=hex:6a,61,6a,6f,6f,65,6a,6b,6c,68,6a,6d,6a,6b,6c,6d,6d,65,

6a,6b,00,fe

"hacmlmofmcaigplk"=hex:65,63,70,6d,61,65,67,6f,61,6d,66,68,63,69,62,6b,64,63,

6f,6b,64,65,65,6d,65,64,61,6d,67,6f,67,70,65,67,6a,61,62,6e,63,61,62,62,70,\

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63008CD5-F7B2-9A56-2213-1AAFCA0F2C8E}*]

"iaknfngbbgfncehcej"=hex:6b,61,6c,67,6a,63,6a,67,6b,6e,6e,6b,63,69,61,65,62,61,

65,6b,6e,68,00,77

"hainlbdpejnmobnd"=hex:6b,61,6c,67,6a,63,6a,67,6b,6e,6e,6b,63,69,61,65,62,61,

65,6b,6e,68,00,77

"hadglbhhnfohagpe"=hex:65,63,6d,65,69,6f,63,6e,68,6f,6b,6f,68,65,66,62,6c,69,

6e,6c,70,62,6f,66,67,6b,70,6f,6e,65,62,6b,6c,6e,70,68,6f,63,63,6a,64,69,63,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{340D5E9D-A58B-39E4-9923-78ABD8A9AC67}\InProcServer32*]

"japdlmjabdgnnjlgiioa"=hex:6a,61,6a,6f,6f,65,6a,6b,6c,68,6a,6d,6a,6b,6c,6d,6d,

65,6a,6b,00,01

"iapdfcdghncdfhlpco"=hex:6a,61,6a,6f,6f,65,6a,6b,6c,68,6a,6d,6a,6b,6c,6d,6d,65,

6a,6b,00,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63008CD5-F7B2-9A56-2213-1AAFCA0F2C8E}\InProcServer32*]

"jamnmnfmbjegdgcbikdj"=hex:6b,61,6c,67,6a,63,6a,67,6b,6e,6e,6b,63,69,61,65,62,

61,65,6b,6e,68,00,00

"iamncollmhopohbbjm"=hex:6b,61,6c,67,6a,63,6a,67,6b,6e,6e,6b,63,69,61,65,62,61,

65,6b,6e,68,00,77

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-26 10:40:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-26 14:40

.

Pre-Run: 147,566,419,968 bytes free

Post-Run: 147,229,511,680 bytes free

.

- - End Of File - - 0F0B54932561FEF2C507DBD237DA5DF1

Link to post
Share on other sites

Hi again, lets also do an additional rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hi Elise,

Below is the result of the TDS scan.. it found two files that gave warnings, but I believe they are legitimate.. One is an Adobe file, the other an HTC Internet passthrough, for android phones:

The blocked connections to the 208.73.210.29 IP continue every 15 minutes...

14:40:21.0961 3856 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

14:40:23.0963 3856 ============================================================

14:40:23.0963 3856 Current date / time: 2012/04/26 14:40:23.0963

14:40:23.0963 3856 SystemInfo:

14:40:23.0963 3856

14:40:23.0963 3856 OS Version: 6.1.7601 ServicePack: 1.0

14:40:23.0963 3856 Product type: Workstation

14:40:23.0963 3856 ComputerName: MEDIAQUBE

14:40:23.0963 3856 UserName: Mediacube

14:40:23.0963 3856 Windows directory: C:\Windows

14:40:23.0963 3856 System windows directory: C:\Windows

14:40:23.0963 3856 Running under WOW64

14:40:23.0964 3856 Processor architecture: Intel x64

14:40:23.0964 3856 Number of processors: 4

14:40:23.0964 3856 Page size: 0x1000

14:40:23.0964 3856 Boot type: Normal boot

14:40:23.0964 3856 ============================================================

14:41:15.0773 3856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:41:15.0783 3856 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:41:15.0793 3856 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:41:15.0803 3856 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:41:15.0873 3856 ============================================================

14:41:15.0873 3856 \Device\Harddisk0\DR0:

14:41:15.0873 3856 MBR partitions:

14:41:15.0873 3856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82

14:41:15.0873 3856 \Device\Harddisk1\DR1:

14:41:15.0873 3856 MBR partitions:

14:41:15.0873 3856 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82

14:41:15.0873 3856 \Device\Harddisk2\DR2:

14:41:15.0873 3856 MBR partitions:

14:41:15.0873 3856 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

14:41:15.0873 3856 \Device\Harddisk3\DR3:

14:41:15.0873 3856 MBR partitions:

14:41:15.0873 3856 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A0000

14:41:15.0873 3856 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x21CE4800

14:41:15.0873 3856 ============================================================

14:41:15.0893 3856 C: <-> \Device\Harddisk3\DR3\Partition0

14:41:15.0943 3856 D: <-> \Device\Harddisk3\DR3\Partition1

14:41:16.0063 3856 E: <-> \Device\Harddisk1\DR1\Partition0

14:41:16.0073 3856 F: <-> \Device\Harddisk2\DR2\Partition0

14:41:16.0093 3856 I: <-> \Device\Harddisk0\DR0\Partition0

14:41:16.0093 3856 ============================================================

14:41:16.0093 3856 Initialize success

14:41:16.0093 3856 ============================================================

14:41:29.0053 4120 ============================================================

14:41:29.0053 4120 Scan started

14:41:29.0053 4120 Mode: Manual; SigCheck; TDLFS;

14:41:29.0053 4120 ============================================================

14:41:29.0743 4120 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:41:29.0853 4120 1394ohci - ok

14:41:29.0883 4120 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:41:29.0903 4120 ACPI - ok

14:41:29.0913 4120 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:41:29.0983 4120 AcpiPmi - ok

14:41:30.0143 4120 acssrv (fe5dcf9f6f8ea5f1f3ed2c20b1c6023e) C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

14:41:30.0233 4120 acssrv - ok

14:41:30.0333 4120 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

14:41:30.0353 4120 AdobeARMservice - ok

14:41:30.0463 4120 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

14:41:30.0503 4120 adp94xx - ok

14:41:30.0543 4120 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

14:41:30.0583 4120 adpahci - ok

14:41:30.0593 4120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

14:41:30.0603 4120 adpu320 - ok

14:41:30.0633 4120 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:41:30.0673 4120 AeLookupSvc - ok

14:41:30.0723 4120 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

14:41:30.0773 4120 AFD - ok

14:41:30.0833 4120 afw (cbdd7eb1431086a6d56c6f700d98b644) C:\Windows\system32\DRIVERS\afw.sys

14:41:30.0853 4120 afw - ok

14:41:30.0883 4120 afwcore (c8c34a00c98322b06bed456b13ee4497) C:\Windows\system32\drivers\afwcore.sys

14:41:30.0923 4120 afwcore - ok

14:41:30.0953 4120 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:41:30.0973 4120 agp440 - ok

14:41:30.0993 4120 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:41:31.0033 4120 ALG - ok

14:41:31.0043 4120 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:41:31.0063 4120 aliide - ok

14:41:31.0093 4120 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe

14:41:31.0133 4120 AMD External Events Utility - ok

14:41:31.0143 4120 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:41:31.0163 4120 amdide - ok

14:41:31.0193 4120 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

14:41:31.0243 4120 AmdK8 - ok

14:41:31.0513 4120 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys

14:41:31.0703 4120 amdkmdag - ok

14:41:31.0813 4120 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys

14:41:31.0863 4120 amdkmdap - ok

14:41:31.0883 4120 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:41:31.0943 4120 AmdPPM - ok

14:41:31.0973 4120 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:41:31.0993 4120 amdsata - ok

14:41:32.0023 4120 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

14:41:32.0033 4120 amdsbs - ok

14:41:32.0063 4120 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:41:32.0073 4120 amdxata - ok

14:41:32.0113 4120 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:41:32.0163 4120 AppID - ok

14:41:32.0173 4120 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:41:32.0213 4120 AppIDSvc - ok

14:41:32.0263 4120 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

14:41:32.0323 4120 Appinfo - ok

14:41:32.0353 4120 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

14:41:32.0413 4120 AppMgmt - ok

14:41:32.0433 4120 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

14:41:32.0463 4120 arc - ok

14:41:32.0473 4120 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

14:41:32.0493 4120 arcsas - ok

14:41:32.0543 4120 ASWFilt (f9ade16b57293e3dd55d84879cad2a20) C:\Windows\system32\Filt\ASWFilt64.dll

14:41:32.0563 4120 ASWFilt - ok

14:41:32.0593 4120 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:41:32.0643 4120 AsyncMac - ok

14:41:32.0663 4120 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:41:32.0683 4120 atapi - ok

14:41:32.0733 4120 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys

14:41:32.0763 4120 AtiHDAudioService - ok

14:41:32.0823 4120 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:41:32.0873 4120 AudioEndpointBuilder - ok

14:41:32.0883 4120 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:41:32.0913 4120 AudioSrv - ok

14:41:32.0963 4120 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

14:41:33.0013 4120 AxInstSV - ok

14:41:33.0063 4120 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

14:41:33.0123 4120 b06bdrv - ok

14:41:33.0163 4120 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:41:33.0193 4120 b57nd60a - ok

14:41:33.0243 4120 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:41:33.0283 4120 BDESVC - ok

14:41:33.0303 4120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:41:33.0363 4120 Beep - ok

14:41:33.0443 4120 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

14:41:33.0503 4120 BFE - ok

14:41:33.0553 4120 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

14:41:33.0613 4120 BITS - ok

14:41:33.0633 4120 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:41:33.0673 4120 blbdrive - ok

14:41:33.0703 4120 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:41:33.0733 4120 bowser - ok

14:41:33.0743 4120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:41:33.0803 4120 BrFiltLo - ok

14:41:33.0823 4120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:41:33.0853 4120 BrFiltUp - ok

14:41:33.0873 4120 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

14:41:33.0923 4120 BridgeMP - ok

14:41:33.0943 4120 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

14:41:33.0993 4120 Browser - ok

14:41:34.0013 4120 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:41:34.0083 4120 Brserid - ok

14:41:34.0093 4120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:41:34.0123 4120 BrSerWdm - ok

14:41:34.0133 4120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:41:34.0163 4120 BrUsbMdm - ok

14:41:34.0183 4120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:41:34.0213 4120 BrUsbSer - ok

14:41:34.0223 4120 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

14:41:34.0273 4120 BTHMODEM - ok

14:41:34.0293 4120 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:41:34.0343 4120 bthserv - ok

14:41:34.0373 4120 catchme - ok

14:41:34.0383 4120 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:41:34.0433 4120 cdfs - ok

14:41:34.0473 4120 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

14:41:34.0513 4120 cdrom - ok

14:41:34.0553 4120 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:41:34.0623 4120 CertPropSvc - ok

14:41:34.0623 4120 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

14:41:34.0653 4120 circlass - ok

14:41:34.0673 4120 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:41:34.0693 4120 CLFS - ok

14:41:34.0773 4120 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:41:34.0793 4120 clr_optimization_v2.0.50727_32 - ok

14:41:34.0853 4120 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:41:34.0873 4120 clr_optimization_v2.0.50727_64 - ok

14:41:34.0933 4120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:41:34.0963 4120 clr_optimization_v4.0.30319_32 - ok

14:41:34.0993 4120 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:41:35.0003 4120 clr_optimization_v4.0.30319_64 - ok

14:41:35.0063 4120 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:41:35.0103 4120 CmBatt - ok

14:41:35.0123 4120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:41:35.0143 4120 cmdide - ok

14:41:35.0183 4120 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

14:41:35.0223 4120 CNG - ok

14:41:35.0253 4120 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

14:41:35.0273 4120 Compbatt - ok

14:41:35.0313 4120 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

14:41:35.0343 4120 CompositeBus - ok

14:41:35.0363 4120 COMSysApp - ok

14:41:35.0373 4120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

14:41:35.0383 4120 crcdisk - ok

14:41:35.0423 4120 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

14:41:35.0483 4120 CryptSvc - ok

14:41:35.0523 4120 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

14:41:35.0553 4120 CSC - ok

14:41:35.0593 4120 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

14:41:35.0623 4120 CscService - ok

14:41:35.0673 4120 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:41:35.0733 4120 DcomLaunch - ok

14:41:35.0773 4120 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:41:35.0843 4120 defragsvc - ok

14:41:35.0893 4120 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:41:35.0953 4120 DfsC - ok

14:41:35.0983 4120 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

14:41:36.0043 4120 Dhcp - ok

14:41:36.0063 4120 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:41:36.0123 4120 discache - ok

14:41:36.0153 4120 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

14:41:36.0163 4120 Disk - ok

14:41:36.0193 4120 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

14:41:36.0233 4120 Dnscache - ok

14:41:36.0273 4120 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

14:41:36.0323 4120 dot3svc - ok

14:41:36.0353 4120 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

14:41:36.0403 4120 DPS - ok

14:41:36.0433 4120 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:41:36.0473 4120 drmkaud - ok

14:41:36.0523 4120 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:41:36.0563 4120 DXGKrnl - ok

14:41:36.0583 4120 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:41:36.0633 4120 EapHost - ok

14:41:36.0733 4120 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

14:41:36.0793 4120 ebdrv - ok

14:41:36.0893 4120 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

14:41:36.0943 4120 EFS - ok

14:41:37.0013 4120 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

14:41:37.0073 4120 ehRecvr - ok

14:41:37.0103 4120 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:41:37.0153 4120 ehSched - ok

14:41:37.0193 4120 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

14:41:37.0233 4120 elxstor - ok

14:41:37.0263 4120 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:41:37.0293 4120 ErrDev - ok

14:41:37.0333 4120 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:41:37.0383 4120 EventSystem - ok

14:41:37.0403 4120 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:41:37.0433 4120 exfat - ok

14:41:37.0453 4120 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:41:37.0493 4120 fastfat - ok

14:41:37.0553 4120 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

14:41:37.0593 4120 Fax - ok

14:41:37.0613 4120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:41:37.0633 4120 fdc - ok

14:41:37.0653 4120 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:41:37.0713 4120 fdPHost - ok

14:41:37.0733 4120 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:41:37.0783 4120 FDResPub - ok

14:41:37.0793 4120 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:41:37.0803 4120 FileInfo - ok

14:41:37.0813 4120 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:41:37.0853 4120 Filetrace - ok

14:41:37.0863 4120 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:41:37.0883 4120 flpydisk - ok

14:41:37.0923 4120 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:41:37.0943 4120 FltMgr - ok

14:41:37.0993 4120 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

14:41:38.0053 4120 FontCache - ok

14:41:38.0133 4120 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:41:38.0153 4120 FontCache3.0.0.0 - ok

14:41:38.0183 4120 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:41:38.0203 4120 FsDepends - ok

14:41:38.0233 4120 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

14:41:38.0263 4120 Fs_Rec - ok

14:41:38.0303 4120 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:41:38.0333 4120 fvevol - ok

14:41:38.0353 4120 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:41:38.0363 4120 gagp30kx - ok

14:41:38.0423 4120 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

14:41:38.0483 4120 gpsvc - ok

14:41:38.0503 4120 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:41:38.0533 4120 hcw85cir - ok

14:41:38.0573 4120 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

14:41:38.0623 4120 HdAudAddService - ok

14:41:38.0653 4120 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

14:41:38.0673 4120 HDAudBus - ok

14:41:38.0683 4120 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

14:41:38.0723 4120 HidBatt - ok

14:41:38.0733 4120 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

14:41:38.0773 4120 HidBth - ok

14:41:38.0783 4120 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

14:41:38.0823 4120 HidIr - ok

14:41:38.0843 4120 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

14:41:38.0883 4120 hidserv - ok

14:41:38.0923 4120 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:41:38.0933 4120 HidUsb - ok

14:41:38.0963 4120 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

14:41:39.0003 4120 hkmsvc - ok

14:41:39.0023 4120 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

14:41:39.0053 4120 HomeGroupListener - ok

14:41:39.0083 4120 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

14:41:39.0123 4120 HomeGroupProvider - ok

14:41:39.0153 4120 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:41:39.0173 4120 HpSAMD - ok

14:41:39.0223 4120 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys

14:41:39.0263 4120 HTCAND64 - ok

14:41:39.0303 4120 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys

14:41:39.0323 4120 htcnprot - ok

14:41:39.0383 4120 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:41:39.0443 4120 HTTP - ok

14:41:39.0493 4120 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:41:39.0503 4120 hwpolicy - ok

14:41:39.0563 4120 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

14:41:39.0593 4120 i8042prt - ok

14:41:39.0643 4120 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:41:39.0663 4120 iaStorV - ok

14:41:39.0783 4120 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:41:39.0813 4120 idsvc - ok

14:41:39.0833 4120 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

14:41:39.0853 4120 iirsp - ok

14:41:39.0913 4120 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

14:41:39.0973 4120 IKEEXT - ok

14:41:40.0103 4120 IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys

14:41:40.0153 4120 IntcAzAudAddService - ok

14:41:40.0243 4120 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:41:40.0273 4120 intelide - ok

14:41:40.0303 4120 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:41:40.0343 4120 intelppm - ok

14:41:40.0363 4120 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:41:40.0413 4120 IPBusEnum - ok

14:41:40.0443 4120 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:41:40.0523 4120 IpFilterDriver - ok

14:41:40.0563 4120 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

14:41:40.0613 4120 iphlpsvc - ok

14:41:40.0643 4120 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:41:40.0673 4120 IPMIDRV - ok

14:41:40.0693 4120 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:41:40.0733 4120 IPNAT - ok

14:41:40.0753 4120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:41:40.0833 4120 IRENUM - ok

14:41:40.0843 4120 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:41:40.0853 4120 isapnp - ok

14:41:40.0873 4120 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:41:40.0883 4120 iScsiPrt - ok

14:41:40.0923 4120 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

14:41:40.0933 4120 kbdclass - ok

14:41:40.0973 4120 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

14:41:41.0013 4120 kbdhid - ok

14:41:41.0053 4120 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:41:41.0083 4120 KeyIso - ok

14:41:41.0093 4120 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

14:41:41.0103 4120 KSecDD - ok

14:41:41.0113 4120 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

14:41:41.0123 4120 KSecPkg - ok

14:41:41.0143 4120 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:41:41.0183 4120 ksthunk - ok

14:41:41.0223 4120 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:41:41.0263 4120 KtmRm - ok

14:41:41.0303 4120 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

14:41:41.0363 4120 LanmanServer - ok

14:41:41.0403 4120 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

14:41:41.0463 4120 LanmanWorkstation - ok

14:41:41.0513 4120 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:41:41.0583 4120 lltdio - ok

14:41:41.0613 4120 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:41:41.0663 4120 lltdsvc - ok

14:41:41.0683 4120 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:41:41.0713 4120 lmhosts - ok

14:41:41.0733 4120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:41:41.0753 4120 LSI_FC - ok

14:41:41.0763 4120 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:41:41.0773 4120 LSI_SAS - ok

14:41:41.0793 4120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:41:41.0803 4120 LSI_SAS2 - ok

14:41:41.0813 4120 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:41:41.0833 4120 LSI_SCSI - ok

14:41:41.0843 4120 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:41:41.0893 4120 luafv - ok

14:41:41.0933 4120 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

14:41:41.0953 4120 MBAMProtector - ok

14:41:42.0053 4120 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:41:42.0083 4120 MBAMService - ok

14:41:42.0113 4120 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys

14:41:42.0133 4120 MBfilt - ok

14:41:42.0163 4120 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

14:41:42.0183 4120 Mcx2Svc - ok

14:41:42.0193 4120 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

14:41:42.0203 4120 megasas - ok

14:41:42.0223 4120 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

14:41:42.0233 4120 MegaSR - ok

14:41:42.0263 4120 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:41:42.0303 4120 MMCSS - ok

14:41:42.0313 4120 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:41:42.0353 4120 Modem - ok

14:41:42.0383 4120 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:41:42.0413 4120 monitor - ok

14:41:42.0443 4120 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:41:42.0473 4120 mouclass - ok

14:41:42.0493 4120 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:41:42.0513 4120 mouhid - ok

14:41:42.0543 4120 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:41:42.0553 4120 mountmgr - ok

14:41:42.0663 4120 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

14:41:42.0683 4120 MozillaMaintenance - ok

14:41:42.0713 4120 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:41:42.0733 4120 mpio - ok

14:41:42.0743 4120 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:41:42.0783 4120 mpsdrv - ok

14:41:42.0823 4120 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

14:41:42.0883 4120 MpsSvc - ok

14:41:42.0913 4120 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:41:42.0953 4120 MRxDAV - ok

14:41:42.0973 4120 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:41:43.0013 4120 mrxsmb - ok

14:41:43.0043 4120 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:41:43.0093 4120 mrxsmb10 - ok

14:41:43.0103 4120 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:41:43.0123 4120 mrxsmb20 - ok

14:41:43.0153 4120 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:41:43.0173 4120 msahci - ok

14:41:43.0213 4120 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:41:43.0233 4120 msdsm - ok

14:41:43.0253 4120 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:41:43.0283 4120 MSDTC - ok

14:41:43.0303 4120 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:41:43.0343 4120 Msfs - ok

14:41:43.0353 4120 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:41:43.0383 4120 mshidkmdf - ok

14:41:43.0403 4120 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:41:43.0413 4120 msisadrv - ok

14:41:43.0443 4120 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:41:43.0483 4120 MSiSCSI - ok

14:41:43.0483 4120 msiserver - ok

14:41:43.0503 4120 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:41:43.0543 4120 MSKSSRV - ok

14:41:43.0563 4120 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:41:43.0603 4120 MSPCLOCK - ok

14:41:43.0623 4120 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:41:43.0663 4120 MSPQM - ok

14:41:43.0703 4120 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:41:43.0733 4120 MsRPC - ok

14:41:43.0753 4120 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

14:41:43.0763 4120 mssmbios - ok

14:41:43.0773 4120 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:41:43.0823 4120 MSTEE - ok

14:41:43.0833 4120 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

14:41:43.0853 4120 MTConfig - ok

14:41:43.0873 4120 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:41:43.0883 4120 Mup - ok

14:41:43.0923 4120 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

14:41:43.0983 4120 napagent - ok

14:41:44.0023 4120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:41:44.0053 4120 NativeWifiP - ok

14:41:44.0093 4120 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:41:44.0133 4120 NDIS - ok

14:41:44.0153 4120 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:41:44.0213 4120 NdisCap - ok

14:41:44.0233 4120 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:41:44.0263 4120 NdisTapi - ok

14:41:44.0293 4120 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:41:44.0333 4120 Ndisuio - ok

14:41:44.0353 4120 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:41:44.0403 4120 NdisWan - ok

14:41:44.0433 4120 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:41:44.0463 4120 NDProxy - ok

14:41:44.0473 4120 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:41:44.0523 4120 NetBIOS - ok

14:41:44.0553 4120 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:41:44.0603 4120 NetBT - ok

14:41:44.0633 4120 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:41:44.0663 4120 Netlogon - ok

14:41:44.0703 4120 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:41:44.0773 4120 Netman - ok

14:41:44.0803 4120 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:41:44.0843 4120 netprofm - ok

14:41:44.0913 4120 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:41:44.0933 4120 NetTcpPortSharing - ok

14:41:44.0953 4120 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

14:41:44.0963 4120 nfrd960 - ok

14:41:45.0013 4120 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

14:41:45.0053 4120 NlaSvc - ok

14:41:45.0063 4120 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:41:45.0093 4120 Npfs - ok

14:41:45.0113 4120 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:41:45.0153 4120 nsi - ok

14:41:45.0153 4120 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:41:45.0203 4120 nsiproxy - ok

14:41:45.0273 4120 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:41:45.0323 4120 Ntfs - ok

14:41:45.0413 4120 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:41:45.0483 4120 Null - ok

14:41:45.0523 4120 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:41:45.0533 4120 nvraid - ok

14:41:45.0553 4120 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:41:45.0573 4120 nvstor - ok

14:41:45.0603 4120 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:41:45.0623 4120 nv_agp - ok

14:41:45.0623 4120 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:41:45.0663 4120 ohci1394 - ok

14:41:45.0703 4120 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:41:45.0743 4120 p2pimsvc - ok

14:41:45.0783 4120 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:41:45.0803 4120 p2psvc - ok

14:41:45.0833 4120 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

14:41:45.0853 4120 Parport - ok

14:41:45.0873 4120 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

14:41:45.0893 4120 partmgr - ok

14:41:45.0963 4120 PassThru Service (68139940b5ac84affb7eb1b713be66e7) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

14:41:45.0983 4120 PassThru Service ( UnsignedFile.Multi.Generic ) - warning

14:41:45.0983 4120 PassThru Service - detected UnsignedFile.Multi.Generic (1)

14:41:46.0013 4120 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:41:46.0063 4120 PcaSvc - ok

14:41:46.0093 4120 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:41:46.0123 4120 pci - ok

14:41:46.0123 4120 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:41:46.0143 4120 pciide - ok

14:41:46.0173 4120 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

14:41:46.0183 4120 pcmcia - ok

14:41:46.0203 4120 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:41:46.0213 4120 pcw - ok

14:41:46.0243 4120 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:41:46.0293 4120 PEAUTH - ok

14:41:46.0343 4120 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

14:41:46.0403 4120 PeerDistSvc - ok

14:41:46.0453 4120 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:41:46.0483 4120 PerfHost - ok

14:41:46.0583 4120 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

14:41:46.0653 4120 pla - ok

14:41:46.0703 4120 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

14:41:46.0783 4120 PlugPlay - ok

14:41:46.0803 4120 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:41:46.0823 4120 PNRPAutoReg - ok

14:41:46.0853 4120 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:41:46.0873 4120 PNRPsvc - ok

14:41:46.0903 4120 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

14:41:46.0983 4120 PolicyAgent - ok

14:41:47.0013 4120 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:41:47.0063 4120 Power - ok

14:41:47.0113 4120 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:41:47.0183 4120 PptpMiniport - ok

14:41:47.0203 4120 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

14:41:47.0233 4120 Processor - ok

14:41:47.0263 4120 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

14:41:47.0313 4120 ProfSvc - ok

14:41:47.0343 4120 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:41:47.0363 4120 ProtectedStorage - ok

14:41:47.0403 4120 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:41:47.0453 4120 Psched - ok

14:41:47.0513 4120 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

14:41:47.0553 4120 ql2300 - ok

14:41:47.0633 4120 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

14:41:47.0663 4120 ql40xx - ok

14:41:47.0693 4120 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:41:47.0733 4120 QWAVE - ok

14:41:47.0793 4120 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:41:47.0823 4120 QWAVEdrv - ok

14:41:47.0843 4120 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:41:47.0893 4120 RasAcd - ok

14:41:47.0913 4120 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:41:47.0943 4120 RasAgileVpn - ok

14:41:47.0963 4120 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:41:48.0003 4120 RasAuto - ok

14:41:48.0023 4120 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:41:48.0063 4120 Rasl2tp - ok

14:41:48.0103 4120 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

14:41:48.0143 4120 RasMan - ok

14:41:48.0163 4120 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:41:48.0213 4120 RasPppoe - ok

14:41:48.0223 4120 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:41:48.0253 4120 RasSstp - ok

14:41:48.0293 4120 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:41:48.0343 4120 rdbss - ok

14:41:48.0363 4120 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:41:48.0403 4120 rdpbus - ok

14:41:48.0423 4120 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:41:48.0453 4120 RDPCDD - ok

14:41:48.0483 4120 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

14:41:48.0513 4120 RDPDR - ok

14:41:48.0523 4120 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:41:48.0563 4120 RDPENCDD - ok

14:41:48.0573 4120 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:41:48.0603 4120 RDPREFMP - ok

14:41:48.0643 4120 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

14:41:48.0703 4120 RDPWD - ok

14:41:48.0733 4120 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:41:48.0763 4120 rdyboost - ok

14:41:48.0783 4120 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:41:48.0833 4120 RemoteAccess - ok

14:41:48.0853 4120 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:41:48.0903 4120 RemoteRegistry - ok

14:41:48.0933 4120 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:41:48.0963 4120 RpcEptMapper - ok

14:41:48.0973 4120 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:41:49.0003 4120 RpcLocator - ok

14:41:49.0043 4120 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:41:49.0093 4120 RpcSs - ok

14:41:49.0123 4120 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:41:49.0153 4120 rspndr - ok

14:41:49.0193 4120 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

14:41:49.0213 4120 RTL8167 - ok

14:41:49.0243 4120 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

14:41:49.0283 4120 s3cap - ok

14:41:49.0313 4120 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:41:49.0323 4120 SamSs - ok

14:41:49.0393 4120 SandBox (1c20bc6d990a163c88db015cb5317d7e) C:\Windows\system32\drivers\SandBox64.sys

14:41:49.0423 4120 SandBox - ok

14:41:49.0453 4120 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:41:49.0463 4120 sbp2port - ok

14:41:49.0483 4120 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:41:49.0533 4120 SCardSvr - ok

14:41:49.0563 4120 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:41:49.0623 4120 scfilter - ok

14:41:49.0673 4120 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

14:41:49.0723 4120 Schedule - ok

14:41:49.0753 4120 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:41:49.0803 4120 SCPolicySvc - ok

14:41:49.0833 4120 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

14:41:49.0863 4120 SDRSVC - ok

14:41:49.0903 4120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:41:49.0953 4120 secdrv - ok

14:41:49.0983 4120 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

14:41:50.0023 4120 seclogon - ok

14:41:50.0033 4120 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

14:41:50.0073 4120 SENS - ok

14:41:50.0083 4120 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:41:50.0113 4120 SensrSvc - ok

14:41:50.0133 4120 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:41:50.0153 4120 Serenum - ok

14:41:50.0173 4120 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:41:50.0183 4120 Serial - ok

14:41:50.0213 4120 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

14:41:50.0253 4120 sermouse - ok

14:41:50.0293 4120 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

14:41:50.0333 4120 SessionEnv - ok

14:41:50.0363 4120 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:41:50.0393 4120 sffdisk - ok

14:41:50.0403 4120 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:41:50.0423 4120 sffp_mmc - ok

14:41:50.0433 4120 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:41:50.0473 4120 sffp_sd - ok

14:41:50.0503 4120 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

14:41:50.0523 4120 sfloppy - ok

14:41:50.0573 4120 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

14:41:50.0623 4120 SharedAccess - ok

14:41:50.0663 4120 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

14:41:50.0713 4120 ShellHWDetection - ok

14:41:50.0733 4120 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:41:50.0743 4120 SiSRaid2 - ok

14:41:50.0753 4120 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

14:41:50.0763 4120 SiSRaid4 - ok

14:41:50.0783 4120 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:41:50.0823 4120 Smb - ok

14:41:50.0853 4120 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:41:50.0893 4120 SNMPTRAP - ok

14:41:50.0903 4120 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:41:50.0913 4120 spldr - ok

14:41:50.0943 4120 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

14:41:50.0973 4120 Spooler - ok

14:41:51.0093 4120 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

14:41:51.0173 4120 sppsvc - ok

14:41:51.0243 4120 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:41:51.0303 4120 sppuinotify - ok

14:41:51.0323 4120 sptd - ok

14:41:51.0353 4120 Spyder3 (d8b882c520fc83547e22014ff5ec66d7) C:\Windows\system32\DRIVERS\Spyder3.sys

14:41:51.0393 4120 Spyder3 - ok

14:41:51.0433 4120 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:41:51.0473 4120 srv - ok

14:41:51.0503 4120 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:41:51.0533 4120 srv2 - ok

14:41:51.0543 4120 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:41:51.0563 4120 srvnet - ok

14:41:51.0593 4120 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:41:51.0633 4120 SSDPSRV - ok

14:41:51.0653 4120 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:41:51.0683 4120 SstpSvc - ok

14:41:51.0733 4120 StarPortLite (415205b445c60b09e779f78d6df25667) C:\Windows\system32\DRIVERS\StarPortLite.sys

14:41:51.0753 4120 StarPortLite - ok

14:41:51.0763 4120 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

14:41:51.0783 4120 stexstor - ok

14:41:51.0833 4120 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

14:41:51.0883 4120 stisvc - ok

14:41:51.0923 4120 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

14:41:51.0953 4120 storflt - ok

14:41:51.0973 4120 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

14:41:52.0013 4120 StorSvc - ok

14:41:52.0023 4120 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

14:41:52.0043 4120 storvsc - ok

14:41:52.0053 4120 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

14:41:52.0063 4120 swenum - ok

14:41:52.0143 4120 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

14:41:52.0163 4120 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

14:41:52.0163 4120 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

14:41:52.0213 4120 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:41:52.0263 4120 swprv - ok

14:41:52.0323 4120 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

14:41:52.0403 4120 SysMain - ok

14:41:52.0483 4120 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

14:41:52.0523 4120 TabletInputService - ok

14:41:52.0763 4120 TabletServiceWacom (191394b308bd7fedb4ebb4f7f04c1339) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

14:41:52.0833 4120 TabletServiceWacom - ok

14:41:52.0933 4120 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

14:41:53.0003 4120 TapiSrv - ok

14:41:53.0023 4120 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:41:53.0063 4120 TBS - ok

14:41:53.0153 4120 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

14:41:53.0193 4120 Tcpip - ok

14:41:53.0273 4120 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

14:41:53.0313 4120 TCPIP6 - ok

14:41:53.0353 4120 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:41:53.0423 4120 tcpipreg - ok

14:41:53.0453 4120 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:41:53.0473 4120 TDPIPE - ok

14:41:53.0503 4120 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

14:41:53.0533 4120 TDTCP - ok

14:41:53.0573 4120 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:41:53.0623 4120 tdx - ok

14:41:53.0653 4120 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

14:41:53.0663 4120 TermDD - ok

14:41:53.0703 4120 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

14:41:53.0763 4120 TermService - ok

14:41:53.0793 4120 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:41:53.0803 4120 Themes - ok

14:41:53.0833 4120 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:41:53.0863 4120 THREADORDER - ok

14:41:53.0883 4120 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:41:53.0913 4120 TrkWks - ok

14:41:53.0973 4120 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

14:41:54.0033 4120 TrustedInstaller - ok

14:41:54.0063 4120 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:41:54.0123 4120 tssecsrv - ok

14:41:54.0143 4120 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:41:54.0173 4120 TsUsbFlt - ok

14:41:54.0223 4120 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:41:54.0283 4120 tunnel - ok

14:41:54.0303 4120 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

14:41:54.0313 4120 uagp35 - ok

14:41:54.0353 4120 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:41:54.0423 4120 udfs - ok

14:41:54.0453 4120 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:41:54.0473 4120 UI0Detect - ok

14:41:54.0493 4120 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:41:54.0513 4120 uliagpkx - ok

14:41:54.0533 4120 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

14:41:54.0553 4120 umbus - ok

14:41:54.0573 4120 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:41:54.0593 4120 UmPass - ok

14:41:54.0623 4120 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

14:41:54.0653 4120 UmRdpService - ok

14:41:54.0693 4120 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:41:54.0753 4120 upnphost - ok

14:41:54.0773 4120 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:41:54.0803 4120 usbccgp - ok

14:41:54.0833 4120 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:41:54.0853 4120 usbcir - ok

14:41:54.0873 4120 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

14:41:54.0903 4120 usbehci - ok

14:41:54.0933 4120 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:41:54.0963 4120 usbhub - ok

14:41:54.0973 4120 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

14:41:55.0003 4120 usbohci - ok

14:41:55.0033 4120 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:41:55.0073 4120 usbprint - ok

14:41:55.0093 4120 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

14:41:55.0113 4120 usbscan - ok

14:41:55.0123 4120 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:55.0173 4120 USBSTOR - ok

14:41:55.0183 4120 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:41:55.0213 4120 usbuhci - ok

14:41:55.0243 4120 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:41:55.0273 4120 UxSms - ok

14:41:55.0313 4120 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:41:55.0343 4120 VaultSvc - ok

14:41:55.0363 4120 VBEngNT (fddf916a3e1e98c5e1dbee380f7fde52) C:\Windows\system32\drivers\VBEngNT.sys

14:41:55.0383 4120 VBEngNT - ok

14:41:55.0423 4120 VBFilt (af6370f45ba18dba70461dbe8731a24e) C:\Windows\system32\Filt\VBFilt64.dll

14:41:55.0433 4120 VBFilt - ok

14:41:55.0463 4120 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:41:55.0483 4120 vdrvroot - ok

14:41:55.0533 4120 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

14:41:55.0583 4120 vds - ok

14:41:55.0613 4120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:41:55.0643 4120 vga - ok

14:41:55.0653 4120 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:41:55.0693 4120 VgaSave - ok

14:41:55.0713 4120 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:41:55.0733 4120 vhdmp - ok

14:41:55.0743 4120 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:41:55.0763 4120 viaide - ok

14:41:55.0783 4120 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

14:41:55.0793 4120 vmbus - ok

14:41:55.0843 4120 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

14:41:55.0883 4120 VMBusHID - ok

14:41:55.0903 4120 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:41:55.0913 4120 volmgr - ok

14:41:55.0953 4120 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:41:55.0983 4120 volmgrx - ok

14:41:56.0003 4120 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:41:56.0013 4120 volsnap - ok

14:41:56.0033 4120 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

14:41:56.0053 4120 vsmraid - ok

14:41:56.0123 4120 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

14:41:56.0193 4120 VSS - ok

14:41:56.0273 4120 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

14:41:56.0313 4120 vwifibus - ok

14:41:56.0363 4120 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:41:56.0413 4120 W32Time - ok

14:41:56.0443 4120 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

14:41:56.0483 4120 wacmoumonitor - ok

14:41:56.0503 4120 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

14:41:56.0523 4120 wacommousefilter - ok

14:41:56.0543 4120 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

14:41:56.0563 4120 WacomPen - ok

14:41:56.0583 4120 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys

14:41:56.0593 4120 wacomvhid - ok

14:41:56.0643 4120 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:41:56.0703 4120 WANARP - ok

14:41:56.0703 4120 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:41:56.0733 4120 Wanarpv6 - ok

14:41:56.0813 4120 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:41:56.0853 4120 WatAdminSvc - ok

14:41:56.0913 4120 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

14:41:56.0973 4120 wbengine - ok

14:41:57.0053 4120 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:41:57.0083 4120 WbioSrvc - ok

14:41:57.0123 4120 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

14:41:57.0163 4120 wcncsvc - ok

14:41:57.0173 4120 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:41:57.0193 4120 WcsPlugInService - ok

14:41:57.0233 4120 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

14:41:57.0253 4120 Wd - ok

14:41:57.0283 4120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:41:57.0313 4120 Wdf01000 - ok

14:41:57.0323 4120 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:41:57.0393 4120 WdiServiceHost - ok

14:41:57.0393 4120 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:41:57.0413 4120 WdiSystemHost - ok

14:41:57.0443 4120 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

14:41:57.0473 4120 WebClient - ok

14:41:57.0503 4120 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:41:57.0553 4120 Wecsvc - ok

14:41:57.0573 4120 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:41:57.0613 4120 wercplsupport - ok

14:41:57.0633 4120 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:41:57.0673 4120 WerSvc - ok

14:41:57.0723 4120 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:41:57.0773 4120 WfpLwf - ok

14:41:57.0783 4120 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:41:57.0803 4120 WIMMount - ok

14:41:57.0833 4120 WinDefend - ok

14:41:57.0843 4120 WinHttpAutoProxySvc - ok

14:41:57.0903 4120 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:41:57.0963 4120 Winmgmt - ok

14:41:58.0053 4120 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

14:41:58.0123 4120 WinRM - ok

14:41:58.0233 4120 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:41:58.0283 4120 Wlansvc - ok

14:41:58.0303 4120 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

14:41:58.0323 4120 WmiAcpi - ok

14:41:58.0393 4120 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:41:58.0423 4120 wmiApSrv - ok

14:41:58.0463 4120 WMPNetworkSvc - ok

14:41:58.0503 4120 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:41:58.0543 4120 WPCSvc - ok

14:41:58.0573 4120 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

14:41:58.0593 4120 WPDBusEnum - ok

14:41:58.0633 4120 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:41:58.0683 4120 ws2ifsl - ok

14:41:58.0713 4120 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

14:41:58.0743 4120 wscsvc - ok

14:41:58.0753 4120 WSearch - ok

14:41:58.0853 4120 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

14:41:58.0923 4120 wuauserv - ok

14:41:59.0023 4120 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:41:59.0093 4120 WudfPf - ok

14:41:59.0113 4120 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:41:59.0153 4120 WUDFRd - ok

14:41:59.0183 4120 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

14:41:59.0213 4120 wudfsvc - ok

14:41:59.0233 4120 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:41:59.0263 4120 WwanSvc - ok

14:41:59.0293 4120 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:41:59.0353 4120 \Device\Harddisk0\DR0 - ok

14:41:59.0373 4120 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

14:41:59.0423 4120 \Device\Harddisk1\DR1 - ok

14:41:59.0423 4120 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

14:41:59.0473 4120 \Device\Harddisk2\DR2 - ok

14:41:59.0493 4120 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3

14:41:59.0543 4120 \Device\Harddisk3\DR3 - ok

14:41:59.0543 4120 Boot (0x1200) (aec795d80f765a984e8ed0aac0cbfdfc) \Device\Harddisk0\DR0\Partition0

14:41:59.0553 4120 \Device\Harddisk0\DR0\Partition0 - ok

14:41:59.0553 4120 Boot (0x1200) (1e7625f54608670f41745395d26adc82) \Device\Harddisk1\DR1\Partition0

14:41:59.0553 4120 \Device\Harddisk1\DR1\Partition0 - ok

14:41:59.0553 4120 Boot (0x1200) (bb920807158e2c412ed546a337d8326e) \Device\Harddisk2\DR2\Partition0

14:41:59.0563 4120 \Device\Harddisk2\DR2\Partition0 - ok

14:41:59.0583 4120 Boot (0x1200) (80164ed1db937c67a40c52ea68eee575) \Device\Harddisk3\DR3\Partition0

14:41:59.0593 4120 \Device\Harddisk3\DR3\Partition0 - ok

14:41:59.0613 4120 Boot (0x1200) (7a3670812e086f92c0ffc77dd618b443) \Device\Harddisk3\DR3\Partition1

14:41:59.0613 4120 \Device\Harddisk3\DR3\Partition1 - ok

14:41:59.0613 4120 ============================================================

14:41:59.0613 4120 Scan finished

14:41:59.0613 4120 ============================================================

14:41:59.0623 1868 Detected object count: 2

14:41:59.0623 1868 Actual detected object count: 2

14:42:21.0673 1868 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:42:21.0673 1868 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:42:21.0683 1868 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

14:42:21.0683 1868 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

These objects indeed seem legit. Let me know how things are after the following scan.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


RegNull::
[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{340D5E9D-A58B-39E4-9923-78ABD8A9AC67}*]
[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63008CD5-F7B2-9A56-2213-1AAFCA0F2C8E}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{340D5E9D-A58B-39E4-9923-78ABD8A9AC67}\InProcServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63008CD5-F7B2-9A56-2213-1AAFCA0F2C8E}\InProcServer32*]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi again Elise,

I closed firefox, pulled the machine off the network, closed malwarebytes and outpost security suite, and then ran the ComboFix once again by dropping your script on the executable...

Below is pasted the resulting log which was displayed after ComboFix rebooted the machine:

ComboFix 12-04-26.01 - Mediacube 04/26/2012 15:15:26.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.6406 [GMT -4:00]

Running from: c:\users\Mediacube\Desktop\ComboFix\ComboFix.exe

Command switches used :: c:\users\Mediacube\Desktop\ComboFix\CFScript.txt

AV: Outpost Security Suite *Disabled/Updated* {ECEA6BCD-A007-0BC7-D5A5-0254DCBD816E}

FW: Outpost Security Suite *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}

SP: Outpost Security Suite *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))

.

.

2012-04-26 19:31 . 2012-04-26 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-25 05:21 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-25 05:21 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-25 05:21 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-25 05:21 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{650439F9-D64F-4195-B423-103B9893F7A0}\mpengine.dll

2012-04-25 05:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-25 05:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-25 05:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-25 05:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-25 05:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-25 05:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-25 05:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-24 21:53 . 2012-04-24 21:53 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-24 21:53 . 2012-04-24 21:53 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-24 21:53 . 2012-04-24 21:53 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-22 01:43 . 2012-04-22 01:43 -------- d-----w- c:\programdata\Camera Bits, Inc

2012-04-21 22:26 . 2012-04-21 22:26 -------- d-----w- c:\users\Mediacube\AppData\Roaming\Camera Bits, Inc

2012-04-21 22:23 . 2012-04-21 22:23 -------- d-----w- c:\program files (x86)\Camera Bits

2012-04-21 22:16 . 2012-04-21 22:16 -------- d-----w- c:\windows\system32\appmgmt

2012-04-21 06:46 . 2012-04-21 06:46 -------- d-----w- c:\users\Mediacube\AppData\Roaming\XnView

2012-04-20 20:25 . 2012-04-21 22:14 -------- d-----w- c:\users\Mediacube\AppData\Local\ACD Systems

2012-04-20 20:25 . 2012-04-20 20:25 -------- d-----w- c:\users\Mediacube\AppData\Roaming\ACD Systems

2012-04-20 20:22 . 2012-04-21 22:15 -------- d-----w- c:\programdata\ACD Systems

2012-04-19 20:49 . 2012-04-19 20:50 -------- d-----w- c:\users\Mediacube\AppData\Local\QuickPar

2012-04-19 20:47 . 2012-04-19 20:47 -------- d-----w- c:\program files (x86)\QuickPar

2012-04-19 16:51 . 2012-04-19 16:51 -------- d-----w- c:\users\Mediacube\AppData\Local\Google

2012-04-18 22:04 . 2012-04-18 22:04 -------- d-----w- c:\users\Mediacube\AppData\Roaming\StarBurn

2012-04-04 21:08 . 2012-04-04 21:08 -------- d-----w- c:\program files (x86)\AMD APP

2012-04-04 20:59 . 2012-04-04 20:59 -------- d-----w- c:\programdata\ATI

2012-04-04 20:54 . 2012-04-04 20:54 -------- d-----w- c:\programdata\AMD

2012-04-04 20:54 . 2012-04-04 20:54 -------- d-----w- c:\program files (x86)\AMD AVT

2012-04-04 20:53 . 2012-04-04 20:53 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-04-04 20:53 . 2012-04-04 20:53 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-04-04 20:51 . 2012-04-04 20:51 -------- d-----w- c:\program files\ATI

2012-04-04 20:49 . 2012-04-04 20:53 -------- d-----w- c:\program files\ATI Technologies

2012-04-04 20:19 . 2012-04-04 20:19 -------- d-----w- C:\AMD

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2011-12-09 05:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll

2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll

2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll

2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll

2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-03-09 03:57 . 2012-03-09 03:57 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-03-09 03:47 . 2012-03-09 03:47 58880 ----a-w- c:\windows\system32\coinst.dll

2012-02-23 14:18 . 2011-06-23 18:47 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 06:38 . 2012-03-14 13:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 13:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 13:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 13:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 13:06 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 13:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 13:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-26_14.36.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-23 19:12 . 2012-04-26 14:50 36100 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-26 14:50 33930 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-06-23 18:27 . 2012-04-26 14:50 13558 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3488321904-1041780870-3181433465-1000_UserData.bin

+ 2011-07-24 21:17 . 2012-04-26 19:33 52336 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

- 2011-07-24 21:17 . 2012-04-26 14:34 52336 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

- 2012-04-26 14:33 . 2012-04-26 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-26 19:33 . 2012-04-26 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-26 14:33 . 2012-04-26 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-26 19:33 . 2012-04-26 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-04-25 05:32 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-26 14:54 623940 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-04-25 05:32 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-04-26 14:54 106316 c:\windows\system32\perfc009.dat

+ 2009-07-14 04:46 . 2012-04-26 14:52 122744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-07-14 05:01 . 2012-04-26 14:32 360280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-04-26 19:31 360280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-23 20:03 . 2012-04-26 19:31 1172776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-06-23 20:03 . 2012-04-26 14:32 1172776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-06-23 18:22 . 2012-04-26 14:32 3865640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3488321904-1041780870-3181433465-1000-8192.dat

+ 2011-06-23 18:22 . 2012-04-26 19:31 3865640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3488321904-1041780870-3181433465-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2010-7-26 7667970]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt64.dll [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-24 129976]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [x]

R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt64.dll [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]

S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [x]

S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox64.sys [x]

S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [x]

S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2011-04-04 3501696]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]

S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488321904-1041780870-3181433465-1000Core.job

- c:\users\Mediacube\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 16:51]

.

2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3488321904-1041780870-3181433465-1000UA.job

- c:\users\Mediacube\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 16:51]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]

@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]

2011-03-30 23:02 601528 ----a-w- c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-04-04 4510072]

"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [2011-03-30 808064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

FF - ProfilePath - c:\users\Mediacube\AppData\Roaming\Mozilla\Firefox\Profiles\3ygotqwa.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.032"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.abr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ani"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.apd"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.arw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.bay"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3488321904-1041780870-3181433465-1000)

"Progid"="ACDSee Pro 5.bmp"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.bw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cr2"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.crw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cs1"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cur"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dcr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dcx"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dib"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.djv"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.djvu"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dng"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.emf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.eps"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.erf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.fff"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.fpx"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.gif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.hdr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.icl"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.icn"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.iff"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ilbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.int"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.inta"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.iw4"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.j2c"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.j2k"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jbr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jfif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jp2"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpc"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpe"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpeg"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpg"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpk"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpx"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.kdc"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.lbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mef"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mos"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mrw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.nef"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.nrw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.orf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pbr"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pcd"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pct"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pcx"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pef"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pgm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pic"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pict"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pix"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.png"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ppm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.psd"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.psp"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pspbrush"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pspimage"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.raf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ras"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.raw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rgb"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rgba"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rle"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rsb"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rw2"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rwl"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.sgi"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.sr2"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.srf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.srw"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.tga"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.thm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.tif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.tiff"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ttc"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ttf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wbmp"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wmf"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xbm"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xif"

.

[HKEY_USERS\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xpm"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-26 15:38:17 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-26 19:38

.

Pre-Run: 147,324,555,264 bytes free

Post-Run: 147,016,704,000 bytes free

.

- - End Of File - - A7268F8EB88BCC86DC2410B10DC0903E

Link to post
Share on other sites

Just now Outpost Security Suite ran its own anti-malware procedure and detected two infections:

Detected malware "BiFrost" (Backdoor) in hkey_users\s-1-5-21-3488321904-1041780870-3181433465-1000\software\wget

Detected malware "BZub" (Trojan) in hkey_local_machine\software\microsoft\windows\currentversion\control panel\load

I allowed it to run its removal procedure and it says it has placed them in quarantine.. however, researching those two names in google shows they are both notoriously difficult to remove, so I'm not 100% sure I got them completely, not sure if they are the only infections, and no way of knowing if they were used to download additional malware onto the machine...

Link to post
Share on other sites

Lets run an additional scan to see if anything else is hiding as well.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Something else is definitely still hiding because the blocked connections to 208.73.210.29 continue just as before, whenever firefox is open.

Also, Outpost flags the OTL.exe as a suspicious file the moment it's downloaded.. It reads it as Malware: Packed/PECompact (packer)

Link to post
Share on other sites

Ok, here is the content of OTL.txt and below it is Extras.txt

OTL logfile created on: 4/27/2012 7:27:34 AM - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Mediacube\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.01 Gb Available Physical Memory | 62.73% Memory free

15.98 Gb Paging File | 13.06 Gb Available in Paging File | 81.70% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195.31 Gb Total Space | 134.93 Gb Free Space | 69.09% Space Free | Partition Type: NTFS

Drive D: | 270.45 Gb Total Space | 0.98 Gb Free Space | 0.36% Space Free | Partition Type: NTFS

Drive E: | 596.17 Gb Total Space | 115.97 Gb Free Space | 19.45% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 13.34 Gb Free Space | 2.86% Space Free | Partition Type: NTFS

Drive I: | 149.05 Gb Total Space | 4.57 Gb Free Space | 3.06% Space Free | Partition Type: NTFS

Computer Name: MEDIAQUBE | User Name: Mediacube | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/27 07:12:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mediacube\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/22 10:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

PRC - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/08/16 16:15:26 | 001,065,472 | ---- | M] (xiles (Noh JungHoon)) -- D:\utility\NexusFont\NexusFont.exe

PRC - [2010/07/07 16:00:22 | 007,667,970 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/14 09:39:46 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll

MOD - [2012/03/14 09:39:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/03/14 09:39:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/03/14 09:39:03 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012/03/14 09:38:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/08/22 10:01:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll

MOD - [2011/08/22 10:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

MOD - [2011/08/22 10:01:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll

MOD - [2011/08/22 10:01:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll

MOD - [2011/08/22 10:01:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll

MOD - [2011/08/22 10:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll

MOD - [2011/08/22 10:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll

MOD - [2011/08/22 10:01:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll

MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/07/07 16:00:22 | 007,667,970 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

MOD - [2010/07/07 16:00:22 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RBScript.dll

MOD - [2010/07/07 16:00:22 | 000,762,368 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\XML.dll

MOD - [2010/07/07 16:00:22 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CGamma.dll

MOD - [2010/07/07 16:00:22 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RegEx.dll

MOD - [2010/07/07 16:00:22 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Appearance Pak.dll

MOD - [2010/07/07 16:00:22 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Shell.dll

MOD - [2010/07/07 16:00:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CSensor.dll

MOD - [2010/07/07 16:00:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll

MOD - [2010/07/07 16:00:22 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll

MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/04/04 10:57:32 | 003,501,696 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe -- (acssrv)

SRV:64bit: - [2010/11/15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/04/24 17:53:09 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/05 15:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/21 16:29:04 | 001,097,672 | ---- | M] (Agnitum Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SandBox64.sys -- (SandBox)

DRV:64bit: - [2011/03/21 16:28:12 | 000,042,976 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Filt\VBFilt64.dll -- (VBFilt)

DRV:64bit: - [2011/03/21 16:28:06 | 000,049,168 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Filt\ASWFilt64.dll -- (ASWFilt)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/02 17:04:24 | 000,293,048 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBEngNT.sys -- (VBEngNT)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/10/25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2010/10/25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2010/09/27 15:38:44 | 000,424,040 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore)

DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/04/20 16:02:50 | 000,039,528 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (afw)

DRV:64bit: - [2010/03/30 22:27:42 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)

DRV:64bit: - [2009/11/18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/02 15:00:46 | 000,118,888 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mediacube\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mediacube\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/24 17:53:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/07 19:38:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/06/23 14:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mediacube\AppData\Roaming\Mozilla\Extensions

[2012/04/26 11:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mediacube\AppData\Roaming\Mozilla\Firefox\Profiles\3ygotqwa.default\extensions

[2011/11/11 09:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\MEDIACUBE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YGOTQWA.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI

() (No name found) -- C:\USERS\MEDIACUBE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YGOTQWA.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI

() (No name found) -- C:\USERS\MEDIACUBE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YGOTQWA.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI

() (No name found) -- C:\USERS\MEDIACUBE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YGOTQWA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\MEDIACUBE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YGOTQWA.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI

[2012/04/24 17:53:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/11/11 09:08:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/11 09:08:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - Extension: Web Developer = C:\Users\Mediacube\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\

CHR - Extension: YouTube = C:\Users\Mediacube\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: YouTube = C:\Users\Mediacube\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\Mediacube\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: Google Search = C:\Users\Mediacube\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Mediacube\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

CHR - Extension: Gmail = C:\Users\Mediacube\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/26 15:34:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)

O4:64bit: - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-3488321904-1041780870-3181433465-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3488321904-1041780870-3181433465-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3488321904-1041780870-3181433465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C615C7-1B65-4F59-AF2F-08993A8FC71C}: DhcpNameServer = 167.206.245.129 167.206.245.130

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook64.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook64.dll (Agnitum Ltd.)

O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 07:24:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mediacube\Desktop\OTL(1).exe

[2012/04/27 07:12:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mediacube\Desktop\OTL.exe

[2012/04/26 19:59:37 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\Desktop\Mediacube Backup

[2012/04/26 15:38:20 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/04/26 15:34:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/04/26 10:22:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/26 10:22:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/26 10:22:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/26 10:22:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/26 10:21:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/25 01:21:38 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/04/25 01:21:38 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/04/25 01:21:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/04/25 01:20:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/04/25 01:20:09 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/04/25 01:20:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/04/24 17:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/04/24 17:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/04/21 21:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Camera Bits, Inc

[2012/04/21 21:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Mechanic 4.6.8

[2012/04/21 18:26:19 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Roaming\Camera Bits, Inc

[2012/04/21 18:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Camera Bits

[2012/04/21 18:16:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2012/04/21 02:46:36 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Roaming\XnView

[2012/04/20 16:25:10 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Local\ACD Systems

[2012/04/20 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Roaming\ACD Systems

[2012/04/20 16:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems

[2012/04/19 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Local\QuickPar

[2012/04/19 16:47:55 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar

[2012/04/19 16:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar

[2012/04/19 16:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar

[2012/04/19 12:51:54 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/04/19 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Local\Google

[2012/04/18 18:04:50 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\Documents\StarBurn

[2012/04/18 18:04:50 | 000,000,000 | ---D | C] -- C:\Users\Mediacube\AppData\Roaming\StarBurn

[2012/04/04 17:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012/04/04 16:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/04/04 16:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD

[2012/04/04 16:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT

[2012/04/04 16:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2012/04/04 16:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2012/04/04 16:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/04/04 16:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2012/04/04 16:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2012/04/04 16:19:08 | 000,000,000 | ---D | C] -- C:\AMD

========== Files - Modified Within 30 Days ==========

[2012/04/27 07:24:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mediacube\Desktop\OTL(1).exe

[2012/04/27 07:12:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mediacube\Desktop\OTL.exe

[2012/04/27 06:56:13 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3488321904-1041780870-3181433465-1000UA.job

[2012/04/26 17:20:29 | 000,000,132 | ---- | M] () -- C:\Users\Mediacube\AppData\Roaming\Adobe Targa Format CS5 Prefs

[2012/04/26 15:48:42 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/26 15:48:42 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/26 15:47:19 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/26 15:47:19 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/26 15:47:19 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/26 15:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/26 15:41:02 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/26 15:34:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/04/26 13:00:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3488321904-1041780870-3181433465-1000Core.job

[2012/04/22 20:12:13 | 000,000,132 | ---- | M] () -- C:\Users\Mediacube\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2012/04/20 16:25:32 | 000,003,584 | ---- | M] () -- C:\Users\Mediacube\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/04 16:38:19 | 000,000,034 | ---- | M] () -- C:\Windows\SysNative\machine.ini

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/02 22:33:20 | 000,000,132 | ---- | M] () -- C:\Users\Mediacube\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2012/04/01 15:28:13 | 000,001,466 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm v4.lnk

========== Files Created - No Company Name ==========

[2012/04/26 10:22:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/26 10:22:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/26 10:22:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/26 10:22:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/26 10:22:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/20 16:25:32 | 000,003,584 | ---- | C] () -- C:\Users\Mediacube\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/19 12:51:26 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3488321904-1041780870-3181433465-1000UA.job

[2012/04/19 12:51:25 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3488321904-1041780870-3181433465-1000Core.job

[2012/04/04 16:38:19 | 000,000,034 | ---- | C] () -- C:\Windows\SysNative\machine.ini

[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/01/08 02:03:46 | 000,000,118 | ---- | C] () -- C:\Windows\SysWow64\Binder Functions.dll

[2011/11/17 14:06:06 | 000,000,132 | ---- | C] () -- C:\Users\Mediacube\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2011/09/23 09:53:14 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/09/23 09:53:12 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/09/23 09:53:12 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/09/23 09:53:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/07/12 19:09:03 | 000,000,132 | ---- | C] () -- C:\Users\Mediacube\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2011/06/26 18:30:07 | 000,000,132 | ---- | C] () -- C:\Users\Mediacube\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/06/26 15:27:13 | 000,000,805 | ---- | C] () -- C:\Windows\cedt.INI

[2011/06/26 14:32:59 | 000,000,132 | ---- | C] () -- C:\Users\Mediacube\AppData\Roaming\Adobe Targa Format CS5 Prefs

[2011/06/25 14:40:15 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/06/23 15:10:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/06/23 13:49:17 | 000,007,605 | ---- | C] () -- C:\Users\Mediacube\AppData\Local\Resmon.ResmonCfg

[2011/03/24 14:37:50 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll

========== Files - Unicode (All) ==========

[2011/12/22 13:59:05 | 000,000,000 | ---D | M](C:\Users\Mediacube\AppData\Local\???__?????

Link to post
Share on other sites

Hi again,

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.
    :otl
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/24 17:53:10 | 000,000,000 | ---D | M]

    :commands
    [emptytemp]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Here is the logfile after rebooting. When I opened firefox, the same connection was blocked again by Malwarebytes.

All processes killed

========== OTL ==========

File HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mediacube

->Temp folder emptied: 1280838 bytes

->Temporary Internet Files folder emptied: 33209 bytes

->Java cache emptied: 122600 bytes

->FireFox cache emptied: 337430833 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 59406 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 323.00 mb

OTL by OldTimer - Version 3.2.42.1 log created on 04272012_122321

Files\Folders moved on Reboot...

C:\Users\Mediacube\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Also, this is the MBAM protection log from today, so you can see the connections being made.. Also, the fact that the daily update always fails is strange:

2012/04/27 00:07:01 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50264, Process: firefox.exe)

2012/04/27 00:22:46 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50640, Process: firefox.exe)

2012/04/27 00:38:24 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51108, Process: firefox.exe)

2012/04/27 00:54:09 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51477, Process: firefox.exe)

2012/04/27 01:09:50 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 51929, Process: firefox.exe)

2012/04/27 01:25:36 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 52528, Process: firefox.exe)

2012/04/27 01:41:12 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53156, Process: firefox.exe)

2012/04/27 03:49:30 -0400 MEDIAQUBE Mediacube MESSAGE Executing scheduled update: Daily

2012/04/27 03:49:31 -0400 MEDIAQUBE Mediacube ERROR Scheduled update failed: No address found failed with error code 0

2012/04/27 07:11:40 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53361, Process: firefox.exe)

2012/04/27 07:35:51 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53804, Process: firefox.exe)

2012/04/27 07:51:36 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54035, Process: firefox.exe)

2012/04/27 08:07:21 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54255, Process: firefox.exe)

2012/04/27 08:22:58 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54402, Process: firefox.exe)

2012/04/27 08:38:43 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54563, Process: firefox.exe)

2012/04/27 08:54:28 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54848, Process: firefox.exe)

2012/04/27 11:15:14 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54988, Process: firefox.exe)

2012/04/27 11:30:51 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55147, Process: firefox.exe)

2012/04/27 11:46:35 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55296, Process: firefox.exe)

2012/04/27 12:02:21 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55506, Process: firefox.exe)

2012/04/27 12:17:58 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55711, Process: firefox.exe)

2012/04/27 12:29:22 -0400 MEDIAQUBE Mediacube MESSAGE Starting protection

2012/04/27 12:29:24 -0400 MEDIAQUBE Mediacube MESSAGE Protection started successfully

2012/04/27 12:29:27 -0400 MEDIAQUBE Mediacube MESSAGE Starting IP protection

2012/04/27 12:29:28 -0400 MEDIAQUBE Mediacube MESSAGE IP Protection started successfully

2012/04/27 12:30:31 -0400 MEDIAQUBE Mediacube IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49319, Process: firefox.exe)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.