Jump to content

Recommended Posts

Hello, I have scanned using Malwarebytes Anti-malware, and it has removed Malware.Trace and BCMiner. But however ping.exe is still apearing in Process Explorer, and taking up to 500,000 KB of ram and it spans over multiple processes. Normally the ping command should only take less than a Kilobyte of storage. Here is my DDS.txt and Attach.txt, my Malwarebytes log file of the deleted items is also below these two files. System restore has been disabled at the time of this post.

Here is DDS.txt

3E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{0FD90673-0698-4AB0-A672-EB946840B26A} : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{2A5A9786-F155-400B-86DA-463D12CDD892} : NameServer = 192.168.2.1

TCP: Interfaces\{2C774FC7-F90C-4A8F-BF52-64E82495C5AB} : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{97A9639E-5102-41FB-A1E9-741C6EE68E16} : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{9AA34286-45AD-4091-A035-4CD6742A88AD} : DhcpNameServer = 203.208.88.11 203.208.112.11

TCP: Interfaces\{A01C8624-092D-465B-A8A7-EE2175980475}\D616C6 : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{C08B36DD-0326-47AE-B6A2-DA2397AC9C74} : NameServer = 192.168.2.1

TCP: Interfaces\{C9B1C0A1-26A5-4417-A22C-7120698327F9} : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{EEE80DE8-3571-45DB-9720-492E27304301} : NameServer = 8.8.8.8

TCP: Interfaces\{EEE80DE8-3571-45DB-9720-492E27304301} : DhcpNameServer = 10.1.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -

mASetup: {QPVQESKX-5O28-1G71-OG27-P75TJIBLAE75} - C:\Users\Patrick\AppData\Roaming\Winbooterr\svchost.exe

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO-X64: LastPass Browser Helper Object - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Programs\Free Download Manager\iefdm2.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [startCCC] "E:\Programs\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\b3q7ws3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.ftp - localhost

FF - prefs.js: network.proxy.ftp_port - 8118

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 8118

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 8118

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll

FF - plugin: C:\Users\Patrick\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Users\Patrick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

FF - plugin: C:\Windows\system32\npdeployJava1.dll

FF - plugin: C:\Windows\system32\npmproxy.dll

FF - plugin: E:\Programs\JRE7\bin\new_plugin\npjp2.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2011-3-10 892992]

R2 DirMngr;DirMngr;E:\Programs\GnuPG\dirmngr.exe [2011-3-3 224256]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-11 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-11 399416]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-7-1 114688]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-30 2320920]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-10-30 275912]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]

S2 Virtual Router;VirtualRouterService;C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-4-4 128928]

S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

S3 jswpsapi;Jumpstart Wifi Protected Setup;E:\Programs\Belkin\jswpsapi.exe [2007-10-29 352338]

S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 PVUSB;CESG502 64bit USB Driver;C:\Windows\system32\DRIVERS\CESG64.sys --> C:\Windows\system32\DRIVERS\CESG64.sys [?]

S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;E:\Programs\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe [2012-4-3 95896]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;E:\My Docuemnts\WinRing0x64.sys [2008-7-26 14544]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2012-05-29 10:40:29 -------- d-----w- C:\Program Files (x86)\ESET

2012-05-29 07:22:52 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Malwarebytes

2012-05-29 07:22:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-29 07:22:49 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-29 07:22:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-27 09:48:44 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-05-22 06:53:14 -------- d-----w- C:\Users\Patrick\AppData\Local\Spotify

2012-05-22 06:41:52 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Spotify

2012-05-09 21:44:28 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-09 21:44:28 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-09 21:44:24 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-09 21:44:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-09 21:44:23 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-09 21:44:23 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-09 21:42:27 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-09 21:41:38 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-09 21:41:29 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 21:41:29 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-09 21:41:29 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-09 21:41:29 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-09 21:41:29 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

.

==================== Find3M ====================

.

2012-05-05 00:24:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 00:24:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 00:24:02 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-10 06:45:23 0 ----a-w- C:\Windows\ativpsrm.bin

2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll

2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe

2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll

2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll

2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll

2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll

2012-03-08 15:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-03-08 15:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-03-08 15:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-03-08 15:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-03-08 15:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll

2012-03-08 15:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-03-08 15:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll

2012-03-08 15:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

.

============= FINISH: 20:47:33.31 ===============

Here is attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume4

Install Date: 25/12/2010 5:58:12 PM

System Uptime: 29/05/2012 7:34:05 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | H61M-S2P-B3

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | Socket 1155 | 3701/100mhz

.

==== Disk Partitions =========================

.

B: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.

C: is FIXED (NTFS) - 73 GiB total, 19.378 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 853 GiB total, 621.575 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_50011458&REV_05\3&13C0B0C5&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_50011458&REV_05\3&13C0B0C5&0&FB

Service:

.

==== System Restore Points ===================

.

RP1452: 29/05/2012 7:00:04 PM - Automatic creation

RP1454: 29/05/2012 8:04:33 PM - Automatic creation

.

==== Installed Programs ======================

.

3DMark 11

Adobe AIR

Adobe Download Assistant

AGEIA GAME System Software 2.8.0

Alt.Binz 0.25.0

Android SDK Tools

Apple Application Support

Apple Software Update

AREA-51 (remove only)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

µTorrent

AutoHotkey 1.1.05.00

CamStudio OSS Desktop Recorder

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chinese Simplified Fonts Support For Adobe Reader 9

ClassPad Add-In Installer

ClassPad OS Update

CodeBlocks

D3DX10

DDS Converter 2.1

devkitProUpdater 1.5.0

DoubleDesktop

DriveImage XML (Private Edition)

Dropbox

DVD Flick 1.3.0.7

DVD Shrink 3.2

EasyBCD 2.1.2

ESET Online Scanner v3

ESSPDock

EuroScope 3.1d

Facebook Devil

FileZilla Client 3.5.2

Free Download Manager 3.0

FSFDT FSCopilot

FSFDT FSInn

Futuremark SystemInfo

G4FON Koch Method Morse Trainer

GIMP 2.6.12-2

Google Chrome

Google Earth

Gpg4win (2.1.0)

Half-Life 2

Half-Life 2: Episode Two

HandBrake 0.9.5

HxD Hex Editor version 1.7.7.0

iFly Jets - The 737NG for FSX

IIS 7.5 Express

ImgBurn

Inkscape 0.48.1

inSSIDer

Intel® Management Engine Components

Jahshaka

Japanese Fonts Support For Adobe Reader 9

Java Auto Updater

Java™ 6 Update 24

Kong version 1.1.0

LastPass (uninstall only)

LibreOffice 3.5

LinCity-NG 2.0

Logitech Touch Mouse Server 1.0

LogMeIn Hamachi

MacroMaker

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft ASP.NET Web Pages

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Corporation

Microsoft Flight Simulator X

Microsoft Flight Simulator X Service Pack 1

Microsoft Flight Simulator X Service Pack 2

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 4.0 Web Tools ENU

Microsoft SQL Server System CLR Types

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WebMatrix

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Miro

Mozilla Firefox 9.0.1 (x86 en-GB)

Mozilla Thunderbird (3.1.15)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

msxml4

MySQL Connector Net 6.3.7

Need for Speed™ Most Wanted

netbrdg

Notepad++

NVIDIA PhysX

NVIDIA WDM Drivers

ON_OFF Charge B10.0427.1

OpenLibraries

OpenTTD 1.0.5

Opera 11.11

Picasa 3

Pidgin

Platform

PMDG 747-400/400F for FSX

Polipo 1.0.4.1

Portal

PxMergeModule

PyQt GPL v4.8.3 for Python v3.2 (x86)

Python 2.6.6

Python 3.2

Qemu Manager 7.0

QuickTime

Ralink Wireless LAN Card

Realm of the Mad God

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

RocketDock 1.3.5

SABnzbd 0.6.9

Secunia PSI (2.0.0.3001)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

SendElf

SFR

SharpDevelop 3.2

Skype™ 5.5

Smart 6 B10.0422.1

SpeedFan (remove only)

Spotify

Steam

SumatraPDF

Synergy

Synthesia (remove only)

System Requirements Lab

Team Fortress 2

TeamSpeak 2 RC2

TeamSpeak 2 Server RC2

TeamSpeak 3 Client

Tor 0.2.2.35

Total Commander (Remove or Repair)

TP-LINK Wireless Client Utility

TVUPlayer 2.5.3.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VAFINANCIALS 4.0.1.26

VAFS5

vasFMC 2.0a9

VAT-Spy

VIA Platform Device Manager

Vidalia 0.2.15

Virtual Router v0.9 Beta

VLC media player 1.1.11

VMware Player

VRC

vroute.info

WinDirStat 1.1.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Wings 2 v1.3.6

.

==== Event Viewer Messages From Past Week ========

.

29/05/2012 7:37:31 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

29/05/2012 7:37:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

29/05/2012 7:35:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

29/05/2012 7:35:30 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

29/05/2012 7:35:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Web Deployment Agent Service service to connect.

29/05/2012 7:35:10 PM, Error: Service Control Manager [7000] - The Web Deployment Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

29/05/2012 7:34:43 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

29/05/2012 7:34:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

29/05/2012 7:34:29 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126

29/05/2012 7:26:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

29/05/2012 5:51:19 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

29/05/2012 5:45:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VirtualRouterService service to connect.

29/05/2012 5:45:25 PM, Error: Service Control Manager [7000] - The VirtualRouterService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

27/05/2012 4:31:23 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

25/05/2012 5:39:47 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "F2EC389093A8" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.

23/05/2012 4:56:44 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Malwarebytes File

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.29.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Patrick :: PATRICK-PC [administrator]

29/05/2012 5:34:36 PM

mbam-log-2012-05-29 (17-34-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216410

Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\CYBER (Backdoor.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Trojan.Agent) -> Data: C:\Users\Patrick\AppData\Roaming\Winbooterr\svchost.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\Users\Patrick\AppData\Roaming\Winbooterr\svchost.exe -> Quarantined and deleted successfully.

HKCU\Software\Cyber|FirstExecution (Backdoor.Trace) -> Data: 14/10/2011 -- 20:49 -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Trojan.Agent) -> Data: C:\Users\Patrick\AppData\Roaming\Winbooterr\svchost.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Trojan.Agent) -> Data: C:\Users\Patrick\AppData\Roaming\Winbooterr\svchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 3

C:\Users\Patrick\AppData\Roaming\Winbooterr (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

C:\Windows\System32\Winbooterr (Trojan.Backdoor) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\Winbooterr (Trojan.Backdoor) -> Quarantined and deleted successfully.

Files Detected: 9

C:\Windows\Installer\{0b8de335-2aa4-5458-016b-8f83baa012f1}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Local\Temp\ch8l0.exe (Exploit.Drop) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Local\Temp\XX--XX--XX.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Patrick\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\Installer\{0b8de335-2aa4-5458-016b-8f83baa012f1}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined

(end)

Link to post
Share on other sites

Hello Patpat3220 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Hello. I managed to run TDSS killer, and it did not find any thing wrong. However combofix did not run on my computer. It appeared to install, but when it finished it just closed, and did not show the blue DOS window. The PING.EXE*32 process is still running on my system.

TDSS Killer

18:53:32.0690 3572 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31

18:53:34.0703 3572 ============================================================

18:53:34.0703 3572 Current date / time: 2012/05/30 18:53:34.0703

18:53:34.0703 3572 SystemInfo:

18:53:34.0703 3572

18:53:34.0703 3572 OS Version: 6.1.7601 ServicePack: 1.0

18:53:34.0703 3572 Product type: Workstation

18:53:34.0703 3572 ComputerName: PATRICK-PC

18:53:34.0703 3572 UserName: Patrick

18:53:34.0703 3572 Windows directory: C:\Windows

18:53:34.0703 3572 System windows directory: C:\Windows

18:53:34.0703 3572 Running under WOW64

18:53:34.0703 3572 Processor architecture: Intel x64

18:53:34.0703 3572 Number of processors: 8

18:53:34.0703 3572 Page size: 0x1000

18:53:34.0703 3572 Boot type: Normal boot

18:53:34.0703 3572 ============================================================

18:53:35.0982 3572 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:53:35.0998 3572 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

18:53:35.0998 3572 ============================================================

18:53:35.0998 3572 \Device\Harddisk1\DR1:

18:53:35.0998 3572 MBR partitions:

18:53:35.0998 3572 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6AAC5000

18:53:35.0998 3572 \Device\Harddisk0\DR0:

18:53:35.0998 3572 MBR partitions:

18:53:35.0998 3572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

18:53:35.0998 3572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x238B51, BlocksNum 0x92D5B97

18:53:35.0998 3572 ============================================================

18:53:36.0154 3572 C: <-> \Device\Harddisk0\DR0\Partition1

18:53:36.0200 3572 E: <-> \Device\Harddisk1\DR1\Partition0

18:53:36.0294 3572 B: <-> \Device\Harddisk0\DR0\Partition0

18:53:36.0294 3572 ============================================================

18:53:36.0294 3572 Initialize success

18:53:36.0294 3572 ============================================================

18:53:37.0480 4724 ============================================================

18:53:37.0480 4724 Scan started

18:53:37.0480 4724 Mode: Manual;

18:53:37.0480 4724 ============================================================

18:53:39.0102 4724 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

18:53:39.0102 4724 !SASCORE - ok

18:53:39.0539 4724 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

18:53:39.0554 4724 1394ohci - ok

18:53:39.0664 4724 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

18:53:39.0664 4724 ACPI - ok

18:53:39.0710 4724 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

18:53:39.0710 4724 AcpiPmi - ok

18:53:40.0241 4724 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:53:40.0241 4724 AdobeFlashPlayerUpdateSvc - ok

18:53:40.0334 4724 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:53:40.0366 4724 adp94xx - ok

18:53:40.0412 4724 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:53:40.0412 4724 adpahci - ok

18:53:40.0444 4724 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:53:40.0444 4724 adpu320 - ok

18:53:40.0506 4724 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:53:40.0506 4724 AeLookupSvc - ok

18:53:40.0600 4724 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

18:53:40.0615 4724 AFD - ok

18:53:40.0662 4724 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

18:53:40.0662 4724 agp440 - ok

18:53:40.0678 4724 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:53:40.0678 4724 ALG - ok

18:53:40.0740 4724 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

18:53:40.0740 4724 aliide - ok

18:53:41.0192 4724 ALSysIO - ok

18:53:41.0255 4724 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe

18:53:41.0255 4724 AMD External Events Utility - ok

18:53:41.0286 4724 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

18:53:41.0302 4724 amdide - ok

18:53:41.0348 4724 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:53:41.0348 4724 AmdK8 - ok

18:53:43.0189 4724 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys

18:53:43.0454 4724 amdkmdag - ok

18:53:44.0016 4724 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys

18:53:44.0016 4724 amdkmdap - ok

18:53:44.0063 4724 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:53:44.0078 4724 AmdPPM - ok

18:53:44.0110 4724 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

18:53:44.0125 4724 amdsata - ok

18:53:44.0141 4724 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:53:44.0141 4724 amdsbs - ok

18:53:44.0156 4724 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

18:53:44.0156 4724 amdxata - ok

18:53:44.0375 4724 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

18:53:44.0375 4724 Amsp - ok

18:53:44.0437 4724 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

18:53:44.0453 4724 AppID - ok

18:53:44.0484 4724 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:53:44.0484 4724 AppIDSvc - ok

18:53:44.0780 4724 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

18:53:44.0780 4724 Appinfo - ok

18:53:44.0999 4724 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:53:44.0999 4724 Apple Mobile Device - ok

18:53:45.0046 4724 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys

18:53:45.0046 4724 AppleCharger - ok

18:53:45.0124 4724 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe

18:53:45.0124 4724 AppleChargerSrv - ok

18:53:45.0186 4724 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:53:45.0186 4724 arc - ok

18:53:45.0202 4724 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:53:45.0217 4724 arcsas - ok

18:53:45.0763 4724 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:53:45.0794 4724 aspnet_state - ok

18:53:45.0810 4724 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:53:45.0810 4724 AsyncMac - ok

18:53:45.0857 4724 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

18:53:45.0857 4724 atapi - ok

18:53:45.0982 4724 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys

18:53:46.0028 4724 athr - ok

18:53:46.0621 4724 athur (36322190763845975e0d001e90687bf2) C:\Windows\system32\DRIVERS\athurx.sys

18:53:46.0684 4724 athur - ok

18:53:47.0152 4724 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys

18:53:47.0152 4724 AtiHDAudioService - ok

18:53:47.0214 4724 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:53:47.0214 4724 AudioEndpointBuilder - ok

18:53:47.0230 4724 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:53:47.0230 4724 AudioSrv - ok

18:53:47.0339 4724 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

18:53:47.0339 4724 AxInstSV - ok

18:53:47.0417 4724 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:53:47.0432 4724 b06bdrv - ok

18:53:47.0464 4724 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:53:47.0479 4724 b57nd60a - ok

18:53:47.0526 4724 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:53:47.0542 4724 BDESVC - ok

18:53:47.0573 4724 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:53:47.0573 4724 Beep - ok

18:53:47.0791 4724 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

18:53:47.0807 4724 BITS - ok

18:53:47.0838 4724 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:53:47.0838 4724 blbdrive - ok

18:53:48.0197 4724 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

18:53:48.0212 4724 Bonjour Service - ok

18:53:48.0337 4724 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

18:53:48.0337 4724 bowser - ok

18:53:48.0368 4724 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:53:48.0368 4724 BrFiltLo - ok

18:53:48.0384 4724 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:53:48.0384 4724 BrFiltUp - ok

18:53:48.0415 4724 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

18:53:48.0415 4724 BridgeMP - ok

18:53:48.0602 4724 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

18:53:48.0602 4724 Browser - ok

18:53:48.0774 4724 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:53:48.0790 4724 Brserid - ok

18:53:48.0805 4724 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:53:48.0805 4724 BrSerWdm - ok

18:53:48.0821 4724 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:53:48.0821 4724 BrUsbMdm - ok

18:53:48.0836 4724 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:53:48.0836 4724 BrUsbSer - ok

18:53:48.0852 4724 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:53:48.0852 4724 BTHMODEM - ok

18:53:48.0899 4724 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:53:48.0899 4724 bthserv - ok

18:53:48.0914 4724 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:53:48.0930 4724 cdfs - ok

18:53:48.0977 4724 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

18:53:48.0992 4724 cdrom - ok

18:53:49.0039 4724 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:53:49.0039 4724 CertPropSvc - ok

18:53:49.0055 4724 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:53:49.0055 4724 circlass - ok

18:53:49.0102 4724 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:53:49.0117 4724 CLFS - ok

18:53:49.0273 4724 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:53:49.0289 4724 clr_optimization_v2.0.50727_32 - ok

18:53:49.0429 4724 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:53:49.0429 4724 clr_optimization_v2.0.50727_64 - ok

18:53:49.0554 4724 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:53:49.0788 4724 clr_optimization_v4.0.30319_32 - ok

18:53:49.0850 4724 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:53:49.0866 4724 clr_optimization_v4.0.30319_64 - ok

18:53:49.0913 4724 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:53:49.0913 4724 CmBatt - ok

18:53:49.0960 4724 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

18:53:49.0960 4724 cmdide - ok

18:53:49.0991 4724 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

18:53:50.0022 4724 CNG - ok

18:53:50.0038 4724 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:53:50.0038 4724 Compbatt - ok

18:53:50.0084 4724 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

18:53:50.0084 4724 CompositeBus - ok

18:53:50.0100 4724 COMSysApp - ok

18:53:50.0147 4724 connctfy (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys

18:53:50.0147 4724 connctfy - ok

18:53:50.0162 4724 connctfyMP (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys

18:53:50.0162 4724 connctfyMP - ok

18:53:50.0412 4724 Connectify (66aed09819ac3be90305498a3759f42a) C:\Program Files (x86)\Connectify\Connectifyd.exe

18:53:50.0412 4724 Connectify - ok

18:53:50.0474 4724 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:53:50.0474 4724 crcdisk - ok

18:53:50.0521 4724 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

18:53:50.0521 4724 CryptSvc - ok

18:53:50.0584 4724 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:53:50.0599 4724 DcomLaunch - ok

18:53:50.0662 4724 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:53:50.0693 4724 defragsvc - ok

18:53:50.0755 4724 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

18:53:50.0755 4724 DfsC - ok

18:53:50.0786 4724 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

18:53:50.0786 4724 Dhcp - ok

18:53:50.0880 4724 DirMngr (4f26bb00747d41e7c0fe8ebb2900f862) E:\Programs\GnuPG\dirmngr.exe

18:53:50.0896 4724 DirMngr - ok

18:53:50.0911 4724 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:53:50.0911 4724 discache - ok

18:53:50.0958 4724 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:53:50.0958 4724 Disk - ok

18:53:51.0005 4724 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

18:53:51.0005 4724 Dnscache - ok

18:53:51.0052 4724 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

18:53:51.0067 4724 dot3svc - ok

18:53:51.0114 4724 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

18:53:51.0114 4724 DPS - ok

18:53:51.0161 4724 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:53:51.0161 4724 drmkaud - ok

18:53:51.0286 4724 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

18:53:51.0301 4724 DXGKrnl - ok

18:53:51.0379 4724 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:53:51.0379 4724 EapHost - ok

18:53:52.0237 4724 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:53:52.0331 4724 ebdrv - ok

18:53:52.0690 4724 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

18:53:52.0690 4724 EFS - ok

18:53:53.0173 4724 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

18:53:53.0204 4724 ehRecvr - ok

18:53:53.0267 4724 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:53:53.0282 4724 ehSched - ok

18:53:53.0797 4724 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:53:53.0844 4724 elxstor - ok

18:53:53.0891 4724 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

18:53:53.0891 4724 ErrDev - ok

18:53:53.0938 4724 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:53:53.0953 4724 EventSystem - ok

18:53:54.0000 4724 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:53:54.0000 4724 exfat - ok

18:53:54.0031 4724 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:53:54.0031 4724 fastfat - ok

18:53:55.0045 4724 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

18:53:55.0061 4724 Fax - ok

18:53:55.0139 4724 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:53:55.0139 4724 fdc - ok

18:53:55.0170 4724 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:53:55.0170 4724 fdPHost - ok

18:53:55.0170 4724 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:53:55.0170 4724 FDResPub - ok

18:53:55.0186 4724 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:53:55.0186 4724 FileInfo - ok

18:53:55.0201 4724 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:53:55.0201 4724 Filetrace - ok

18:53:55.0217 4724 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:53:55.0217 4724 flpydisk - ok

18:53:55.0295 4724 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

18:53:55.0295 4724 FltMgr - ok

18:53:55.0388 4724 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

18:53:55.0420 4724 FontCache - ok

18:53:55.0841 4724 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:53:55.0841 4724 FontCache3.0.0.0 - ok

18:53:56.0012 4724 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:53:56.0012 4724 FsDepends - ok

18:53:56.0090 4724 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

18:53:56.0090 4724 Fs_Rec - ok

18:53:56.0137 4724 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys

18:53:56.0137 4724 FTDIBUS - ok

18:53:56.0153 4724 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys

18:53:56.0153 4724 FTSER2K - ok

18:53:56.0543 4724 Futuremark SystemInfo Service (bd8b74da98783bcdb410461e65868a60) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe

18:53:56.0543 4724 Futuremark SystemInfo Service - ok

18:53:56.0590 4724 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:53:56.0605 4724 fvevol - ok

18:53:56.0652 4724 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:53:56.0652 4724 gagp30kx - ok

18:53:56.0668 4724 gdrv - ok

18:53:56.0714 4724 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:53:56.0714 4724 GEARAspiWDM - ok

18:53:56.0777 4724 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

18:53:56.0792 4724 gpsvc - ok

18:53:56.0855 4724 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

18:53:56.0855 4724 gusvc - ok

18:53:56.0902 4724 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

18:53:56.0902 4724 hamachi - ok

18:53:57.0229 4724 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

18:53:57.0276 4724 Hamachi2Svc - ok

18:53:57.0838 4724 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys

18:53:57.0838 4724 hcmon - ok

18:53:57.0931 4724 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:53:57.0947 4724 hcw85cir - ok

18:53:58.0118 4724 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

18:53:58.0134 4724 HdAudAddService - ok

18:53:58.0274 4724 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:53:58.0274 4724 HDAudBus - ok

18:53:58.0321 4724 HECIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

18:53:58.0321 4724 HECIx64 - ok

18:53:58.0430 4724 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:53:58.0462 4724 HidBatt - ok

18:53:58.0477 4724 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:53:58.0477 4724 HidBth - ok

18:53:58.0540 4724 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:53:58.0540 4724 HidIr - ok

18:53:58.0586 4724 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

18:53:58.0586 4724 hidserv - ok

18:53:58.0633 4724 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

18:53:58.0633 4724 HidUsb - ok

18:53:58.0664 4724 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

18:53:58.0680 4724 hkmsvc - ok

18:53:58.0898 4724 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

18:53:58.0945 4724 HomeGroupListener - ok

18:53:58.0976 4724 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

18:53:58.0992 4724 HomeGroupProvider - ok

18:53:59.0039 4724 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

18:53:59.0039 4724 HpSAMD - ok

18:53:59.0148 4724 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

18:53:59.0164 4724 HTTP - ok

18:53:59.0195 4724 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

18:53:59.0195 4724 hwpolicy - ok

18:53:59.0273 4724 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

18:53:59.0273 4724 i8042prt - ok

18:53:59.0335 4724 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

18:53:59.0351 4724 iaStorV - ok

18:53:59.0710 4724 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

18:53:59.0725 4724 IDriverT - ok

18:54:00.0022 4724 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:54:00.0022 4724 idsvc - ok

18:54:00.0178 4724 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:54:00.0178 4724 iirsp - ok

18:54:00.0256 4724 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

18:54:00.0287 4724 IKEEXT - ok

18:54:00.0474 4724 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys

18:54:00.0521 4724 IntcAzAudAddService - ok

18:54:00.0677 4724 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

18:54:00.0677 4724 intelide - ok

18:54:00.0724 4724 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:54:00.0724 4724 intelppm - ok

18:54:00.0770 4724 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:54:00.0786 4724 IPBusEnum - ok

18:54:00.0817 4724 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:54:00.0817 4724 IpFilterDriver - ok

18:54:00.0895 4724 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

18:54:00.0911 4724 iphlpsvc - ok

18:54:00.0958 4724 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

18:54:00.0958 4724 IPMIDRV - ok

18:54:01.0020 4724 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:54:01.0020 4724 IPNAT - ok

18:54:01.0207 4724 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe

18:54:01.0207 4724 iPod Service - ok

18:54:01.0238 4724 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:54:01.0238 4724 IRENUM - ok

18:54:01.0270 4724 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

18:54:01.0270 4724 isapnp - ok

18:54:01.0316 4724 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

18:54:01.0332 4724 iScsiPrt - ok

18:54:01.0394 4724 jswpsapi (8dbc3f0205458dda01964008b4a0f25d) E:\Programs\Belkin\jswpsapi.exe

18:54:01.0410 4724 jswpsapi - ok

18:54:01.0426 4724 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:54:01.0426 4724 kbdclass - ok

18:54:01.0457 4724 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

18:54:01.0457 4724 kbdhid - ok

18:54:01.0488 4724 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:54:01.0488 4724 KeyIso - ok

18:54:01.0519 4724 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

18:54:01.0535 4724 KSecDD - ok

18:54:01.0582 4724 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

18:54:01.0582 4724 KSecPkg - ok

18:54:01.0628 4724 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:54:01.0628 4724 ksthunk - ok

18:54:01.0675 4724 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:54:01.0691 4724 KtmRm - ok

18:54:01.0738 4724 L1C (b8040d3b97b16b89701e31a17353856c) C:\Windows\system32\DRIVERS\L1C62x64.sys

18:54:01.0738 4724 L1C - ok

18:54:01.0800 4724 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

18:54:01.0816 4724 LanmanServer - ok

18:54:01.0862 4724 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

18:54:01.0878 4724 LanmanWorkstation - ok

18:54:01.0925 4724 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:54:01.0925 4724 lltdio - ok

18:54:02.0096 4724 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:54:02.0112 4724 lltdsvc - ok

18:54:02.0128 4724 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:54:02.0128 4724 lmhosts - ok

18:54:02.0315 4724 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

18:54:02.0315 4724 LMS - ok

18:54:02.0346 4724 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:54:02.0362 4724 LSI_FC - ok

18:54:02.0393 4724 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:54:02.0408 4724 LSI_SAS - ok

18:54:02.0424 4724 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:54:02.0424 4724 LSI_SAS2 - ok

18:54:02.0440 4724 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:54:02.0440 4724 LSI_SCSI - ok

18:54:02.0471 4724 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:54:02.0471 4724 luafv - ok

18:54:02.0502 4724 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

18:54:02.0518 4724 Mcx2Svc - ok

18:54:02.0549 4724 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:54:02.0549 4724 megasas - ok

18:54:02.0564 4724 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:54:02.0580 4724 MegaSR - ok

18:54:02.0627 4724 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

18:54:02.0627 4724 MEIx64 - ok

18:54:02.0658 4724 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:54:02.0658 4724 MMCSS - ok

18:54:02.0674 4724 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:54:02.0674 4724 Modem - ok

18:54:02.0736 4724 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:54:02.0736 4724 monitor - ok

18:54:02.0783 4724 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:54:02.0783 4724 mouclass - ok

18:54:02.0798 4724 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:54:02.0814 4724 mouhid - ok

18:54:02.0845 4724 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

18:54:02.0861 4724 mountmgr - ok

18:54:02.0892 4724 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

18:54:02.0892 4724 mpio - ok

18:54:02.0939 4724 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:54:02.0939 4724 mpsdrv - ok

18:54:02.0970 4724 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

18:54:02.0970 4724 MRxDAV - ok

18:54:03.0017 4724 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:54:03.0017 4724 mrxsmb - ok

18:54:03.0064 4724 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:54:03.0079 4724 mrxsmb10 - ok

18:54:03.0095 4724 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:54:03.0110 4724 mrxsmb20 - ok

18:54:03.0142 4724 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

18:54:03.0142 4724 msahci - ok

18:54:03.0235 4724 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

18:54:03.0235 4724 MSCamSvc - ok

18:54:03.0344 4724 MsDepSvc (aaac4b494de45836121a40aec980b631) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

18:54:03.0344 4724 MsDepSvc - ok

18:54:03.0360 4724 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

18:54:03.0360 4724 msdsm - ok

18:54:03.0407 4724 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:54:03.0407 4724 MSDTC - ok

18:54:03.0454 4724 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:54:03.0454 4724 Msfs - ok

18:54:03.0469 4724 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:54:03.0469 4724 mshidkmdf - ok

18:54:03.0500 4724 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

18:54:03.0500 4724 msisadrv - ok

18:54:03.0547 4724 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:54:03.0563 4724 MSiSCSI - ok

18:54:03.0563 4724 msiserver - ok

18:54:03.0703 4724 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:54:03.0703 4724 MSKSSRV - ok

18:54:03.0719 4724 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:54:03.0734 4724 MSPCLOCK - ok

18:54:03.0734 4724 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:54:03.0734 4724 MSPQM - ok

18:54:03.0781 4724 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

18:54:03.0797 4724 MsRPC - ok

18:54:03.0812 4724 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

18:54:03.0812 4724 mssmbios - ok

18:54:03.0828 4724 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:54:03.0828 4724 MSTEE - ok

18:54:03.0828 4724 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:54:03.0828 4724 MTConfig - ok

18:54:03.0859 4724 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:54:03.0859 4724 Mup - ok

18:54:03.0937 4724 MySQL - ok

18:54:04.0093 4724 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

18:54:04.0109 4724 napagent - ok

18:54:04.0202 4724 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:54:04.0218 4724 NativeWifiP - ok

18:54:04.0296 4724 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

18:54:04.0327 4724 NDIS - ok

18:54:04.0358 4724 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:54:04.0358 4724 NdisCap - ok

18:54:04.0421 4724 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:54:04.0421 4724 NdisTapi - ok

18:54:04.0468 4724 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

18:54:04.0468 4724 Ndisuio - ok

18:54:04.0514 4724 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

18:54:04.0514 4724 NdisWan - ok

18:54:04.0561 4724 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

18:54:04.0561 4724 NDProxy - ok

18:54:04.0702 4724 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:54:04.0717 4724 NetBIOS - ok

18:54:04.0748 4724 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

18:54:04.0748 4724 NetBT - ok

18:54:04.0904 4724 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:54:04.0904 4724 Netlogon - ok

18:54:04.0982 4724 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:54:04.0998 4724 Netman - ok

18:54:05.0435 4724 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:54:05.0497 4724 NetMsmqActivator - ok

18:54:05.0497 4724 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:54:05.0497 4724 NetPipeActivator - ok

18:54:05.0560 4724 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:54:05.0575 4724 netprofm - ok

18:54:06.0230 4724 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys

18:54:06.0293 4724 netr28ux - ok

18:54:07.0182 4724 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys

18:54:07.0213 4724 netr7364 - ok

18:54:07.0619 4724 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:54:07.0619 4724 NetTcpActivator - ok

18:54:07.0619 4724 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:54:07.0619 4724 NetTcpPortSharing - ok

18:54:07.0822 4724 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:54:07.0822 4724 nfrd960 - ok

18:54:07.0946 4724 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

18:54:07.0962 4724 NlaSvc - ok

18:54:07.0962 4724 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:54:07.0978 4724 Npfs - ok

18:54:07.0993 4724 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:54:08.0009 4724 nsi - ok

18:54:08.0024 4724 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:54:08.0024 4724 nsiproxy - ok

18:54:08.0492 4724 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

18:54:08.0555 4724 Ntfs - ok

18:54:09.0288 4724 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:54:09.0288 4724 Null - ok

18:54:09.0288 4724 nvlddmkm - ok

18:54:09.0335 4724 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

18:54:09.0351 4724 nvraid - ok

18:54:09.0413 4724 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

18:54:09.0444 4724 nvstor - ok

18:54:09.0475 4724 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

18:54:09.0491 4724 nv_agp - ok

18:54:09.0522 4724 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

18:54:09.0522 4724 ohci1394 - ok

18:54:09.0819 4724 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:54:09.0834 4724 p2pimsvc - ok

18:54:10.0552 4724 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:54:10.0599 4724 p2psvc - ok

18:54:10.0645 4724 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:54:10.0661 4724 Parport - ok

18:54:10.0692 4724 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

18:54:10.0692 4724 partmgr - ok

18:54:10.0739 4724 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:54:10.0755 4724 PcaSvc - ok

18:54:10.0786 4724 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

18:54:10.0801 4724 pci - ok

18:54:10.0833 4724 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

18:54:10.0833 4724 pciide - ok

18:54:10.0864 4724 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:54:10.0864 4724 pcmcia - ok

18:54:10.0879 4724 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:54:10.0895 4724 pcw - ok

18:54:10.0926 4724 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:54:10.0942 4724 PEAUTH - ok

18:54:11.0035 4724 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:54:11.0035 4724 PerfHost - ok

18:54:11.0254 4724 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE

18:54:11.0254 4724 PEVSystemStart - ok

18:54:11.0488 4724 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

18:54:11.0519 4724 pla - ok

18:54:11.0769 4724 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

18:54:11.0784 4724 PlugPlay - ok

18:54:11.0831 4724 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:54:11.0831 4724 PNRPAutoReg - ok

18:54:11.0847 4724 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:54:11.0862 4724 PNRPsvc - ok

18:54:11.0956 4724 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

18:54:11.0987 4724 PolicyAgent - ok

18:54:12.0034 4724 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:54:12.0034 4724 Power - ok

18:54:12.0143 4724 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

18:54:12.0143 4724 PptpMiniport - ok

18:54:12.0174 4724 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:54:12.0190 4724 Processor - ok

18:54:12.0205 4724 PROCEXP150 - ok

18:54:12.0237 4724 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

18:54:12.0252 4724 ProfSvc - ok

18:54:12.0283 4724 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:54:12.0283 4724 ProtectedStorage - ok

18:54:12.0346 4724 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

18:54:12.0346 4724 Psched - ok

18:54:12.0393 4724 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys

18:54:12.0393 4724 PSI - ok

18:54:12.0439 4724 PVUSB (cce65976aaeb1db4c3b98243b8ac448e) C:\Windows\system32\DRIVERS\CESG64.sys

18:54:12.0439 4724 PVUSB - ok

18:54:12.0486 4724 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

18:54:12.0486 4724 PxHlpa64 - ok

18:54:12.0564 4724 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:54:12.0611 4724 ql2300 - ok

18:54:12.0783 4724 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:54:12.0798 4724 ql40xx - ok

18:54:12.0845 4724 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:54:12.0861 4724 QWAVE - ok

18:54:12.0876 4724 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:54:12.0876 4724 QWAVEdrv - ok

18:54:12.0876 4724 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:54:12.0876 4724 RasAcd - ok

18:54:12.0907 4724 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:54:12.0907 4724 RasAgileVpn - ok

18:54:12.0923 4724 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:54:12.0923 4724 RasAuto - ok

18:54:12.0970 4724 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:54:12.0985 4724 Rasl2tp - ok

18:54:13.0032 4724 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

18:54:13.0048 4724 RasMan - ok

18:54:13.0063 4724 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:54:13.0063 4724 RasPppoe - ok

18:54:13.0095 4724 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:54:13.0095 4724 RasSstp - ok

18:54:13.0141 4724 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

18:54:13.0157 4724 rdbss - ok

18:54:13.0173 4724 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:54:13.0173 4724 rdpbus - ok

18:54:13.0188 4724 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:54:13.0188 4724 RDPCDD - ok

18:54:13.0204 4724 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:54:13.0204 4724 RDPENCDD - ok

18:54:13.0219 4724 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:54:13.0219 4724 RDPREFMP - ok

18:54:13.0251 4724 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

18:54:13.0251 4724 RDPWD - ok

18:54:13.0297 4724 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

18:54:13.0313 4724 rdyboost - ok

18:54:13.0360 4724 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:54:13.0375 4724 RemoteAccess - ok

18:54:13.0407 4724 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:54:13.0422 4724 RemoteRegistry - ok

18:54:13.0485 4724 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:54:13.0500 4724 RpcEptMapper - ok

18:54:13.0531 4724 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:54:13.0531 4724 RpcLocator - ok

18:54:14.0608 4724 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:54:14.0608 4724 RpcSs - ok

18:54:14.0655 4724 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:54:14.0655 4724 rspndr - ok

18:54:14.0733 4724 rt61x64 (60eb8a87357ca5b088b422d1e55a2405) C:\Windows\system32\DRIVERS\netr6164.sys

18:54:14.0748 4724 rt61x64 - ok

18:54:14.0842 4724 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

18:54:14.0842 4724 RTL8167 - ok

18:54:14.0889 4724 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:54:14.0889 4724 SamSs - ok

18:54:14.0967 4724 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) E:\Programs\SiSoftware Sandra Lite 2012.SP3\WNt500x64\Sandra.sys

18:54:14.0967 4724 SANDRA - ok

18:54:15.0013 4724 SandraAgentSrv (03280482fdfeaa8d95cfbcc35afe9163) E:\Programs\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe

18:54:15.0013 4724 SandraAgentSrv - ok

18:54:15.0185 4724 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

18:54:15.0185 4724 SASDIFSV - ok

18:54:15.0216 4724 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

18:54:15.0216 4724 SASKUTIL - ok

18:54:15.0263 4724 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

18:54:15.0263 4724 sbp2port - ok

18:54:15.0622 4724 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:54:15.0622 4724 SCardSvr - ok

18:54:15.0653 4724 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

18:54:15.0653 4724 scfilter - ok

18:54:16.0605 4724 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

18:54:16.0651 4724 Schedule - ok

18:54:16.0698 4724 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:54:16.0698 4724 SCPolicySvc - ok

18:54:16.0729 4724 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

18:54:16.0745 4724 SDRSVC - ok

18:54:16.0823 4724 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:54:16.0823 4724 secdrv - ok

18:54:16.0854 4724 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

18:54:16.0854 4724 seclogon - ok

18:54:17.0338 4724 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe

18:54:17.0353 4724 Secunia PSI Agent - ok

18:54:17.0416 4724 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe

18:54:17.0416 4724 Secunia Update Agent - ok

18:54:17.0728 4724 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

18:54:17.0728 4724 SENS - ok

18:54:17.0743 4724 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:54:17.0743 4724 SensrSvc - ok

18:54:17.0884 4724 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:54:17.0899 4724 Serenum - ok

18:54:17.0931 4724 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:54:17.0946 4724 Serial - ok

18:54:18.0009 4724 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:54:18.0009 4724 sermouse - ok

18:54:18.0040 4724 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

18:54:18.0055 4724 SessionEnv - ok

18:54:18.0087 4724 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

18:54:18.0087 4724 sffdisk - ok

18:54:18.0087 4724 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

18:54:18.0087 4724 sffp_mmc - ok

18:54:18.0102 4724 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

18:54:18.0102 4724 sffp_sd - ok

18:54:18.0133 4724 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:54:18.0133 4724 sfloppy - ok

18:54:18.0165 4724 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

18:54:18.0180 4724 ShellHWDetection - ok

18:54:18.0196 4724 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:54:18.0211 4724 SiSRaid2 - ok

18:54:18.0227 4724 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:54:18.0227 4724 SiSRaid4 - ok

18:54:18.0804 4724 Smart TimeLock (101556f6216e97f1258d87c38203695f) C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

18:54:18.0804 4724 Smart TimeLock - ok

18:54:18.0945 4724 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:54:18.0960 4724 Smb - ok

18:54:19.0038 4724 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:54:19.0054 4724 SNMPTRAP - ok

18:54:19.0225 4724 speedfan (7455ed832a33fef453407f5411c3342d) C:\Windows\syswow64\speedfan.sys

18:54:19.0225 4724 speedfan - ok

18:54:19.0272 4724 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:54:19.0272 4724 spldr - ok

18:54:19.0631 4724 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

18:54:19.0647 4724 Spooler - ok

18:54:21.0628 4724 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

18:54:21.0706 4724 sppsvc - ok

18:54:23.0172 4724 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:54:23.0172 4724 sppuinotify - ok

18:54:23.0359 4724 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

18:54:23.0375 4724 srv - ok

18:54:23.0625 4724 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

18:54:23.0640 4724 srv2 - ok

18:54:23.0656 4724 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

18:54:23.0656 4724 srvnet - ok

18:54:23.0921 4724 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:54:23.0983 4724 SSDPSRV - ok

18:54:23.0999 4724 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:54:23.0999 4724 SstpSvc - ok

18:54:24.0077 4724 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:54:24.0077 4724 stexstor - ok

18:54:25.0216 4724 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

18:54:25.0231 4724 stisvc - ok

18:54:25.0309 4724 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

18:54:25.0309 4724 swenum - ok

18:54:25.0684 4724 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

18:54:25.0684 4724 SwitchBoard - ok

18:54:27.0103 4724 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:54:27.0119 4724 swprv - ok

18:54:27.0540 4724 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

18:54:27.0603 4724 SysMain - ok

18:54:29.0521 4724 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

18:54:29.0537 4724 TabletInputService - ok

18:54:29.0662 4724 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

18:54:29.0755 4724 TapiSrv - ok

18:54:29.0787 4724 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:54:29.0787 4724 TBS - ok

18:54:31.0222 4724 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

18:54:31.0284 4724 Tcpip - ok

18:54:33.0234 4724 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

18:54:33.0234 4724 TCPIP6 - ok

18:54:34.0966 4724 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

18:54:34.0966 4724 tcpipreg - ok

18:54:35.0013 4724 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:54:35.0013 4724 TDPIPE - ok

18:54:35.0075 4724 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

18:54:35.0075 4724 TDTCP - ok

18:54:35.0153 4724 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

18:54:35.0153 4724 tdx - ok

18:54:35.0231 4724 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

18:54:35.0231 4724 TermDD - ok

18:54:37.0197 4724 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

18:54:37.0212 4724 TermService - ok

18:54:37.0259 4724 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:54:37.0259 4724 Themes - ok

18:54:37.0290 4724 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:54:37.0306 4724 THREADORDER - ok

18:54:37.0337 4724 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys

18:54:37.0337 4724 tmactmon - ok

18:54:37.0384 4724 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys

18:54:37.0384 4724 tmcomm - ok

18:54:37.0602 4724 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys

18:54:37.0602 4724 tmevtmgr - ok

18:54:38.0008 4724 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys

18:54:38.0008 4724 tmtdi - ok

18:54:38.0476 4724 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:54:38.0523 4724 TrkWks - ok

18:54:39.0193 4724 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

18:54:39.0193 4724 TrustedInstaller - ok

18:54:39.0225 4724 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:54:39.0225 4724 tssecsrv - ok

18:54:39.0271 4724 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

18:54:39.0271 4724 TsUsbFlt - ok

18:54:39.0349 4724 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

18:54:39.0349 4724 tunnel - ok

18:54:39.0381 4724 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:54:39.0381 4724 uagp35 - ok

18:54:39.0443 4724 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

18:54:39.0459 4724 udfs - ok

18:54:39.0490 4724 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) E:\Programs\VmWare Viewer\vmware-ufad.exe

18:54:39.0490 4724 ufad-ws60 - ok

18:54:39.0521 4724 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:54:39.0537 4724 UI0Detect - ok

18:54:39.0568 4724 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

18:54:39.0568 4724 uliagpkx - ok

18:54:39.0615 4724 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

18:54:39.0630 4724 umbus - ok

18:54:39.0661 4724 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:54:39.0661 4724 UmPass - ok

18:54:41.0237 4724 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

18:54:41.0284 4724 UNS - ok

18:54:43.0296 4724 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:54:43.0327 4724 upnphost - ok

18:54:43.0421 4724 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

18:54:43.0421 4724 USBAAPL64 - ok

18:54:43.0889 4724 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

18:54:43.0905 4724 usbaudio - ok

18:54:43.0936 4724 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

18:54:43.0951 4724 usbccgp - ok

18:54:44.0014 4724 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

18:54:44.0029 4724 usbcir - ok

18:54:44.0061 4724 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

18:54:44.0061 4724 usbehci - ok

18:54:44.0076 4724 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

18:54:44.0092 4724 usbhub - ok

18:54:44.0123 4724 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

18:54:44.0123 4724 usbohci - ok

18:54:44.0170 4724 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:54:44.0170 4724 usbprint - ok

18:54:44.0248 4724 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

18:54:44.0248 4724 usbscan - ok

18:54:44.0279 4724 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:54:44.0279 4724 USBSTOR - ok

18:54:44.0295 4724 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

18:54:44.0295 4724 usbuhci - ok

18:54:44.0341 4724 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:54:44.0341 4724 UxSms - ok

18:54:44.0419 4724 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:54:44.0419 4724 VaultSvc - ok

18:54:44.0497 4724 VBoxDrv (0480981ebec902c763f83007274496ca) C:\Windows\system32\DRIVERS\VBoxDrv.sys

18:54:44.0513 4724 VBoxDrv - ok

18:54:44.0513 4724 VBoxNetFlt (e4149d4063859ad42df69d8c61acffef) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

18:54:44.0513 4724 VBoxNetFlt - ok

18:54:44.0529 4724 VBoxUSBMon (8908bb024508e71413b807ab3715ad97) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

18:54:44.0529 4724 VBoxUSBMon - ok

18:54:44.0575 4724 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

18:54:44.0575 4724 vdrvroot - ok

18:54:44.0638 4724 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

18:54:44.0653 4724 vds - ok

18:54:44.0716 4724 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:54:44.0716 4724 vga - ok

18:54:44.0731 4724 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:54:44.0731 4724 VgaSave - ok

18:54:44.0763 4724 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

18:54:44.0778 4724 vhdmp - ok

18:54:45.0839 4724 VIAHdAudAddService (84ffc3cca60a1b52a021bc894d529735) C:\Windows\system32\drivers\viahduaa.sys

18:54:45.0839 4724 VIAHdAudAddService - ok

18:54:47.0586 4724 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

18:54:47.0586 4724 viaide - ok

18:54:47.0633 4724 VIAKaraokeService (f4310278e6ce1c507b5555b662369e26) C:\Windows\system32\viakaraokesrv.exe

18:54:47.0633 4724 VIAKaraokeService - ok

18:54:47.0742 4724 Virtual Router (f307da7e96bc760b4628e204e234dcd0) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe

18:54:47.0742 4724 Virtual Router - ok

18:54:47.0773 4724 VMAuthdService (42f0ecaf36636841a4a006850695507f) E:\Programs\VmWare Viewer\vmware-authd.exe

18:54:47.0773 4724 VMAuthdService - ok

18:54:47.0836 4724 vmci (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys

18:54:47.0836 4724 vmci - ok

18:54:47.0851 4724 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys

18:54:47.0851 4724 vmkbd - ok

18:54:47.0867 4724 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys

18:54:47.0867 4724 VMnetAdapter - ok

18:54:47.0883 4724 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys

18:54:47.0883 4724 VMnetBridge - ok

18:54:47.0883 4724 VMnetDHCP - ok

18:54:47.0898 4724 VMnetuserif (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys

18:54:47.0898 4724 VMnetuserif - ok

18:54:47.0976 4724 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

18:54:47.0976 4724 VMUSBArbService - ok

18:54:47.0976 4724 VMware NAT Service - ok

18:54:48.0179 4724 vmx86 (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys

18:54:48.0179 4724 vmx86 - ok

18:54:48.0413 4724 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

18:54:48.0413 4724 volmgr - ok

18:54:48.0460 4724 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

18:54:48.0475 4724 volmgrx - ok

18:54:48.0569 4724 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

18:54:48.0585 4724 volsnap - ok

18:54:48.0663 4724 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:54:48.0678 4724 vsmraid - ok

18:54:49.0224 4724 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

18:54:49.0271 4724 VSS - ok

18:54:49.0287 4724 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) E:\Programs\VmWare Viewer\vstor2-ws60.sys

18:54:49.0287 4724 vstor2-ws60 - ok

18:54:49.0723 4724 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

18:54:49.0723 4724 vwifibus - ok

18:54:49.0755 4724 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

18:54:49.0755 4724 vwififlt - ok

18:54:49.0786 4724 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

18:54:49.0786 4724 vwifimp - ok

18:54:50.0769 4724 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys

18:54:50.0831 4724 VX1000 - ok

18:54:51.0205 4724 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:54:51.0221 4724 W32Time - ok

18:54:51.0377 4724 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:54:51.0393 4724 WacomPen - ok

18:54:51.0439 4724 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:54:51.0439 4724 WANARP - ok

18:54:51.0439 4724 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:54:51.0439 4724 Wanarpv6 - ok

18:54:51.0892 4724 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

18:54:51.0939 4724 WatAdminSvc - ok

18:54:52.0360 4724 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

18:54:52.0438 4724 wbengine - ok

18:54:53.0873 4724 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:54:53.0904 4724 WbioSrvc - ok

18:54:53.0951 4724 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

18:54:53.0967 4724 wcncsvc - ok

18:54:53.0998 4724 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:54:53.0998 4724 WcsPlugInService - ok

18:54:54.0388 4724 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:54:54.0419 4724 Wd - ok

18:54:54.0606 4724 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:54:54.0622 4724 Wdf01000 - ok

18:54:54.0684 4724 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:54:54.0684 4724 WdiServiceHost - ok

18:54:54.0684 4724 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:54:54.0684 4724 WdiSystemHost - ok

18:54:55.0293 4724 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

18:54:55.0308 4724 WebClient - ok

18:54:55.0729 4724 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:54:55.0761 4724 Wecsvc - ok

18:54:55.0792 4724 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:54:55.0807 4724 wercplsupport - ok

18:54:55.0901 4724 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:54:55.0901 4724 WerSvc - ok

18:54:56.0073 4724 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:54:56.0088 4724 WfpLwf - ok

18:54:56.0104 4724 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:54:56.0104 4724 WIMMount - ok

18:54:56.0166 4724 WinDefend - ok

18:54:56.0166 4724 WinHttpAutoProxySvc - ok

18:54:57.0336 4724 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:54:57.0352 4724 Winmgmt - ok

18:54:57.0414 4724 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) E:\My Docuemnts\WinRing0x64.sys

18:54:57.0492 4724 WinRing0_1_2_0 - ok

18:54:59.0801 4724 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

18:54:59.0879 4724 WinRM - ok

18:55:00.0222 4724 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

18:55:00.0238 4724 WinUsb - ok

18:55:00.0628 4724 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:55:00.0721 4724 Wlansvc - ok

18:55:03.0046 4724 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:55:03.0077 4724 wlidsvc - ok

18:55:03.0639 4724 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

18:55:03.0639 4724 WmBEnum - ok

18:55:03.0685 4724 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

18:55:03.0685 4724 WmFilter - ok

18:55:03.0717 4724 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

18:55:03.0717 4724 WmiAcpi - ok

18:55:04.0419 4724 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:55:04.0419 4724 wmiApSrv - ok

18:55:04.0528 4724 WMPNetworkSvc - ok

18:55:04.0621 4724 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

18:55:04.0621 4724 WmVirHid - ok

18:55:04.0699 4724 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

18:55:04.0699 4724 WmXlCore - ok

18:55:04.0731 4724 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:55:04.0731 4724 WPCSvc - ok

18:55:04.0793 4724 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

18:55:04.0809 4724 WPDBusEnum - ok

18:55:04.0918 4724 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:55:04.0933 4724 ws2ifsl - ok

18:55:05.0121 4724 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

18:55:05.0121 4724 wscsvc - ok

18:55:05.0183 4724 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

18:55:05.0183 4724 WSDPrintDevice - ok

18:55:05.0245 4724 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys

18:55:05.0245 4724 WSDScan - ok

18:55:05.0245 4724 WSearch - ok

18:55:05.0620 4724 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

18:55:05.0682 4724 wuauserv - ok

18:55:06.0103 4724 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

18:55:06.0103 4724 WudfPf - ok

18:55:06.0135 4724 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:55:06.0135 4724 WUDFRd - ok

18:55:06.0166 4724 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

18:55:06.0181 4724 wudfsvc - ok

18:55:06.0228 4724 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

18:55:06.0244 4724 WwanSvc - ok

18:55:06.0244 4724 ybobvfni - ok

18:55:06.0618 4724 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

18:55:06.0649 4724 \Device\Harddisk1\DR1 - ok

18:55:06.0696 4724 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

18:55:08.0927 4724 \Device\Harddisk0\DR0 - ok

18:55:08.0943 4724 Boot (0x1200) (e0c8df011b657195675af4c62fa357e8) \Device\Harddisk1\DR1\Partition0

18:55:08.0943 4724 \Device\Harddisk1\DR1\Partition0 - ok

18:55:08.0958 4724 Boot (0x1200) (ba775293435e28eb0be2af967f13648e) \Device\Harddisk0\DR0\Partition0

18:55:08.0958 4724 \Device\Harddisk0\DR0\Partition0 - ok

18:55:08.0974 4724 Boot (0x1200) (e72184ee936ac48cdc726035d60ec148) \Device\Harddisk0\DR0\Partition1

18:55:08.0974 4724 \Device\Harddisk0\DR0\Partition1 - ok

18:55:08.0974 4724 ============================================================

18:55:08.0974 4724 Scan finished

18:55:08.0974 4724 ============================================================

18:55:08.0974 4440 Detected object count: 0

18:55:08.0974 4440 Actual detected object count: 0

Secuirty Check

notcheckup27.txt

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hello. I managed to run TDSS killer, and it did not find any thing wrong. However combofix did not run on my computer. It appeared to install, but when it finished it just closed, and did not show the blue DOS window. The PING.EXE*32 process is still running on my system.

See if you can run ComboFix in Safe Mode. To access Safe Mode, reboot your computer, keep pressing F8 right before the Windows logo appears, and select Safe Mode from the list of choices.

Let me know how it goes.

Link to post
Share on other sites

I cannot run combofix in safe mode. It says "Error starting NSIS." Which I believe is the installer that Combofix uses. I have ran a scan with Malwarebytes, and it says it has found Trojan.Dropper.BCMiner. Also in my documents I found a file called Wildsvctrace, with usernames and passwords in it in plain text. For secuirty reasons I have just changed my passwords.

Link to post
Share on other sites

Here is the RougeKiller Log

RogueKiller V7.5.2 [05/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Patrick [Admin rights]

Mode: Scan -- Date: 06/01/2012 07:33:28

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[] HKLM\[...]\Wow6432Node\Windows : () -> ACCESS DENIED

[sUSP PATH] MacroMaker.lnk @Patrick : C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_576A67D38B93E433719FBD.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380013AS ATA Device +++++

--- User ---

[MBR] ad7262e2165bb79939a94783eafa3cc4

[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2329425 | Size: 75179 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] d7a38c1fc7e57dd7aed0e0556cf69266

[bSP] 2eb52755a4187767da84eb70ffb6a967 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 873866 Mo

1 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 1952529138 | Size: 486 Mo

2 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 1789679616 | Size: 79516 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Link to post
Share on other sites

Let's give this a shot:

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Download the Kaspersky Rescue Disk:

http://rescuedisk.ka...disk/updatable/ .

  • Burn the Kaspersky Rescue Disk ISO image to CD.
  • Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
  • Select your language (or wait a few seconds for the default English to load).
  • Your screen may go blank for several minutes while the program loads.
  • After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
    • Click the Update tab to view the update progress.
    • When the update has completed, click the Scan tab.

    [*]Place a checkmark in all the available drives to scan the entire system.

    [*]Click the "Security level" option, and select options.

    • Make sure "All Files" is selected
    • Under "Scan of compound files" ensure all options are selected and click the OK button.

    [*]Click the "On threat detection" option

    • Select "Do not prompt", "Disinfect", and "Delete if disinfection fails".

    [*]Click the "Start scan" button.

    [*]When the scan has completed, click the Reports button.

    • Click the Save button, and select your System drive (normally your C: drive)
    • In the "File name" box, name the file krd-log and click the Save button.
    • Click Close to close the Reports window.

    [*]Click the Exit button to close the Rescue Disk program and confirm.

    In the lower left of the screen, left-click the red K button, select Logout, and confirm.

    [*]The computer will shut down.

    [*]Restart the computer and reboot normally.

    [*]Please post the log (krd-log.txt) in your next reply.

Link to post
Share on other sites

Objects Scan: completed <1 minute ago (events: 228, objects: 2075074, time: 02:51:54)

6/1/12 9:40 PM Task completed

6/1/12 9:40 PM Deleted: Backdoor.Win32.ZAccess.oun sdb2/Windows/assembly/GAC_32/Desktop.ini

6/1/12 9:40 PM Detected: Backdoor.Win32.ZAccess.oun sdb2/Windows/assembly/GAC_32/Desktop.ini

6/1/12 9:40 PM Deleted: HEUR:Backdoor.Win64.Generic sdb2/Windows/Installer/{0b8de335-2aa4-5458-016b-8f83baa012f1}/U/80000000.@

6/1/12 9:26 PM Detected: HEUR:Backdoor.Win64.Generic sdb2/Windows/Installer/{0b8de335-2aa4-5458-016b-8f83baa012f1}/U/80000000.@

6/1/12 7:39 PM Untreated: HEUR:Backdoor.Win64.Generic sdb2/Windows/Installer/{0b8de335-2aa4-5458-016b-8f83baa012f1}/U/80000000.@ Postponed

6/1/12 7:39 PM Detected: HEUR:Backdoor.Win64.Generic sdb2/Windows/Installer/{0b8de335-2aa4-5458-016b-8f83baa012f1}/U/80000000.@

6/1/12 7:34 PM Untreated: Backdoor.Win32.ZAccess.oun sdb2/Windows/assembly/GAC_32/Desktop.ini Postponed

6/1/12 7:34 PM Detected: Backdoor.Win32.ZAccess.oun sdb2/Windows/assembly/GAC_32/Desktop.ini

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 7:32 PM Processing error sdb2/ProgramData/Microsoft: Read error

6/1/12 6:57 PM Untreated: Trojan-Dropper.Win32.Agent.blsd sda1/$RECYCLE.BIN/S-1-5-21-4246847323-3649980208-3125243383-1001/$RQQOBB2.rar/mccdss.exe Postponed

6/1/12 6:57 PM Detected: Trojan-Dropper.Win32.Agent.blsd sda1/$RECYCLE.BIN/S-1-5-21-4246847323-3649980208-3125243383-1001/$RQQOBB2.rar/mccdss.exe

6/1/12 6:48 PM Task started

Link to post
Share on other sites

Good news: we're on the right track. ;)

Here's what we're gonna do- Kaspersky identified the specific folder where the rootkit (ZeroAccess) is located. Let's attempt to take care of that first. If we're successful, we should be able to get ComboFix up and running.

Please download BlitzBlank by Emisoft from here.

  • Save it to your Desktop.
  • Now, please close all web browsers and any other programs.
  • Run BlitzBlank.exe from your Desktop.
  • Select the Script button.
  • Copy and paste the following in the Script box:
    DeleteFolder:
    C:\Windows\Installer\{0b8de335-2aa4-5458-016b-8f83baa012f1}
    C:\Users\Patrick\AppData\{0b8de335-2aa4-5458-016b-8f83baa012f1}


  • Then, click Execute Now.

Do not reboot unless specifically prompted to by BlitzBlank.

Next, try to run ComboFix. If successful, please post the newly-created C:\ComboFix.txt in your next reply.

Let me know how things go.

Link to post
Share on other sites

ComboFix ran sucessfully. Here is its log.

ComboFix 12-05-31.03 - Patrick 02/06/2012 9:27.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4079.2651 [GMT 10:00]

Running from: c:\users\Patrick\Desktop\combofix.exe

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))

.

.

2012-06-01 18:23 . 2012-06-01 18:36 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-06-01 07:20 . 2012-06-01 07:32 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-06-01 07:15 . 2012-06-01 07:20 -------- d-----w- c:\programdata\HitmanPro

2012-05-31 06:48 . 2012-05-31 06:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com

2012-05-30 10:31 . 2012-05-30 10:31 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-30 08:16 . 2012-05-30 08:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla

2012-05-30 08:15 . 2012-05-30 08:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI

2012-05-30 08:15 . 2012-05-30 08:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI

2012-05-29 10:40 . 2012-05-29 10:40 -------- d-----w- c:\program files (x86)\ESET

2012-05-29 09:17 . 2012-05-29 09:17 -------- d-----w- c:\users\Patrick\AppData\Roaming\SUPERAntiSpyware.com

2012-05-29 09:16 . 2012-05-31 06:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-29 09:16 . 2012-05-29 09:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\users\Patrick\AppData\Roaming\Malwarebytes

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\programdata\Malwarebytes

2012-05-29 07:22 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-27 09:48 . 2012-05-27 09:48 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-05-22 06:53 . 2012-05-22 07:08 -------- d-----w- c:\users\Patrick\AppData\Local\Spotify

2012-05-22 06:41 . 2012-06-01 23:21 -------- d-----w- c:\users\Patrick\AppData\Roaming\Spotify

2012-05-09 21:44 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 21:44 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-09 21:44 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 21:44 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 21:44 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 21:44 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 21:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 21:41 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 21:41 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 21:41 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 21:41 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 21:41 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 21:41 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 08:46 . 2012-05-31 08:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-30 10:31 . 2011-01-18 22:41 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-05 00:24 . 2012-04-03 11:00 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 00:24 . 2011-05-28 08:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 00:24 . 2012-04-03 11:24 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll

2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll

2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll

2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-03-09 03:57 . 2012-03-09 03:57 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-03-09 03:47 . 2012-03-09 03:47 58880 ----a-w- c:\windows\system32\coinst.dll

2012-03-08 15:26 . 2012-03-08 15:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-03-08 15:26 . 2012-03-08 15:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-03-08 15:26 . 2012-03-08 15:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-03-08 15:26 . 2012-03-08 15:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-03-08 15:26 . 2012-03-08 15:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll

2012-03-08 15:25 . 2012-03-08 15:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-03-08 15:24 . 2012-03-08 15:24 54272 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-08 15:24 . 2012-03-08 15:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Vidalia"="e:\programs\Tor\Vidalia Bundle\Vidalia\vidalia.exe" [2011-12-14 5407850]

"Spotify"="c:\users\Patrick\AppData\Roaming\Spotify\Spotify.exe" [2012-05-22 9478320]

"Spotify Web Helper"="c:\users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-22 932528]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-20 5199984]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"StartCCC"="e:\programs\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-08 636032]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

MacroMaker.lnk - c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_576A67D38B93E433719FBD.exe [2011-10-10 10134]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 ybobvfni;ybobvfni;c:\windows\system32\drivers\ybobvfni.sys [x]

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 ALSysIO;ALSysIO;c:\users\Patrick\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]

R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]

R3 jswpsapi;Jumpstart Wifi Protected Setup;e:\programs\Belkin\jswpsapi.exe [2007-10-29 352338]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]

R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys [x]

R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\programs\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe [2009-03-28 95896]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;e:\my docuemnts\WinRing0x64.sys [2011-12-19 14544]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]

S2 DirMngr;DirMngr;e:\programs\GnuPG\dirmngr.exe [2011-03-02 224256]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:24]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246847323-3649980208-3125243383-1001Core.job

- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 07:39]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246847323-3649980208-3125243383-1001UA.job

- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 07:39]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-30 204048]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://e:\programs\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://e:\programs\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://e:\programs\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://e:\programs\Free Download Manager\dllink.htm

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

LSP: mswsock.dll

LSP: e:\programs\VmWare Viewer\vsocklib.dll

TCP: Interfaces\{2A5A9786-F155-400B-86DA-463D12CDD892}: NameServer = 192.168.2.1

TCP: Interfaces\{C08B36DD-0326-47AE-B6A2-DA2397AC9C74}: NameServer = 192.168.2.1

TCP: Interfaces\{EEE80DE8-3571-45DB-9720-492E27304301}: NameServer = 8.8.8.8

FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\b3q7ws3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.ftp - localhost

FF - prefs.js: network.proxy.ftp_port - 8118

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 8118

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 8118

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-737 Pilot in Command (FSX) - e:\programs\FSX\Uninstal_737PICX.exe

AddRemove-Airbus Series Vol.1 (FS X) - e:\programs\FSX\Uninstal_Airbus1X_wilco.exe

AddRemove-Secunia PSI - c:\program files (x86)\Secunia\PSI\uninstall.exe

AddRemove-Synergy - e:\programs\Synergy\uninstall.exe

AddRemove-WinLiveSuite - c:\program files (x86)\Windows Live\Installer\wlarp.exe

AddRemove-{FD9C31B6-F572-414D-81E3-89368C97A125}_is1 - f:\camstudio 2.6b\unins000.exe

AddRemove-E-Jets Series (FSX) - e:\programs\FSX\Uninstal_ejets_fsx_wilco.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:c6,7c,90,cd,b1,c6,29,68,09,5b,04,e5,cc,06,7a,6d,92,83,d3,e8,74,

7e,c4,93,03,8c,cc,a9,44,b7,a2,7b,a9,18,ea,da,00,b2,fb,4e,b8,f2,5e,69,b5,d1,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:c6,7c,90,cd,b1,c6,29,68,09,5b,04,e5,cc,06,7a,6d,92,83,d3,e8,74,

7e,c4,93,03,8c,cc,a9,44,b7,a2,7b,a9,18,ea,da,00,b2,fb,4e,b8,f2,5e,69,b5,d1,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\vmnat.exe

e:\programs\VmWare Viewer\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

.

**************************************************************************

.

Completion time: 2012-06-02 09:48:20 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-01 23:48

.

Pre-Run: 20,205,064,192 bytes free

Post-Run: 22,775,140,352 bytes free

.

- - End Of File - - 5E610DE46878D394DCD68041398E54DC

Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

ybobvfni

File::

c:\windows\system32\drivers\ybobvfni.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

ComboFix 12-05-31.03 - Patrick 02/06/2012 11:32:13.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4079.2300 [GMT 10:00]

Running from: c:\users\Patrick\Desktop\combofix.exe

Command switches used :: c:\users\Patrick\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\ybobvfni.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ybobvfni

.

.

((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))

.

.

2012-06-02 01:37 . 2012-06-02 01:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-06-02 01:37 . 2012-06-02 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-02 00:36 . 2012-06-02 00:36 -------- d-----w- c:\programdata\Sophos

2012-06-02 00:36 . 2012-06-02 00:36 73728 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-06-02 00:36 . 2012-06-02 00:36 73728 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-06-02 00:36 . 2012-06-02 00:36 73728 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-06-02 00:36 . 2012-06-02 00:36 -------- d-----w- c:\program files (x86)\Sophos

2012-06-01 18:23 . 2012-06-01 18:36 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-06-01 07:20 . 2012-06-01 07:32 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-06-01 07:15 . 2012-06-01 07:20 -------- d-----w- c:\programdata\HitmanPro

2012-05-31 06:48 . 2012-05-31 06:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com

2012-05-30 10:31 . 2012-05-30 10:31 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-30 08:16 . 2012-05-30 08:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla

2012-05-30 08:15 . 2012-05-30 08:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI

2012-05-30 08:15 . 2012-05-30 08:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI

2012-05-29 10:40 . 2012-05-29 10:40 -------- d-----w- c:\program files (x86)\ESET

2012-05-29 09:17 . 2012-05-29 09:17 -------- d-----w- c:\users\Patrick\AppData\Roaming\SUPERAntiSpyware.com

2012-05-29 09:16 . 2012-05-31 06:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-29 09:16 . 2012-05-29 09:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\users\Patrick\AppData\Roaming\Malwarebytes

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\programdata\Malwarebytes

2012-05-29 07:22 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-27 09:48 . 2012-05-27 09:48 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-05-22 06:53 . 2012-05-22 07:08 -------- d-----w- c:\users\Patrick\AppData\Local\Spotify

2012-05-22 06:41 . 2012-06-01 23:42 -------- d-----w- c:\users\Patrick\AppData\Roaming\Spotify

2012-05-09 21:44 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 21:44 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-09 21:44 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 21:44 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 21:44 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 21:44 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 21:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 21:41 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 21:41 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 21:41 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 21:41 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 21:41 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 21:41 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 08:46 . 2012-05-31 08:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-30 10:31 . 2011-01-18 22:41 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-05 00:24 . 2012-04-03 11:00 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 00:24 . 2011-05-28 08:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 00:24 . 2012-04-03 11:24 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll

2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll

2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll

2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-03-09 03:57 . 2012-03-09 03:57 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-03-09 03:47 . 2012-03-09 03:47 58880 ----a-w- c:\windows\system32\coinst.dll

2012-03-08 15:26 . 2012-03-08 15:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-03-08 15:26 . 2012-03-08 15:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-03-08 15:26 . 2012-03-08 15:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-03-08 15:26 . 2012-03-08 15:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-03-08 15:26 . 2012-03-08 15:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll

2012-03-08 15:25 . 2012-03-08 15:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-03-08 15:24 . 2012-03-08 15:24 54272 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-08 15:24 . 2012-03-08 15:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe

.

((((((((((((((((((((((((((((( SnapShot@2012-06-01_23.39.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-06-02 01:42 43022 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2012-06-01 23:39 . 2012-06-01 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-02 01:39 . 2012-06-02 01:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-01 23:39 . 2012-06-01 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-02 01:39 . 2012-06-02 01:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:54 . 2012-06-01 23:39 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-02 01:39 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 05:01 . 2012-06-02 01:38 406748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-01 23:37 406748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:54 . 2012-06-01 23:39 3637248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-02 01:39 3637248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-01 23:39 7045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-02 01:39 7045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-30 00:30 . 2012-06-02 01:38 48854316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4246847323-3649980208-3125243383-1001-12288.dat

+ 2012-04-16 00:28 . 2012-04-16 00:28 78661632 c:\windows\Installer\3405ed.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Vidalia"="e:\programs\Tor\Vidalia Bundle\Vidalia\vidalia.exe" [2011-12-14 5407850]

"Spotify"="c:\users\Patrick\AppData\Roaming\Spotify\Spotify.exe" [2012-05-22 9478320]

"Spotify Web Helper"="c:\users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-22 932528]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-20 5199984]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"StartCCC"="e:\programs\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-08 636032]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

MacroMaker.lnk - c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_576A67D38B93E433719FBD.exe [2011-10-10 10134]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 ALSysIO;ALSysIO;c:\users\Patrick\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]

R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]

R3 jswpsapi;Jumpstart Wifi Protected Setup;e:\programs\Belkin\jswpsapi.exe [2007-10-29 352338]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]

R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys [x]

R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\programs\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe [2009-03-28 95896]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;e:\my docuemnts\WinRing0x64.sys [2011-12-19 14544]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]

S2 DirMngr;DirMngr;e:\programs\GnuPG\dirmngr.exe [2011-03-02 224256]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:24]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246847323-3649980208-3125243383-1001Core.job

- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 07:39]

.

2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246847323-3649980208-3125243383-1001UA.job

- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 07:39]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-30 204048]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]

"combofix"="c:\combofix\CF22604.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://e:\programs\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://e:\programs\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://e:\programs\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://e:\programs\Free Download Manager\dllink.htm

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

LSP: mswsock.dll

LSP: e:\programs\VmWare Viewer\vsocklib.dll

TCP: Interfaces\{2A5A9786-F155-400B-86DA-463D12CDD892}: NameServer = 192.168.2.1

TCP: Interfaces\{C08B36DD-0326-47AE-B6A2-DA2397AC9C74}: NameServer = 192.168.2.1

TCP: Interfaces\{EEE80DE8-3571-45DB-9720-492E27304301}: NameServer = 8.8.8.8

FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\b3q7ws3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.ftp - localhost

FF - prefs.js: network.proxy.ftp_port - 8118

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 8118

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 8118

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:c6,7c,90,cd,b1,c6,29,68,09,5b,04,e5,cc,06,7a,6d,92,83,d3,e8,74,

7e,c4,93,03,8c,cc,a9,44,b7,a2,7b,a9,18,ea,da,00,b2,fb,4e,b8,f2,5e,69,b5,d1,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:c6,7c,90,cd,b1,c6,29,68,09,5b,04,e5,cc,06,7a,6d,92,83,d3,e8,74,

7e,c4,93,03,8c,cc,a9,44,b7,a2,7b,a9,18,ea,da,00,b2,fb,4e,b8,f2,5e,69,b5,d1,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\vmnat.exe

e:\programs\VmWare Viewer\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\ARM Software\MacroMaker\MacroMaker.exe

.

**************************************************************************

.

Completion time: 2012-06-02 11:47:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-02 01:47

ComboFix2.txt 2012-06-01 23:48

.

Pre-Run: 22,804,996,096 bytes free

Post-Run: 22,346,403,840 bytes free

.

- - End Of File - - D1CC7FCC7204814F657E96DF610D1310

Link to post
Share on other sites

We need to run another CFScript. Some procedure as last time, just drag and drop. ;)

KILLALL::

FCopy::

c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

Reboot::

Please include the new C:\ComboFix.txt... How are things running now? Please let me know. :)

Link to post
Share on other sites

ComboFix 12-05-31.03 - Patrick 02/06/2012 12:13:53.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4079.2027 [GMT 10:00]

Running from: c:\users\Patrick\Desktop\combofix.exe

Command switches used :: c:\users\Patrick\Desktop\CFScript.txt

AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))

.

.

2012-06-02 02:20 . 2012-06-02 02:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-06-02 02:20 . 2012-06-02 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-02 00:36 . 2012-06-02 00:36 -------- d-----w- c:\programdata\Sophos

2012-06-02 00:36 . 2012-06-02 00:36 73728 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-06-02 00:36 . 2012-06-02 00:36 73728 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-06-02 00:36 . 2012-06-02 00:36 73728 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-06-02 00:36 . 2012-06-02 00:36 -------- d-----w- c:\program files (x86)\Sophos

2012-06-01 18:23 . 2012-06-01 18:36 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-06-01 07:20 . 2012-06-01 07:32 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-06-01 07:15 . 2012-06-01 07:20 -------- d-----w- c:\programdata\HitmanPro

2012-05-31 08:46 . 2012-05-31 08:46 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-31 06:48 . 2012-05-31 06:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SUPERAntiSpyware.com

2012-05-30 10:31 . 2012-05-30 10:31 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-30 08:16 . 2012-05-30 08:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla

2012-05-30 08:15 . 2012-05-30 08:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI

2012-05-30 08:15 . 2012-05-30 08:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI

2012-05-29 10:40 . 2012-05-29 10:40 -------- d-----w- c:\program files (x86)\ESET

2012-05-29 09:17 . 2012-05-29 09:17 -------- d-----w- c:\users\Patrick\AppData\Roaming\SUPERAntiSpyware.com

2012-05-29 09:16 . 2012-05-31 06:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-05-29 09:16 . 2012-05-29 09:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\users\Patrick\AppData\Roaming\Malwarebytes

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-29 07:22 . 2012-05-29 07:22 -------- d-----w- c:\programdata\Malwarebytes

2012-05-29 07:22 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-27 09:48 . 2012-05-27 09:48 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-05-22 06:53 . 2012-05-22 07:08 -------- d-----w- c:\users\Patrick\AppData\Local\Spotify

2012-05-22 06:41 . 2012-06-02 01:45 -------- d-----w- c:\users\Patrick\AppData\Roaming\Spotify

2012-05-09 21:44 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 21:44 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-09 21:44 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 21:44 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 21:44 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 21:44 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 21:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 21:41 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 21:41 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 21:41 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 21:41 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 21:41 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 21:41 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-30 10:31 . 2011-01-18 22:41 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-05 00:24 . 2012-04-03 11:00 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 00:24 . 2011-05-28 08:08 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 00:24 . 2012-04-03 11:24 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-03-09 05:16 . 2012-03-09 05:16 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-03-09 05:14 . 2012-03-09 05:14 958464 ----a-w- c:\windows\system32\aticfx64.dll

2012-03-09 05:11 . 2012-03-09 05:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll

2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-03-09 04:35 . 2012-03-09 04:35 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll

2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-03-09 04:11 . 2012-03-09 04:11 7552000 ----a-w- c:\windows\system32\atiumd64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-03-09 03:58 . 2012-03-09 03:58 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-03-09 03:57 . 2012-03-09 03:57 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-03-09 03:56 . 2012-03-09 03:56 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-03-09 03:56 . 2012-03-09 03:56 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-03-09 03:47 . 2012-03-09 03:47 58880 ----a-w- c:\windows\system32\coinst.dll

2012-03-08 15:26 . 2012-03-08 15:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-03-08 15:26 . 2012-03-08 15:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-03-08 15:26 . 2012-03-08 15:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll

2012-03-08 15:26 . 2012-03-08 15:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-03-08 15:26 . 2012-03-08 15:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll

2012-03-08 15:25 . 2012-03-08 15:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-03-08 15:24 . 2012-03-08 15:24 54272 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-08 15:24 . 2012-03-08 15:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-01_23.39.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-06-02 01:42 43022 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-12-25 03:51 . 2012-05-31 06:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-25 03:51 . 2012-06-02 01:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-31 06:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-02 01:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-06-01 23:39 . 2012-06-01 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-02 02:22 . 2012-06-02 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-01 23:39 . 2012-06-01 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-02 02:22 . 2012-06-02 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-06-02 02:22 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-06-01 23:39 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 02:36 . 2012-06-02 02:26 679220 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-31 10:28 679220 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-02 02:26 130532 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-31 10:28 130532 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-06-02 02:21 406748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-01 23:37 406748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:54 . 2012-06-01 23:39 3637248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-02 02:22 3637248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-01 23:39 7045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-02 02:22 7045120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-30 00:30 . 2012-06-02 02:21 48854316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4246847323-3649980208-3125243383-1001-12288.dat

+ 2012-04-16 00:28 . 2012-04-16 00:28 78661632 c:\windows\Installer\3405ed.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"Vidalia"="e:\programs\Tor\Vidalia Bundle\Vidalia\vidalia.exe" [2011-12-14 5407850]

"Spotify"="c:\users\Patrick\AppData\Roaming\Spotify\Spotify.exe" [2012-05-22 9478320]

"Spotify Web Helper"="c:\users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-22 932528]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-20 5199984]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

"StartCCC"="e:\programs\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-08 636032]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

MacroMaker.lnk - c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{49E9E81A-9CA8-4A76-8AD6-BE7E3B2E1E2A}\_576A67D38B93E433719FBD.exe [2011-10-10 10134]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 ALSysIO;ALSysIO;c:\users\Patrick\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]

R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]

R3 jswpsapi;Jumpstart Wifi Protected Setup;e:\programs\Belkin\jswpsapi.exe [2007-10-29 352338]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]

R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys [x]

R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\programs\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe [2009-03-28 95896]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;e:\my docuemnts\WinRing0x64.sys [2011-12-19 14544]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]

S2 DirMngr;DirMngr;e:\programs\GnuPG\dirmngr.exe [2011-03-02 224256]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [x]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:24]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246847323-3649980208-3125243383-1001Core.job

- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 07:39]

.

2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4246847323-3649980208-3125243383-1001UA.job

- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-26 07:39]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-30 204048]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all with Free Download Manager - file://e:\programs\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://e:\programs\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://e:\programs\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://e:\programs\Free Download Manager\dllink.htm

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

LSP: e:\programs\VmWare Viewer\vsocklib.dll

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{2A5A9786-F155-400B-86DA-463D12CDD892}: NameServer = 192.168.2.1

TCP: Interfaces\{C08B36DD-0326-47AE-B6A2-DA2397AC9C74}: NameServer = 192.168.2.1

TCP: Interfaces\{EEE80DE8-3571-45DB-9720-492E27304301}: NameServer = 8.8.8.8

FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\b3q7ws3r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.ftp - localhost

FF - prefs.js: network.proxy.ftp_port - 8118

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.socks - localhost

FF - prefs.js: network.proxy.socks_port - 8118

FF - prefs.js: network.proxy.ssl - localhost

FF - prefs.js: network.proxy.ssl_port - 8118

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:c6,7c,90,cd,b1,c6,29,68,09,5b,04,e5,cc,06,7a,6d,92,83,d3,e8,74,

7e,c4,93,03,8c,cc,a9,44,b7,a2,7b,a9,18,ea,da,00,b2,fb,4e,b8,f2,5e,69,b5,d1,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:c6,7c,90,cd,b1,c6,29,68,09,5b,04,e5,cc,06,7a,6d,92,83,d3,e8,74,

7e,c4,93,03,8c,cc,a9,44,b7,a2,7b,a9,18,ea,da,00,b2,fb,4e,b8,f2,5e,69,b5,d1,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\vmnat.exe

e:\programs\VmWare Viewer\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\ARM Software\MacroMaker\MacroMaker.exe

.

**************************************************************************

.

Completion time: 2012-06-02 12:40:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-02 02:40

ComboFix2.txt 2012-06-02 01:47

ComboFix3.txt 2012-06-01 23:48

.

Pre-Run: 22,117,445,632 bytes free

Post-Run: 22,055,677,952 bytes free

.

- - End Of File - - AF08CB219E22475207FF52CA7F236A7B

Link to post
Share on other sites

Excellent. Let's run an online scan to verify there aren't any traces left:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6d8451f0147851448291d4d7c2b1457b

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-04 08:26:25

# local_time=2012-06-04 06:26:25 (+1000, AUS Eastern Standard Time)

# country="Australia"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 17999567 17999567 0 0

# compatibility_mode=5893 16776574 100 94 36161208 90425791 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=607673

# found=7

# cleaned=7

# scan_time=6042

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick\AppData\Local\Temp\jar_cache4135298448238824818.tmp Java/Exploit.CVE-2012-0507.AQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick\AppData\Local\Temp\jar_cache8353851137779425056.tmp Java/Exploit.CVE-2012-0507.AQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick\AppData\Local\Temp\jar_cache9076267625705605617.tmp Java/Exploit.CVE-2012-0507.AQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Patrick\AppData\Local\Temp\jar_cache9114205143292368312.tmp Java/Exploit.CVE-2012-0507.AQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\My Docuemnts\EuroScope\Downloads\cnet_route_planner_free_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Looking good. :)

Let's see what programs of yours need updating:

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.