Jump to content

Please help me, i think im infected


Recommended Posts

Hi, i think my pc is infected, the anti-malware software i got does not take any effect, (anti-malwarebytes and tdsskiller), i also cant use google chrome, internet explorer. the only one that works is firefox, and i think im being blocked by pages like this by the virus, i have to resort to using a proxy to actually get on this website, please can someone help me!

The first thread told me to send you this, : .

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jordi at 20:02:34 on 2012-06-16

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120503182550.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Bcool Class: {f43916c8-74f3-5f14-9617-2c8dc138286b} - C:\ProgramData\Bcool\bhoclass.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

uRun: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [OpkIhbnd] C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe

uRun: [Nuwya] C:\Users\Jordi\AppData\Roaming\Eryv\uwup.exe

mRun: []

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Jordi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jordi\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opkihbnd.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{0CAEFB37-F5E8-4BCF-9758-42E335DD7B37} : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{0CAEFB37-F5E8-4BCF-9758-42E335DD7B37}\35B4955393130353 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{59BAD6A9-DE91-4175-BECF-9350D77DFDC4} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{6780A4D2-EACD-484C-900E-4D83824602EA} : DhcpNameServer = 10.72.0.72 10.72.0.73

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

BHO-X64: BitComet ClickCapture - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120503182550.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Bcool Class: {F43916C8-74F3-5F14-9617-2C8DC138286B} - C:\ProgramData\Bcool\bhoclass.dll

BHO-X64: Bcool - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

mRun-x64: [(Default)]

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jordi\AppData\Roaming\Mozilla\Firefox\Profiles\dcv15hde.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-06-16 18:53:16 -------- d-----w- C:\Users\Jordi\AppData\Roaming\Malwarebytes

2012-06-16 18:53:10 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-16 18:53:09 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-16 18:53:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-13 23:20:07 -------- d-----w- C:\Users\Jordi\AppData\Roaming\Kaykxy

2012-06-13 23:20:07 -------- d-----w- C:\Users\Jordi\AppData\Roaming\Esuvs

2012-06-13 23:20:07 -------- d-----w- C:\Users\Jordi\AppData\Roaming\Eryv

2012-06-13 23:05:41 -------- d-----w- C:\Users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}

2012-06-13 23:05:38 319488 ----a-w- C:\Users\Jordi\AppData\Roaming\ngces.dll

2012-06-13 23:05:04 125952 ----a-w- C:\Users\Jordi\AppData\Roaming\wimolp.dll

2012-06-13 22:24:12 -------- d-----w- C:\Users\Jordi\AppData\Local\The Lord of the Rings Online

2012-06-13 22:17:16 -------- d-----w- C:\Users\Jordi\AppData\Local\Turbine

2012-06-13 22:17:10 -------- d-----w- C:\Users\Jordi\AppData\Local\ApplicationHistory

2012-06-13 22:15:55 -------- d-----w- C:\Windows\SysWow64\URTTEMP

2012-06-13 00:12:53 88364 --s---w- C:\Users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opkihbnd.exe

2012-06-13 00:12:53 -------- d-----w- C:\Users\Jordi\AppData\Local\gjsvwbem

2012-06-12 23:03:47 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-12 23:03:47 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-12 23:03:47 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-12 23:00:27 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-12 22:59:09 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-12 22:59:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-12 22:59:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-12 22:56:27 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-12 22:54:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-12 22:51:47 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-12 22:51:47 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-12 22:50:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-12 22:50:40 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-12 22:50:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-12 22:50:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-12 22:50:40 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-12 22:50:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-12 22:23:41 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AEDCEAC-A3CF-4C7C-8D2D-1EE2C3BA9822}\mpengine.dll

2012-06-09 01:32:04 -------- d-----w- C:\ProgramData\Premium

2012-06-09 01:32:03 -------- d-----w- C:\ProgramData\GboxUpdater

2012-06-09 01:31:58 -------- d-----w- C:\ProgramData\OptimizerPro

2012-06-09 01:31:54 -------- d-----w- C:\Program Files (x86)\Optimizer Pro

2012-06-09 01:31:51 -------- d-----w- C:\ProgramData\Bcool

2012-06-09 01:31:07 -------- d-----w- C:\ProgramData\InstallMate

2012-06-09 01:01:46 -------- d-----w- C:\Program Files (x86)\thechineseroom

2012-06-06 17:17:20 -------- d---a-w- C:\GMD-TMP

2012-06-06 17:10:42 -------- d-----w- C:\Program Files\Valve

2012-05-29 21:30:00 -------- d-----r- C:\Users\Jordi\Dropbox

2012-05-29 16:30:28 -------- d-----w- C:\Users\Jordi\AppData\Local\Apple Computer

2012-05-29 16:30:03 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-05-29 16:30:03 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-05-29 16:30:03 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-05-29 16:29:35 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-05-29 16:29:35 -------- d-----w- C:\Program Files\iTunes

2012-05-29 16:29:35 -------- d-----w- C:\Program Files\iPod

2012-05-29 16:29:35 -------- d-----w- C:\Program Files (x86)\iTunes

2012-05-29 16:29:09 -------- d-----w- C:\Users\Jordi\AppData\Local\Apple

2012-05-29 16:28:43 -------- d-----w- C:\Program Files\Bonjour

2012-05-29 16:28:43 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-05-29 16:24:53 -------- d-----w- C:\Users\Jordi\AppData\Local\{2E79592C-B213-487D-869F-8F89BA77374C}

2012-05-29 16:24:42 -------- d-----w- C:\Users\Jordi\AppData\Local\{DCD4CF4B-3626-4980-A807-FCCC157B77F5}

2012-05-23 15:05:21 -------- d-----w- C:\Users\Jordi\AppData\Local\SniperV2

2012-05-23 13:50:47 -------- d-----w- C:\Program Files (x86)\Rebellion

2012-05-21 17:20:10 -------- d-----w- C:\Users\Jordi\AppData\Local\{BC5C79F1-D834-4244-ADAF-9DCFDA5B46DC}

2012-05-21 17:17:43 -------- d-----w- C:\Users\Jordi\AppData\Local\{0868906D-3AC0-47B0-A957-81D1EA7E72BC}

2012-05-21 16:58:39 -------- d-----w- C:\Users\Jordi\AppData\Local\{4BC851C1-DC0A-4E45-AA9E-D6482793DF4F}

.

==================== Find3M ====================

.

2012-05-25 00:16:49 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-05-25 00:16:29 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-05-25 00:16:08 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-06 21:29:30 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-05-06 21:28:15 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-05-05 15:35:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 15:35:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 15:35:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-03 18:40:58 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-04-10 21:36:00 685338 ----a-w- C:\Program Files (x86)\unins000.exe

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-20 12:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe

.

============= FINISH: 20:02:51.42 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

1.0

Adobe AIR

Adobe Reader X MUI

AlienRespawn

AlienRespawn - Support Software

Alliance of Valiant Arms

Apple Application Support

Apple Software Update

Audacity 2.0

Aurora-R3 Manual

Bamboo Dock

Battlefield 3™

Battlelog Web Plugins

Bcool

Belkin F5D8053 N Wireless USB Adapter

Bing Bar

BitComet 1.31 64-bit

Call of Duty® 2

Call of Duty® 2 Patch 1.3

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.1 Patch

Call of Duty® 4 - Modern Warfare 1.2 Patch

Call of Duty® 4 - Modern Warfare 1.3 Patch

Call of Duty® 4 - Modern Warfare 1.4 Patch

Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

Call of Duty® 4 - Modern Warfare 1.5 Patch

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Championship Manager 01-02

Command Center

Consol app

Creation Kit

CryEngine®2 Sandbox2

Crysis®

D3DX10

DAEMON Tools Lite

Dear Esther

DirectX 9 Runtime

Dropbox

ESN Sonar

Fraps (remove only)

Garry's Mod

Garry's Mod 13

Gbox Updater

Google Chrome

Google Update Helper

Grand Theft Auto IV

HP Photo Creations

HP Photosmart 6510 series Help

HP Update

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 27

LAME v3.99.3 (for Windows)

Left 4 Dead 2

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Native Instruments Massive

Native Instruments Massive v1.0.1.008 VSTi DXi RTAS

Native Instruments Service Center

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OF Dragon Rising

OptimizerPro Updater

Origin

PhotoShowExpress

Portal

PunkBuster Services

RAGE

RAR Password Cracker 4.12

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

reFX Nexus 1.0.0

reFX Nexus 1.0.9

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Sonic CinePlayer Decoder Pack

Steam

The Witcher 2

THX TruStudio PC

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== End Of File ===========================

the second thread looked like it could be helpful, but i don't really know what im looking for in it. All i know is that the infection stops me from stopping IT, so malwarebytes and mcaffee just do not even start up :( Thanks helping me by the way

Link to post
Share on other sites

Welcome to the forum.....You are badly infected!

Before we proceed further, please uninstall or disable BitComet and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

--------------------------------------------

See if you can do this...

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

------------------------

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

Thank you very much for helping me Mr.C, here are the logs, ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=16bda9a6400aee429541bd93393f2e79

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-18 07:17:16

# local_time=2012-06-18 08:17:16 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5121 16777213 100 75 944479 5268908 0 0

# compatibility_mode=5893 16776574 66 94 420687 92512062 0 0

# compatibility_mode=8192 67108863 100 0 93 93 0 0

# scanned=162

# found=0

# cleaned=0

# scan_time=24

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=16bda9a6400aee429541bd93393f2e79

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-18 08:46:43

# local_time=2012-06-18 09:46:43 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5121 16777213 100 75 944556 5268985 0 0

# compatibility_mode=5893 16776574 66 94 420764 92512139 0 0

# compatibility_mode=8192 67108863 100 0 170 170 0 0

# scanned=305675

# found=11

# cleaned=10

# scan_time=5313

C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jordi\AppData\Local\Temp\InstallerBT.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jordi\AppData\Local\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jordi\AppData\Local\Temp\V.class Java/Agent.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jordi\AppData\Local\Temp\ICReinstall\cnet2_rpc412_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jordi\AppData\Roaming\ngces.dll a variant of Win32/Medfos.AG trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Users\Jordi\Desktop\RK_Quarantine\ngces.dll.vir a variant of Win32/Medfos.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Jordi\Dropbox\DTLite4454-0315.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} a variant of Win32/Ramnit.L virus 00000000000000000000000000000000 I

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRKgmailcom

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jordi [Admin rights]

Mode: Remove -- Date: 06/18/2012 20:12:43

¤¤¤ Bad processes: 2 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 14 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : OpkIhbnd (C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe) -> DELETED

[sUSP PATH] HKCU\[...]\Run : Nuwya (C:\Users\Jordi\AppData\Roaming\Eryv\uwup.exe) -> DELETED

[bLACKLIST DLL] HKLM\[...]\Run : wimolp (rundll32.exe "C:\Users\Jordi\AppData\Roaming\wimolp.dll",GetCounter) -> DELETED

[bLACKLIST DLL] HKLM\[...]\Run : ngces ("C:\Windows\System32\rundll32.exe" "C:\Users\Jordi\AppData\Roaming\ngces.dll",FillVolumeTextureTX) -> DELETED

[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (userinit.exe,C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe) -> REPLACED (userinit.exe)

[sUSP PATH] OptimizerProUpdaterRefreshTask.job @ : C:\ProgramData\OptimizerPro\updater.exe -> DELETED

[sUSP PATH] OptimizerProUpdaterLogonTask.job @ : C:\ProgramData\OptimizerPro\updater.exe -> DELETED

[sUSP PATH] GboxUpdaterRefreshTask.job @ : C:\ProgramData\GboxUpdater\updater.exe -> DELETED

[sUSP PATH] GboxUpdaterLogonTask.job @ : C:\ProgramData\GboxUpdater\updater.exe -> DELETED

[sUSP PATH] {718E90D4-3F40-4A3A-A96F-2B867CE4D060}.job @ : C:\Users\Jordi\Desktop\xpadder_gamepad_profiler\Xpadder.exe -> DELETED

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{b5e9965d-7248-0fb4-8807-e8e0c8e8de2c}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll)

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] b931c9a9377dceb4b4e2b433006db7df

[bSP] f91ad37179ea1cb3eb01eeb9d8297504 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10466 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21516288 | Size: 943362 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : >

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

Win32/Ramnit.L virus <-------Win32/Ramnit.L is a file infector and usually the only way to fix this is to format and reinstall the operating system, but we'll see.

¤¤¤ Infection : ZeroAccess ¤¤¤ <----This a rootkit (read below)

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

  • There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  • There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  • I strongly suggest you back up all of the important items on the system before we continue.

Please let me know you have read this and agree to it.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

----------------------------------------------------------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

This is what i got from TDSS, 23:50:17.0497 3288 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

23:50:17.0504 3288 ============================================================

23:50:17.0504 3288 Current date / time: 2012/06/18 23:50:17.0504

23:50:17.0504 3288 SystemInfo:

23:50:17.0504 3288

23:50:17.0504 3288 OS Version: 6.1.7601 ServicePack: 1.0

23:50:17.0504 3288 Product type: Workstation

23:50:17.0505 3288 ComputerName: JORDI-PC

23:50:17.0505 3288 UserName: Jordi

23:50:17.0505 3288 Windows directory: C:\Windows

23:50:17.0505 3288 System windows directory: C:\Windows

23:50:17.0505 3288 Running under WOW64

23:50:17.0505 3288 Processor architecture: Intel x64

23:50:17.0505 3288 Number of processors: 4

23:50:17.0505 3288 Page size: 0x1000

23:50:17.0505 3288 Boot type: Normal boot

23:50:17.0505 3288 ============================================================

23:50:17.0863 3288 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:50:17.0865 3288 ============================================================

23:50:17.0865 3288 \Device\Harddisk0\DR0:

23:50:17.0866 3288 MBR partitions:

23:50:17.0866 3288 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1471000

23:50:17.0866 3288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1485000, BlocksNum 0x73281000

23:50:17.0866 3288 ============================================================

23:50:17.0899 3288 C: \Device\Harddisk0\DR0\Partition1

23:50:17.0899 3288 ============================================================

23:50:17.0899 3288 Initialize success

23:50:17.0899 3288 ============================================================

23:53:32.0625 6308 ============================================================

23:53:32.0625 6308 Scan started

23:53:32.0625 6308 Mode: Manual; SigCheck; TDLFS;

23:53:32.0625 6308 ============================================================

23:53:33.0788 6308 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

23:53:33.0891 6308 1394ohci - ok

23:53:33.0924 6308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:53:33.0936 6308 ACPI - ok

23:53:33.0951 6308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:53:34.0029 6308 AcpiPmi - ok

23:53:34.0128 6308 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:53:34.0138 6308 AdobeFlashPlayerUpdateSvc - ok

23:53:34.0163 6308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

23:53:34.0181 6308 adp94xx - ok

23:53:34.0216 6308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

23:53:34.0232 6308 adpahci - ok

23:53:34.0262 6308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

23:53:34.0274 6308 adpu320 - ok

23:53:34.0295 6308 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

23:53:34.0365 6308 AeLookupSvc - ok

23:53:34.0424 6308 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

23:53:34.0496 6308 AFD - ok

23:53:34.0512 6308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:53:34.0522 6308 agp440 - ok

23:53:34.0536 6308 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

23:53:34.0581 6308 ALG - ok

23:53:34.0665 6308 AlienFusionService (976d409a347340c907cd854fb9a9b252) C:\Program Files\Alienware\Command Center\AlienFusionService.exe

23:53:34.0673 6308 AlienFusionService - ok

23:53:34.0683 6308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:53:34.0693 6308 aliide - ok

23:53:34.0703 6308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:53:34.0711 6308 amdide - ok

23:53:34.0724 6308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

23:53:34.0746 6308 AmdK8 - ok

23:53:34.0751 6308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

23:53:34.0778 6308 AmdPPM - ok

23:53:34.0824 6308 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:53:34.0861 6308 amdsata - ok

23:53:34.0887 6308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

23:53:34.0900 6308 amdsbs - ok

23:53:34.0908 6308 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:53:34.0916 6308 amdxata - ok

23:53:34.0980 6308 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:53:35.0112 6308 AppID - ok

23:53:35.0159 6308 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

23:53:35.0204 6308 AppIDSvc - ok

23:53:35.0226 6308 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

23:53:35.0286 6308 Appinfo - ok

23:53:35.0381 6308 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:53:35.0388 6308 Apple Mobile Device - ok

23:53:35.0407 6308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

23:53:35.0417 6308 arc - ok

23:53:35.0425 6308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

23:53:35.0437 6308 arcsas - ok

23:53:35.0492 6308 aspnet_state - ok

23:53:35.0510 6308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:53:35.0569 6308 AsyncMac - ok

23:53:35.0620 6308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:53:35.0629 6308 atapi - ok

23:53:35.0664 6308 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:53:35.0709 6308 AudioEndpointBuilder - ok

23:53:35.0713 6308 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:53:35.0742 6308 AudioSrv - ok

23:53:35.0753 6308 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

23:53:35.0877 6308 AxInstSV - ok

23:53:35.0909 6308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

23:53:35.0946 6308 b06bdrv - ok

23:53:35.0985 6308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:53:36.0016 6308 b57nd60a - ok

23:53:36.0120 6308 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

23:53:36.0130 6308 BBSvc - ok

23:53:36.0158 6308 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

23:53:36.0168 6308 BBUpdate - ok

23:53:36.0180 6308 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

23:53:36.0215 6308 BDESVC - ok

23:53:36.0222 6308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:53:36.0275 6308 Beep - ok

23:53:36.0358 6308 BITCOMET_HELPER_SERVICE - ok

23:53:36.0396 6308 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

23:53:36.0451 6308 BITS - ok

23:53:36.0470 6308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

23:53:36.0485 6308 blbdrive - ok

23:53:36.0555 6308 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

23:53:36.0567 6308 Bonjour Service - ok

23:53:36.0618 6308 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:53:36.0657 6308 bowser - ok

23:53:36.0667 6308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

23:53:36.0696 6308 BrFiltLo - ok

23:53:36.0709 6308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

23:53:36.0725 6308 BrFiltUp - ok

23:53:36.0745 6308 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

23:53:36.0779 6308 Browser - ok

23:53:36.0793 6308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:53:36.0827 6308 Brserid - ok

23:53:36.0843 6308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:53:36.0866 6308 BrSerWdm - ok

23:53:36.0874 6308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:53:36.0889 6308 BrUsbMdm - ok

23:53:36.0900 6308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:53:36.0913 6308 BrUsbSer - ok

23:53:36.0930 6308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

23:53:36.0951 6308 BTHMODEM - ok

23:53:36.0970 6308 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

23:53:37.0018 6308 bthserv - ok

23:53:37.0061 6308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:53:37.0098 6308 cdfs - ok

23:53:37.0159 6308 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

23:53:37.0208 6308 cdrom - ok

23:53:37.0232 6308 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:53:37.0291 6308 CertPropSvc - ok

23:53:37.0336 6308 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

23:53:37.0375 6308 cfwids - ok

23:53:37.0414 6308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

23:53:37.0429 6308 circlass - ok

23:53:37.0450 6308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:53:37.0462 6308 CLFS - ok

23:53:37.0530 6308 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:53:37.0539 6308 clr_optimization_v2.0.50727_32 - ok

23:53:37.0607 6308 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:53:37.0617 6308 clr_optimization_v2.0.50727_64 - ok

23:53:37.0657 6308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:53:37.0666 6308 clr_optimization_v4.0.30319_32 - ok

23:53:37.0685 6308 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:53:37.0693 6308 clr_optimization_v4.0.30319_64 - ok

23:53:37.0719 6308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

23:53:37.0733 6308 CmBatt - ok

23:53:37.0736 6308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:53:37.0745 6308 cmdide - ok

23:53:37.0797 6308 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

23:53:37.0815 6308 CNG - ok

23:53:37.0842 6308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

23:53:37.0852 6308 Compbatt - ok

23:53:37.0875 6308 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

23:53:37.0931 6308 CompositeBus - ok

23:53:37.0933 6308 COMSysApp - ok

23:53:37.0957 6308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

23:53:37.0966 6308 crcdisk - ok

23:53:38.0015 6308 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

23:53:38.0041 6308 CryptSvc - ok

23:53:38.0076 6308 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:53:38.0115 6308 DcomLaunch - ok

23:53:38.0155 6308 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

23:53:38.0194 6308 defragsvc - ok

23:53:38.0237 6308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:53:38.0273 6308 DfsC - ok

23:53:38.0321 6308 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

23:53:38.0356 6308 Dhcp - ok

23:53:38.0371 6308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:53:38.0418 6308 discache - ok

23:53:38.0449 6308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

23:53:38.0458 6308 Disk - ok

23:53:38.0486 6308 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

23:53:38.0525 6308 Dnscache - ok

23:53:38.0540 6308 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

23:53:38.0590 6308 dot3svc - ok

23:53:38.0622 6308 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

23:53:38.0660 6308 DPS - ok

23:53:38.0712 6308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:53:38.0738 6308 drmkaud - ok

23:53:38.0796 6308 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

23:53:38.0837 6308 dtsoftbus01 - ok

23:53:38.0918 6308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:53:38.0972 6308 DXGKrnl - ok

23:53:38.0991 6308 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

23:53:39.0028 6308 EapHost - ok

23:53:39.0130 6308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

23:53:39.0200 6308 ebdrv - ok

23:53:39.0311 6308 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

23:53:39.0347 6308 EFS - ok

23:53:39.0423 6308 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

23:53:39.0445 6308 ehRecvr - ok

23:53:39.0455 6308 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

23:53:39.0468 6308 ehSched - ok

23:53:39.0519 6308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

23:53:39.0536 6308 elxstor - ok

23:53:39.0544 6308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:53:39.0557 6308 ErrDev - ok

23:53:39.0594 6308 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

23:53:39.0645 6308 EventSystem - ok

23:53:39.0663 6308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:53:39.0704 6308 exfat - ok

23:53:39.0717 6308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:53:39.0755 6308 fastfat - ok

23:53:39.0784 6308 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

23:53:39.0831 6308 Fax - ok

23:53:39.0840 6308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

23:53:39.0860 6308 fdc - ok

23:53:39.0875 6308 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

23:53:39.0922 6308 fdPHost - ok

23:53:39.0938 6308 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

23:53:39.0975 6308 FDResPub - ok

23:53:39.0986 6308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:53:39.0995 6308 FileInfo - ok

23:53:40.0005 6308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:53:40.0062 6308 Filetrace - ok

23:53:40.0130 6308 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:53:40.0149 6308 FLEXnet Licensing Service - ok

23:53:40.0191 6308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

23:53:40.0204 6308 flpydisk - ok

23:53:40.0225 6308 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:53:40.0236 6308 FltMgr - ok

23:53:40.0287 6308 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

23:53:40.0332 6308 FontCache - ok

23:53:40.0386 6308 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:53:40.0424 6308 FontCache3.0.0.0 - ok

23:53:40.0450 6308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:53:40.0460 6308 FsDepends - ok

23:53:40.0507 6308 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

23:53:40.0544 6308 Fs_Rec - ok

23:53:40.0561 6308 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:53:40.0574 6308 fvevol - ok

23:53:40.0593 6308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

23:53:40.0604 6308 gagp30kx - ok

23:53:40.0625 6308 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:53:40.0659 6308 GEARAspiWDM - ok

23:53:40.0700 6308 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

23:53:40.0732 6308 gpsvc - ok

23:53:40.0816 6308 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:53:40.0824 6308 gupdate - ok

23:53:40.0826 6308 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:53:40.0833 6308 gupdatem - ok

23:53:40.0849 6308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:53:40.0873 6308 hcw85cir - ok

23:53:40.0898 6308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:53:40.0948 6308 HDAudBus - ok

23:53:40.0951 6308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

23:53:40.0970 6308 HidBatt - ok

23:53:40.0978 6308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

23:53:41.0000 6308 HidBth - ok

23:53:41.0017 6308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

23:53:41.0032 6308 HidIr - ok

23:53:41.0040 6308 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

23:53:41.0090 6308 hidserv - ok

23:53:41.0103 6308 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:53:41.0142 6308 HidUsb - ok

23:53:41.0151 6308 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

23:53:41.0219 6308 hkmsvc - ok

23:53:41.0234 6308 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

23:53:41.0278 6308 HomeGroupListener - ok

23:53:41.0310 6308 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

23:53:41.0323 6308 HomeGroupProvider - ok

23:53:41.0329 6308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:53:41.0366 6308 HpSAMD - ok

23:53:41.0394 6308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:53:41.0464 6308 HTTP - ok

23:53:41.0475 6308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:53:41.0483 6308 hwpolicy - ok

23:53:41.0499 6308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

23:53:41.0514 6308 i8042prt - ok

23:53:41.0537 6308 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys

23:53:41.0549 6308 iaStor - ok

23:53:41.0616 6308 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

23:53:41.0624 6308 IAStorDataMgrSvc - ok

23:53:41.0643 6308 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:53:41.0687 6308 iaStorV - ok

23:53:41.0756 6308 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:53:41.0773 6308 idsvc - ok

23:53:41.0777 6308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

23:53:41.0788 6308 iirsp - ok

23:53:41.0839 6308 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

23:53:41.0884 6308 IKEEXT - ok

23:53:41.0975 6308 IntcAzAudAddService (b4563fdbcae3d96d1aff474a84965a63) C:\Windows\system32\drivers\RTKVHD64.sys

23:53:42.0063 6308 IntcAzAudAddService - ok

23:53:42.0156 6308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:53:42.0165 6308 intelide - ok

23:53:42.0179 6308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

23:53:42.0203 6308 intelppm - ok

23:53:42.0245 6308 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

23:53:42.0297 6308 IPBusEnum - ok

23:53:42.0304 6308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:53:42.0357 6308 IpFilterDriver - ok

23:53:42.0362 6308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:53:42.0426 6308 IPMIDRV - ok

23:53:42.0443 6308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:53:42.0490 6308 IPNAT - ok

23:53:42.0573 6308 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

23:53:42.0591 6308 iPod Service - ok

23:53:42.0604 6308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:53:42.0618 6308 IRENUM - ok

23:53:42.0630 6308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:53:42.0639 6308 isapnp - ok

23:53:42.0657 6308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:53:42.0697 6308 iScsiPrt - ok

23:53:42.0716 6308 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\drivers\jraid.sys

23:53:42.0726 6308 JRAID - ok

23:53:42.0753 6308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:53:42.0764 6308 kbdclass - ok

23:53:42.0784 6308 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

23:53:42.0836 6308 kbdhid - ok

23:53:42.0855 6308 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:53:42.0867 6308 KeyIso - ok

23:53:42.0889 6308 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

23:53:42.0898 6308 KSecDD - ok

23:53:42.0913 6308 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

23:53:42.0923 6308 KSecPkg - ok

23:53:42.0929 6308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:53:42.0974 6308 ksthunk - ok

23:53:43.0012 6308 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

23:53:43.0070 6308 KtmRm - ok

23:53:43.0103 6308 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

23:53:43.0142 6308 LanmanServer - ok

23:53:43.0161 6308 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

23:53:43.0196 6308 LanmanWorkstation - ok

23:53:43.0221 6308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:53:43.0271 6308 lltdio - ok

23:53:43.0294 6308 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

23:53:43.0336 6308 lltdsvc - ok

23:53:43.0349 6308 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

23:53:43.0388 6308 lmhosts - ok

23:53:43.0411 6308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

23:53:43.0422 6308 LSI_FC - ok

23:53:43.0428 6308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

23:53:43.0438 6308 LSI_SAS - ok

23:53:43.0442 6308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

23:53:43.0451 6308 LSI_SAS2 - ok

23:53:43.0457 6308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

23:53:43.0468 6308 LSI_SCSI - ok

23:53:43.0485 6308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:53:43.0528 6308 luafv - ok

23:53:43.0591 6308 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe

23:53:43.0602 6308 McAWFwk - ok

23:53:43.0627 6308 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

23:53:43.0638 6308 McMPFSvc - ok

23:53:43.0641 6308 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

23:53:43.0651 6308 mcmscsvc - ok

23:53:43.0666 6308 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

23:53:43.0676 6308 McNaiAnn - ok

23:53:43.0684 6308 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

23:53:43.0694 6308 McNASvc - ok

23:53:43.0768 6308 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe

23:53:43.0782 6308 McODS - ok

23:53:43.0785 6308 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

23:53:43.0795 6308 McOobeSv - ok

23:53:43.0797 6308 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

23:53:43.0807 6308 McProxy - ok

23:53:43.0857 6308 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

23:53:43.0868 6308 McShield - ok

23:53:43.0948 6308 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

23:53:43.0982 6308 Mcx2Svc - ok

23:53:44.0024 6308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

23:53:44.0035 6308 megasas - ok

23:53:44.0064 6308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

23:53:44.0078 6308 MegaSR - ok

23:53:44.0115 6308 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys

23:53:44.0151 6308 MEIx64 - ok

23:53:44.0168 6308 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

23:53:44.0206 6308 mfeapfk - ok

23:53:44.0224 6308 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

23:53:44.0264 6308 mfeavfk - ok

23:53:44.0271 6308 mfeavfk01 - ok

23:53:44.0284 6308 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

23:53:44.0295 6308 mfefire - ok

23:53:44.0311 6308 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

23:53:44.0355 6308 mfefirek - ok

23:53:44.0394 6308 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

23:53:44.0411 6308 mfehidk - ok

23:53:44.0419 6308 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

23:53:44.0455 6308 mfenlfk - ok

23:53:44.0472 6308 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

23:53:44.0509 6308 mferkdet - ok

23:53:44.0550 6308 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe

23:53:44.0588 6308 mfevtp - ok

23:53:44.0606 6308 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

23:53:44.0618 6308 mfewfpk - ok

23:53:44.0642 6308 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:53:44.0684 6308 MMCSS - ok

23:53:44.0688 6308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:53:44.0729 6308 Modem - ok

23:53:44.0750 6308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:53:44.0772 6308 monitor - ok

23:53:44.0798 6308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:53:44.0809 6308 mouclass - ok

23:53:44.0827 6308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:53:44.0853 6308 mouhid - ok

23:53:44.0879 6308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:53:44.0888 6308 mountmgr - ok

23:53:44.0954 6308 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:53:44.0963 6308 MozillaMaintenance - ok

23:53:44.0978 6308 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:53:45.0016 6308 mpio - ok

23:53:45.0036 6308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:53:45.0074 6308 mpsdrv - ok

23:53:45.0084 6308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:53:45.0140 6308 MRxDAV - ok

23:53:45.0182 6308 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:53:45.0205 6308 mrxsmb - ok

23:53:45.0228 6308 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:53:45.0242 6308 mrxsmb10 - ok

23:53:45.0251 6308 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:53:45.0263 6308 mrxsmb20 - ok

23:53:45.0285 6308 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:53:45.0323 6308 msahci - ok

23:53:45.0333 6308 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:53:45.0376 6308 msdsm - ok

23:53:45.0404 6308 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

23:53:45.0419 6308 MSDTC - ok

23:53:45.0435 6308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:53:45.0472 6308 Msfs - ok

23:53:45.0483 6308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:53:45.0522 6308 mshidkmdf - ok

23:53:45.0533 6308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:53:45.0542 6308 msisadrv - ok

23:53:45.0558 6308 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

23:53:45.0609 6308 MSiSCSI - ok

23:53:45.0610 6308 msiserver - ok

23:53:45.0651 6308 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

23:53:45.0661 6308 MSK80Service - ok

23:53:45.0674 6308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:53:45.0720 6308 MSKSSRV - ok

23:53:45.0722 6308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:53:45.0762 6308 MSPCLOCK - ok

23:53:45.0765 6308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:53:45.0806 6308 MSPQM - ok

23:53:45.0829 6308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:53:45.0842 6308 MsRPC - ok

23:53:45.0854 6308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

23:53:45.0864 6308 mssmbios - ok

23:53:45.0867 6308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:53:45.0912 6308 MSTEE - ok

23:53:45.0915 6308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

23:53:45.0928 6308 MTConfig - ok

23:53:45.0955 6308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:53:45.0963 6308 Mup - ok

23:53:45.0983 6308 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

23:53:46.0023 6308 napagent - ok

23:53:46.0049 6308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:53:46.0073 6308 NativeWifiP - ok

23:53:46.0130 6308 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

23:53:46.0150 6308 NDIS - ok

23:53:46.0162 6308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:53:46.0201 6308 NdisCap - ok

23:53:46.0225 6308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:53:46.0263 6308 NdisTapi - ok

23:53:46.0276 6308 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:53:46.0328 6308 Ndisuio - ok

23:53:46.0344 6308 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:53:46.0405 6308 NdisWan - ok

23:53:46.0418 6308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:53:46.0470 6308 NDProxy - ok

23:53:46.0479 6308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:53:46.0522 6308 NetBIOS - ok

23:53:46.0543 6308 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:53:46.0570 6308 NetBT - ok

23:53:46.0611 6308 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:53:46.0623 6308 Netlogon - ok

23:53:46.0638 6308 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

23:53:46.0686 6308 Netman - ok

23:53:46.0748 6308 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:53:46.0756 6308 NetMsmqActivator - ok

23:53:46.0758 6308 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:53:46.0766 6308 NetPipeActivator - ok

23:53:46.0794 6308 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

23:53:46.0847 6308 netprofm - ok

23:53:46.0939 6308 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys

23:53:46.0993 6308 netr28ux - ok

23:53:47.0043 6308 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys

23:53:47.0079 6308 netr7364 - ok

23:53:47.0111 6308 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:53:47.0118 6308 NetTcpActivator - ok

23:53:47.0120 6308 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:53:47.0128 6308 NetTcpPortSharing - ok

23:53:47.0155 6308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

23:53:47.0165 6308 nfrd960 - ok

23:53:47.0184 6308 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

23:53:47.0224 6308 NlaSvc - ok

23:53:47.0239 6308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:53:47.0275 6308 Npfs - ok

23:53:47.0285 6308 npggsvc - ok

23:53:47.0299 6308 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

23:53:47.0344 6308 nsi - ok

23:53:47.0358 6308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:53:47.0395 6308 nsiproxy - ok

23:53:47.0451 6308 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:53:47.0498 6308 Ntfs - ok

23:53:47.0571 6308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:53:47.0610 6308 Null - ok

23:53:47.0642 6308 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys

23:53:47.0679 6308 nusb3hub - ok

23:53:47.0696 6308 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys

23:53:47.0734 6308 nusb3xhc - ok

23:53:47.0786 6308 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

23:53:47.0825 6308 NVHDA - ok

23:53:48.0155 6308 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:53:48.0489 6308 nvlddmkm - ok

23:53:48.0547 6308 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:53:48.0585 6308 nvraid - ok

23:53:48.0595 6308 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:53:48.0634 6308 nvstor - ok

23:53:48.0707 6308 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe

23:53:48.0760 6308 nvsvc - ok

23:53:48.0889 6308 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

23:53:48.0941 6308 nvUpdatusService - ok

23:53:48.0990 6308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:53:49.0002 6308 nv_agp - ok

23:53:49.0015 6308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:53:49.0042 6308 ohci1394 - ok

23:53:49.0075 6308 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:53:49.0114 6308 p2pimsvc - ok

23:53:49.0143 6308 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

23:53:49.0163 6308 p2psvc - ok

23:53:49.0172 6308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

23:53:49.0186 6308 Parport - ok

23:53:49.0263 6308 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

23:53:49.0271 6308 partmgr - ok

23:53:49.0278 6308 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

23:53:49.0302 6308 PcaSvc - ok

23:53:49.0330 6308 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:53:49.0340 6308 pci - ok

23:53:49.0358 6308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:53:49.0368 6308 pciide - ok

23:53:49.0380 6308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

23:53:49.0392 6308 pcmcia - ok

23:53:49.0414 6308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:53:49.0423 6308 pcw - ok

23:53:49.0445 6308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:53:49.0499 6308 PEAUTH - ok

23:53:49.0548 6308 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

23:53:49.0572 6308 PerfHost - ok

23:53:49.0621 6308 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

23:53:49.0708 6308 pla - ok

23:53:49.0744 6308 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

23:53:49.0802 6308 PlugPlay - ok

23:53:49.0816 6308 PnkBstrA - ok

23:53:49.0825 6308 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

23:53:49.0846 6308 PNRPAutoReg - ok

23:53:49.0870 6308 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:53:49.0883 6308 PNRPsvc - ok

23:53:49.0908 6308 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

23:53:49.0948 6308 PolicyAgent - ok

23:53:49.0976 6308 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll

23:53:50.0020 6308 Power - ok

23:53:50.0067 6308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:53:50.0129 6308 PptpMiniport - ok

23:53:50.0167 6308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

23:53:50.0193 6308 Processor - ok

23:53:50.0230 6308 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

23:53:50.0259 6308 ProfSvc - ok

23:53:50.0300 6308 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:53:50.0312 6308 ProtectedStorage - ok

23:53:50.0324 6308 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:53:50.0360 6308 Psched - ok

23:53:50.0379 6308 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

23:53:50.0388 6308 PxHlpa64 - ok

23:53:50.0446 6308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

23:53:50.0487 6308 ql2300 - ok

23:53:50.0535 6308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

23:53:50.0545 6308 ql40xx - ok

23:53:50.0584 6308 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

23:53:50.0598 6308 QWAVE - ok

23:53:50.0605 6308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:53:50.0620 6308 QWAVEdrv - ok

23:53:50.0623 6308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:53:50.0660 6308 RasAcd - ok

23:53:50.0683 6308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:53:50.0720 6308 RasAgileVpn - ok

23:53:50.0730 6308 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

23:53:50.0783 6308 RasAuto - ok

23:53:50.0800 6308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:53:50.0858 6308 Rasl2tp - ok

23:53:50.0884 6308 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

23:53:50.0939 6308 RasMan - ok

23:53:50.0954 6308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:53:51.0006 6308 RasPppoe - ok

23:53:51.0018 6308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:53:51.0056 6308 RasSstp - ok

23:53:51.0075 6308 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:53:51.0116 6308 rdbss - ok

23:53:51.0119 6308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

23:53:51.0135 6308 rdpbus - ok

23:53:51.0164 6308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:53:51.0201 6308 RDPCDD - ok

23:53:51.0218 6308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:53:51.0263 6308 RDPENCDD - ok

23:53:51.0287 6308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:53:51.0323 6308 RDPREFMP - ok

23:53:51.0372 6308 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

23:53:51.0419 6308 RDPWD - ok

23:53:51.0443 6308 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:53:51.0453 6308 rdyboost - ok

23:53:51.0473 6308 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

23:53:51.0520 6308 RemoteAccess - ok

23:53:51.0537 6308 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

23:53:51.0576 6308 RemoteRegistry - ok

23:53:51.0681 6308 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

23:53:51.0715 6308 RoxMediaDB12OEM - ok

23:53:51.0750 6308 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

23:53:51.0761 6308 RoxWatch12 - ok

23:53:51.0824 6308 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

23:53:51.0870 6308 RpcEptMapper - ok

23:53:51.0886 6308 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

23:53:51.0900 6308 RpcLocator - ok

23:53:51.0920 6308 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:53:51.0949 6308 RpcSs - ok

23:53:51.0980 6308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:53:52.0027 6308 rspndr - ok

23:53:52.0075 6308 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys

23:53:52.0117 6308 RTL8167 - ok

23:53:52.0149 6308 RtNdPt60 (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys

23:53:52.0185 6308 RtNdPt60 - ok

23:53:52.0232 6308 RTTEAMPT (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys

23:53:52.0268 6308 RTTEAMPT - ok

23:53:52.0281 6308 RTVLANPT (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys

23:53:52.0315 6308 RTVLANPT - ok

23:53:52.0373 6308 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:53:52.0385 6308 SamSs - ok

23:53:52.0396 6308 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:53:52.0433 6308 sbp2port - ok

23:53:52.0462 6308 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

23:53:52.0503 6308 SCardSvr - ok

23:53:52.0527 6308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:53:52.0590 6308 scfilter - ok

23:53:52.0630 6308 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

23:53:52.0687 6308 Schedule - ok

23:53:52.0750 6308 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:53:52.0796 6308 SCPolicySvc - ok

23:53:52.0808 6308 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

23:53:52.0851 6308 SDRSVC - ok

23:53:52.0887 6308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:53:52.0938 6308 secdrv - ok

23:53:52.0950 6308 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

23:53:52.0997 6308 seclogon - ok

23:53:53.0022 6308 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

23:53:53.0071 6308 SENS - ok

23:53:53.0085 6308 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

23:53:53.0108 6308 SensrSvc - ok

23:53:53.0125 6308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

23:53:53.0148 6308 Serenum - ok

23:53:53.0181 6308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

23:53:53.0204 6308 Serial - ok

23:53:53.0231 6308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

23:53:53.0244 6308 sermouse - ok

23:53:53.0257 6308 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

23:53:53.0312 6308 SessionEnv - ok

23:53:53.0315 6308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:53:53.0334 6308 sffdisk - ok

23:53:53.0337 6308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:53:53.0352 6308 sffp_mmc - ok

23:53:53.0355 6308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:53:53.0403 6308 sffp_sd - ok

23:53:53.0406 6308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

23:53:53.0420 6308 sfloppy - ok

23:53:53.0509 6308 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\AlienRespawn\sftservice.EXE

23:53:53.0548 6308 SftService - ok

23:53:53.0612 6308 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

23:53:53.0641 6308 ShellHWDetection - ok

23:53:53.0652 6308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

23:53:53.0662 6308 SiSRaid2 - ok

23:53:53.0669 6308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

23:53:53.0680 6308 SiSRaid4 - ok

23:53:53.0687 6308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:53:53.0736 6308 Smb - ok

23:53:53.0768 6308 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

23:53:53.0788 6308 SNMPTRAP - ok

23:53:53.0791 6308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:53:53.0799 6308 spldr - ok

23:53:53.0821 6308 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

23:53:53.0851 6308 Spooler - ok

23:53:53.0940 6308 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

23:53:54.0029 6308 sppsvc - ok

23:53:54.0068 6308 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

23:53:54.0108 6308 sppuinotify - ok

23:53:54.0147 6308 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:53:54.0195 6308 srv - ok

23:53:54.0220 6308 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:53:54.0241 6308 srv2 - ok

23:53:54.0263 6308 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:53:54.0275 6308 srvnet - ok

23:53:54.0313 6308 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

23:53:54.0352 6308 SSDPSRV - ok

23:53:54.0363 6308 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

23:53:54.0403 6308 SstpSvc - ok

23:53:54.0451 6308 Steam Client Service - ok

23:53:54.0516 6308 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

23:53:54.0529 6308 Stereo Service - ok

23:53:54.0552 6308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

23:53:54.0562 6308 stexstor - ok

23:53:54.0624 6308 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

23:53:54.0649 6308 StillCam - ok

23:53:54.0687 6308 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

23:53:54.0727 6308 stisvc - ok

23:53:54.0764 6308 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

23:53:54.0772 6308 stllssvr - ok

23:53:54.0783 6308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

23:53:54.0793 6308 swenum - ok

23:53:54.0811 6308 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

23:53:54.0863 6308 swprv - ok

23:53:54.0923 6308 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

23:53:54.0978 6308 SysMain - ok

23:53:55.0032 6308 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

23:53:55.0067 6308 TabletInputService - ok

23:53:55.0297 6308 TabletServicePen (c4c20cfa4f42e9b7454e895c5c47bcd3) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

23:53:55.0431 6308 TabletServicePen - ok

23:53:55.0478 6308 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

23:53:55.0535 6308 TapiSrv - ok

23:53:55.0550 6308 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

23:53:55.0587 6308 TBS - ok

23:53:55.0673 6308 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

23:53:55.0718 6308 Tcpip - ok

23:53:55.0815 6308 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

23:53:55.0841 6308 TCPIP6 - ok

23:53:55.0892 6308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:53:55.0955 6308 tcpipreg - ok

23:53:55.0967 6308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:53:55.0998 6308 TDPIPE - ok

23:53:56.0037 6308 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

23:53:56.0083 6308 TDTCP - ok

23:53:56.0100 6308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:53:56.0152 6308 tdx - ok

23:53:56.0195 6308 TEAM (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys

23:53:56.0230 6308 TEAM - ok

23:53:56.0252 6308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

23:53:56.0283 6308 TermDD - ok

23:53:56.0306 6308 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

23:53:56.0371 6308 TermService - ok

23:53:56.0388 6308 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

23:53:56.0410 6308 Themes - ok

23:53:56.0430 6308 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:53:56.0466 6308 THREADORDER - ok

23:53:56.0568 6308 TouchServicePen (7625dcf246e488e523dc1f64c38abda2) C:\Program Files\Tablet\Pen\Pen_TouchService.exe

23:53:56.0580 6308 TouchServicePen - ok

23:53:56.0596 6308 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

23:53:56.0646 6308 TrkWks - ok

23:53:56.0685 6308 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

23:53:56.0722 6308 TrustedInstaller - ok

23:53:56.0760 6308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:53:56.0825 6308 tssecsrv - ok

23:53:56.0847 6308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:53:56.0899 6308 TsUsbFlt - ok

23:53:56.0903 6308 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

23:53:56.0942 6308 TsUsbGD - ok

23:53:56.0968 6308 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:53:57.0001 6308 tunnel - ok

23:53:57.0006 6308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

23:53:57.0017 6308 uagp35 - ok

23:53:57.0058 6308 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:53:57.0114 6308 udfs - ok

23:53:57.0132 6308 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

23:53:57.0146 6308 UI0Detect - ok

23:53:57.0160 6308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:53:57.0170 6308 uliagpkx - ok

23:53:57.0188 6308 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

23:53:57.0235 6308 umbus - ok

23:53:57.0238 6308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

23:53:57.0251 6308 UmPass - ok

23:53:57.0284 6308 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

23:53:57.0332 6308 upnphost - ok

23:53:57.0382 6308 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

23:53:57.0443 6308 USBAAPL64 - ok

23:53:57.0450 6308 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

23:53:57.0511 6308 usbccgp - ok

23:53:57.0520 6308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:53:57.0536 6308 usbcir - ok

23:53:57.0548 6308 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

23:53:57.0599 6308 usbehci - ok

23:53:57.0633 6308 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

23:53:57.0675 6308 usbhub - ok

23:53:57.0691 6308 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

23:53:57.0744 6308 usbohci - ok

23:53:57.0754 6308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

23:53:57.0774 6308 usbprint - ok

23:53:57.0811 6308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

23:53:57.0826 6308 usbscan - ok

23:53:57.0835 6308 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:53:57.0901 6308 USBSTOR - ok

23:53:57.0921 6308 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

23:53:57.0971 6308 usbuhci - ok

23:53:57.0998 6308 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

23:53:58.0042 6308 UxSms - ok

23:53:58.0083 6308 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:53:58.0095 6308 VaultSvc - ok

23:53:58.0102 6308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:53:58.0110 6308 vdrvroot - ok

23:53:58.0131 6308 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

23:53:58.0200 6308 vds - ok

23:53:58.0212 6308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:53:58.0226 6308 vga - ok

23:53:58.0241 6308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:53:58.0288 6308 VgaSave - ok

23:53:58.0302 6308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:53:58.0341 6308 vhdmp - ok

23:53:58.0344 6308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:53:58.0354 6308 viaide - ok

23:53:58.0374 6308 VLAN (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVLAN60.sys

23:53:58.0408 6308 VLAN - ok

23:53:58.0432 6308 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:53:58.0441 6308 volmgr - ok

23:53:58.0460 6308 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:53:58.0473 6308 volmgrx - ok

23:53:58.0492 6308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:53:58.0504 6308 volsnap - ok

23:53:58.0533 6308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

23:53:58.0546 6308 vsmraid - ok

23:53:58.0594 6308 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

23:53:58.0661 6308 VSS - ok

23:53:58.0738 6308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

23:53:58.0761 6308 vwifibus - ok

23:53:58.0790 6308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

23:53:58.0805 6308 vwififlt - ok

23:53:58.0827 6308 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

23:53:58.0867 6308 W32Time - ok

23:53:58.0928 6308 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

23:53:58.0963 6308 wacommousefilter - ok

23:53:58.0967 6308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

23:53:58.0987 6308 WacomPen - ok

23:53:58.0999 6308 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys

23:53:59.0032 6308 wacomvhid - ok

23:53:59.0057 6308 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:53:59.0121 6308 WANARP - ok

23:53:59.0123 6308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:53:59.0175 6308 Wanarpv6 - ok

23:53:59.0245 6308 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

23:53:59.0306 6308 WatAdminSvc - ok

23:53:59.0356 6308 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

23:53:59.0451 6308 wbengine - ok

23:53:59.0507 6308 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

23:53:59.0524 6308 WbioSrvc - ok

23:53:59.0544 6308 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

23:53:59.0592 6308 wcncsvc - ok

23:53:59.0604 6308 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

23:53:59.0620 6308 WcsPlugInService - ok

23:53:59.0642 6308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

23:53:59.0652 6308 Wd - ok

23:53:59.0682 6308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:53:59.0698 6308 Wdf01000 - ok

23:53:59.0706 6308 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:53:59.0744 6308 WdiServiceHost - ok

23:53:59.0746 6308 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:53:59.0763 6308 WdiSystemHost - ok

23:53:59.0781 6308 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

23:53:59.0823 6308 WebClient - ok

23:53:59.0839 6308 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

23:53:59.0894 6308 Wecsvc - ok

23:53:59.0906 6308 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

23:53:59.0943 6308 wercplsupport - ok

23:53:59.0970 6308 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

23:54:00.0007 6308 WerSvc - ok

23:54:00.0054 6308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:54:00.0090 6308 WfpLwf - ok

23:54:00.0134 6308 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

23:54:00.0172 6308 WimFltr - ok

23:54:00.0175 6308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:54:00.0184 6308 WIMMount - ok

23:54:00.0188 6308 WinHttpAutoProxySvc - ok

23:54:00.0265 6308 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

23:54:00.0304 6308 Winmgmt - ok

23:54:00.0361 6308 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

23:54:00.0433 6308 WinRM - ok

23:54:00.0546 6308 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

23:54:00.0586 6308 WinUsb - ok

23:54:00.0624 6308 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

23:54:00.0659 6308 Wlansvc - ok

23:54:00.0789 6308 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:54:00.0840 6308 wlidsvc - ok

23:54:00.0901 6308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

23:54:00.0920 6308 WmiAcpi - ok

23:54:00.0946 6308 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

23:54:00.0964 6308 wmiApSrv - ok

23:54:01.0004 6308 WMPNetworkSvc - ok

23:54:01.0024 6308 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

23:54:01.0045 6308 WPCSvc - ok

23:54:01.0056 6308 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

23:54:01.0070 6308 WPDBusEnum - ok

23:54:01.0076 6308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:54:01.0113 6308 ws2ifsl - ok

23:54:01.0115 6308 WSearch - ok

23:54:01.0182 6308 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

23:54:01.0260 6308 wuauserv - ok

23:54:01.0318 6308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:54:01.0378 6308 WudfPf - ok

23:54:01.0391 6308 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:54:01.0456 6308 WUDFRd - ok

23:54:01.0463 6308 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

23:54:01.0510 6308 wudfsvc - ok

23:54:01.0531 6308 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

23:54:01.0562 6308 WwanSvc - ok

23:54:01.0617 6308 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

23:54:01.0665 6308 xusb21 - ok

23:54:01.0694 6308 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:54:01.0908 6308 \Device\Harddisk0\DR0 - ok

23:54:01.0909 6308 Boot (0x1200) (c7a6c31fe6b7c8a3f2b59fd4cd32b31a) \Device\Harddisk0\DR0\Partition0

23:54:01.0910 6308 \Device\Harddisk0\DR0\Partition0 - ok

23:54:01.0935 6308 Boot (0x1200) (1687c97efaf6ae06bbe1a59fbcf3334e) \Device\Harddisk0\DR0\Partition1

23:54:01.0936 6308 \Device\Harddisk0\DR0\Partition1 - ok

23:54:01.0936 6308 ============================================================

23:54:01.0936 6308 Scan finished

23:54:01.0936 6308 ============================================================

23:54:01.0941 6856 Detected object count: 0

23:54:01.0941 6856 Actual detected object count: 0

it didnt detect anything, im now running a full scan using malwarebytes, found no problems so far. thanks Mr C

Link to post
Share on other sites

This is the malwarebytes results: Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.18.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jordi :: JORDI-PC [administrator]

Protection: Enabled

19/06/2012 00:06:48

mbam-log-2012-06-19 (00-06-48).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 547943

Time elapsed: 2 hour(s), 3 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\ProgramData\Bcool\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.

(end)

after the scan it told me to restart my pc for it to take full effect, i did so and i can tell that im not really cured, because malwarebytes and mcaffee would not start up, so i re-ran RougeKiller and got this : RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRKgmailcom

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jordi [Admin rights]

Mode: Remove -- Date: 06/19/2012 09:39:04

¤¤¤ Bad processes: 2 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : OpkIhbnd (C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe) -> DELETED

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS +++++

--- User ---

[MBR] b931c9a9377dceb4b4e2b433006db7df

[bSP] f91ad37179ea1cb3eb01eeb9d8297504 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10466 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21516288 | Size: 943362 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : >

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

I can use malwarebytes and mcaffee again at the moment, but im not sure whether i might always have to use Rouge Killer to use them, I have also noticed that my Mcaffee firewall wont turn on, should i be worried about this? Thanks again Mr C, i really hope we can get my pc working properly again.

Link to post
Share on other sites

OK, run RogueKiller agian so it automatically kills these two:

¤¤¤ Bad processes: 2 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

Then............

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

I'm sorry....I gave to the wrong program to run, please do this.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Okay, my Mcafee seems to be working now, and isn't turned off.

Malwarebytes is running smoothly with no problems.

No fake 'cannot find website' when going on anti-malware websites.

Heres the log MrC,

ComboFix 12-06-19.01 - Jordi 19/06/2012 13:45:42.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6126.4424 [GMT 1:00]

Running from: c:\users\Jordi\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jordi\AppData\Local\cglecpep.log

c:\users\Jordi\AppData\Local\eccboois.log

c:\users\Jordi\AppData\Local\inuqtxiq.log

c:\users\Jordi\AppData\Local\pqkywbuv.log

c:\users\Jordi\AppData\Local\qhrneaay.log

c:\users\Jordi\AppData\Local\rdvebbqm.log

c:\users\Jordi\AppData\Local\uafxksmt.log

c:\users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opkihbnd.exe

c:\users\Jordi\AppData\Roaming\wimolp.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 12:52 . 2012-06-19 12:52 -------- d-----w- c:\users\UpdatusUser.Jordi-PC\AppData\Local\temp

2012-06-19 12:52 . 2012-06-19 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-18 19:15 . 2012-06-18 19:15 -------- d-----w- c:\program files (x86)\ESET

2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\users\Jordi\AppData\Roaming\Malwarebytes

2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\programdata\Malwarebytes

2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-16 18:53 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 23:20 . 2012-06-16 18:34 -------- d-----w- c:\users\Jordi\AppData\Roaming\Eryv

2012-06-13 23:20 . 2012-06-16 14:44 -------- d-----w- c:\users\Jordi\AppData\Roaming\Kaykxy

2012-06-13 23:20 . 2012-06-13 23:20 -------- d-----w- c:\users\Jordi\AppData\Roaming\Esuvs

2012-06-13 23:05 . 2012-06-13 23:05 -------- d-----w- c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}

2012-06-13 22:24 . 2012-06-13 22:24 -------- d-----w- c:\users\Jordi\AppData\Local\The Lord of the Rings Online

2012-06-13 22:17 . 2012-06-13 22:19 -------- d-----w- c:\users\Jordi\AppData\Local\Turbine

2012-06-13 22:17 . 2012-06-13 22:34 -------- d-----w- c:\users\Jordi\AppData\Local\ApplicationHistory

2012-06-13 22:15 . 2012-06-13 22:15 -------- d-----w- c:\windows\SysWow64\URTTEMP

2012-06-13 00:12 . 2012-06-19 08:17 -------- d-----w- c:\users\Jordi\AppData\Local\gjsvwbem

2012-06-12 23:03 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-12 23:03 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-12 23:03 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-12 23:00 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-12 22:59 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-12 22:59 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-12 22:59 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-12 22:56 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 22:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-12 22:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-12 22:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-12 22:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 22:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 22:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 22:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-12 22:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-12 22:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-12 22:23 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEDCEAC-A3CF-4C7C-8D2D-1EE2C3BA9822}\mpengine.dll

2012-06-10 15:47 . 2012-06-10 15:47 -------- d-----w- c:\windows\Sun

2012-06-09 01:32 . 2012-06-09 01:32 -------- d-----w- c:\programdata\Premium

2012-06-09 01:32 . 2012-06-10 20:59 -------- d-----w- c:\programdata\GboxUpdater

2012-06-09 01:31 . 2012-06-10 20:59 -------- d-----w- c:\programdata\OptimizerPro

2012-06-09 01:31 . 2012-06-09 01:44 -------- d-----w- c:\program files (x86)\Optimizer Pro

2012-06-09 01:31 . 2012-06-09 01:32 -------- d-----w- c:\programdata\InstallMate

2012-06-09 01:01 . 2012-06-09 01:01 -------- d-----w- c:\program files (x86)\thechineseroom

2012-06-06 17:17 . 2012-06-06 17:18 -------- d---a-w- C:\GMD-TMP

2012-06-06 17:10 . 2012-06-06 17:28 -------- d-----w- c:\program files\Valve

2012-05-29 21:30 . 2012-06-19 08:17 -------- d-----r- c:\users\Jordi\Dropbox

2012-05-29 16:30 . 2012-05-30 22:46 -------- d-----w- c:\users\Jordi\AppData\Roaming\Apple Computer

2012-05-29 16:30 . 2012-05-29 16:30 -------- d-----w- c:\users\Jordi\AppData\Local\Apple Computer

2012-05-29 16:30 . 2012-05-29 16:30 -------- dc----w- c:\windows\system32\DRVSTORE

2012-05-29 16:30 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-05-29 16:30 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-05-29 16:30 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-05-29 16:29 . 2012-05-29 16:30 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-05-29 16:29 . 2012-05-29 16:30 -------- d-----w- c:\program files\iTunes

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\iTunes

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\programdata\Apple Computer

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files\iPod

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\users\Jordi\AppData\Local\Apple

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files\Common Files\Apple

2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files\Bonjour

2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files (x86)\Bonjour

2012-05-29 16:28 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-05-29 16:28 . 2012-05-29 16:29 -------- d-----w- c:\programdata\Apple

2012-05-23 15:05 . 2012-05-23 15:05 -------- d-----w- c:\users\Jordi\AppData\Local\SniperV2

2012-05-23 13:50 . 2012-05-23 13:50 -------- d-----w- c:\program files (x86)\Rebellion

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-25 00:16 . 2012-01-07 04:10 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-05-25 00:16 . 2012-01-07 04:09 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-05-25 00:16 . 2012-01-08 00:58 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-05-06 21:29 . 2012-01-07 04:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-05-06 21:28 . 2012-01-07 04:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-05-05 15:35 . 2012-05-03 21:08 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 15:35 . 2012-01-02 20:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 15:35 . 2012-05-03 21:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-03 18:40 . 2012-05-03 18:40 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-04-10 21:36 . 2012-04-10 21:36 685338 ----a-w- c:\program files (x86)\unins000.exe

2012-03-30 11:35 . 2012-05-11 23:48 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2011-12-12 19875120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jordi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-05-02 15296]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 15:35]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 18:42]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 18:42]

.

2012-06-19 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-05-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\AlienAutopsy\uaclauncher.exe [2011-03-22 17:20]

.

2012-06-18 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\AlienAutopsy\pcdrcui.exe [2011-03-22 17:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Jordi\AppData\Roaming\Mozilla\Firefox\Profiles\dcv15hde.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe

AddRemove-Native Instruments Massive v1.0.1.008 VSTi DXi RTAS - c:\progra~2\NATIVE~1\Massive\UNWISE.EXE

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-Saint Row_is1 - c:\program files (x86)\Saint Row\unins000.exe

AddRemove-{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1 - c:\program files (x86)\reFX\Nexus\Uninstall\unins000.exe

AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-627470774-947398072-1727455304-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:db,79,f6,18,7d,59,a9,ea,c7,ad,9f,2c,6d,2b,d8,ac,a6,3d,81,27,32,90,94,

b1,8c,d6,bb,ed,a8,21,fd,98,fc,10,33,fd,c6,de,8f,ba,d1,95,25,f5,12,a0,03,d9,\

"??"=hex:ea,1a,32,20,24,5b,df,0a,d5,3e,96,03,d3,cf,87,89

.

[HKEY_USERS\S-1-5-21-627470774-947398072-1727455304-1000\Software\SecuROM\License information*]

"datasecu"=hex:07,fa,08,59,60,b2,fd,e7,05,98,cb,c1,20,0c,46,cb,42,c8,12,ad,84,

1a,97,4f,98,30,cc,ed,8a,76,45,7e,e8,e7,d6,62,19,22,c1,6e,dc,c5,f4,2b,c0,1c,\

"rkeysecu"=hex:72,91,60,a0,4c,b1,32,d2,00,fa,6a,2c,22,3e,e5,2c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\AlienRespawn\TOASTER.EXE

c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Common Files\Java\Java Update\jusched.exe

.

**************************************************************************

.

Completion time: 2012-06-19 13:59:16 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 12:59

.

Pre-Run: 587,119,546,368 bytes free

Post-Run: 587,886,063,616 bytes free

.

- - End Of File - - C93A96309B06A3C688E02DE2EA65E8F4

Link to post
Share on other sites

Please do this......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Folder::

c:\users\Jordi\AppData\Roaming\Kaykxy

c:\users\Jordi\AppData\Roaming\Esuvs

c:\users\Jordi\AppData\Roaming\Eryv

c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}

c:\users\Jordi\AppData\Local\gjsvwbem

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

ComboFix 12-06-19.01 - Jordi 19/06/2012 15:54:48.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6126.4539 [GMT 1:00]

Running from: c:\users\Jordi\Desktop\ComboFix.exe

Command switches used :: c:\users\Jordi\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}

c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}\chrome.manifest

c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}\install.rdf

c:\users\Jordi\AppData\Local\gjsvwbem

c:\users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe

c:\users\Jordi\AppData\Roaming\Eryv

c:\users\Jordi\AppData\Roaming\Esuvs

c:\users\Jordi\AppData\Roaming\Esuvs\culuc.inq

c:\users\Jordi\AppData\Roaming\Kaykxy

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\users\UpdatusUser.Jordi-PC\AppData\Local\temp

2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\users\Tay\AppData\Local\temp

2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-18 19:15 . 2012-06-18 19:15 -------- d-----w- c:\program files (x86)\ESET

2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\users\Jordi\AppData\Roaming\Malwarebytes

2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\programdata\Malwarebytes

2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-16 18:53 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 22:24 . 2012-06-13 22:24 -------- d-----w- c:\users\Jordi\AppData\Local\The Lord of the Rings Online

2012-06-13 22:17 . 2012-06-13 22:19 -------- d-----w- c:\users\Jordi\AppData\Local\Turbine

2012-06-13 22:17 . 2012-06-13 22:34 -------- d-----w- c:\users\Jordi\AppData\Local\ApplicationHistory

2012-06-13 22:15 . 2012-06-13 22:15 -------- d-----w- c:\windows\SysWow64\URTTEMP

2012-06-12 23:03 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-12 23:03 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-12 23:03 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-12 23:00 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-12 22:59 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-12 22:59 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-12 22:59 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-12 22:56 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 22:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-12 22:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-12 22:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-12 22:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 22:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 22:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 22:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-12 22:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-12 22:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-12 22:23 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEDCEAC-A3CF-4C7C-8D2D-1EE2C3BA9822}\mpengine.dll

2012-06-10 15:47 . 2012-06-10 15:47 -------- d-----w- c:\windows\Sun

2012-06-09 01:32 . 2012-06-09 01:32 -------- d-----w- c:\programdata\Premium

2012-06-09 01:32 . 2012-06-10 20:59 -------- d-----w- c:\programdata\GboxUpdater

2012-06-09 01:31 . 2012-06-10 20:59 -------- d-----w- c:\programdata\OptimizerPro

2012-06-09 01:31 . 2012-06-09 01:44 -------- d-----w- c:\program files (x86)\Optimizer Pro

2012-06-09 01:31 . 2012-06-09 01:32 -------- d-----w- c:\programdata\InstallMate

2012-06-09 01:01 . 2012-06-09 01:01 -------- d-----w- c:\program files (x86)\thechineseroom

2012-06-06 17:17 . 2012-06-06 17:18 -------- d---a-w- C:\GMD-TMP

2012-06-06 17:10 . 2012-06-06 17:28 -------- d-----w- c:\program files\Valve

2012-05-29 21:30 . 2012-06-19 13:43 -------- d-----r- c:\users\Jordi\Dropbox

2012-05-29 16:30 . 2012-05-30 22:46 -------- d-----w- c:\users\Jordi\AppData\Roaming\Apple Computer

2012-05-29 16:30 . 2012-05-29 16:30 -------- d-----w- c:\users\Jordi\AppData\Local\Apple Computer

2012-05-29 16:30 . 2012-05-29 16:30 -------- dc----w- c:\windows\system32\DRVSTORE

2012-05-29 16:30 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-05-29 16:30 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-05-29 16:30 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-05-29 16:29 . 2012-05-29 16:30 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-05-29 16:29 . 2012-05-29 16:30 -------- d-----w- c:\program files\iTunes

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\iTunes

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\programdata\Apple Computer

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files\iPod

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\users\Jordi\AppData\Local\Apple

2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files\Common Files\Apple

2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files\Bonjour

2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files (x86)\Bonjour

2012-05-29 16:28 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-05-29 16:28 . 2012-05-29 16:29 -------- d-----w- c:\programdata\Apple

2012-05-23 15:05 . 2012-05-23 15:05 -------- d-----w- c:\users\Jordi\AppData\Local\SniperV2

2012-05-23 13:50 . 2012-05-23 13:50 -------- d-----w- c:\program files (x86)\Rebellion

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-25 00:16 . 2012-01-07 04:10 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-05-25 00:16 . 2012-01-07 04:09 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-05-25 00:16 . 2012-01-08 00:58 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-05-06 21:29 . 2012-01-07 04:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-05-06 21:28 . 2012-01-07 04:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-05-05 15:35 . 2012-05-03 21:08 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 15:35 . 2012-01-02 20:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 15:35 . 2012-05-03 21:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-03 18:40 . 2012-05-03 18:40 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-04-10 21:36 . 2012-04-10 21:36 685338 ----a-w- c:\program files (x86)\unins000.exe

2012-03-30 11:35 . 2012-05-11 23:48 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-19_12.54.44 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-06-19 08:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-19 15:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-06-19 08:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-19 15:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-19 08:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-19 15:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-06-19 13:22 53412 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-19 13:22 36274 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-06 21:53 . 2012-06-19 13:22 12086 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-627470774-947398072-1727455304-1000_UserData.bin

- 2012-01-06 21:56 . 2012-06-19 10:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-06 21:56 . 2012-06-19 15:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-06 21:56 . 2012-06-19 15:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-01-06 21:56 . 2012-06-19 10:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-19 15:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-19 10:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-06-19 15:01 . 2012-06-19 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-19 12:53 . 2012-06-19 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-19 15:01 . 2012-06-19 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-19 12:53 . 2012-06-19 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-06-19 08:20 673234 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-19 15:06 673234 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-19 15:06 129228 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-06-19 08:20 129228 c:\windows\system32\perfc009.dat

- 2012-01-10 03:17 . 2012-06-19 06:50 370288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-01-10 03:17 . 2012-06-19 15:01 370288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-06-19 12:53 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-19 15:01 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-01-07 05:45 . 2012-06-19 15:01 10135520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-627470774-947398072-1727455304-1000-8192.dat

- 2012-01-07 05:45 . 2012-06-19 12:53 10135520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-627470774-947398072-1727455304-1000-8192.dat

+ 2012-01-07 05:45 . 2012-06-19 15:01 37040377 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-627470774-947398072-1727455304-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2011-12-12 19875120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jordi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-05-02 15296]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 15:35]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 18:42]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 18:42]

.

2012-06-19 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-05-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\AlienAutopsy\uaclauncher.exe [2011-03-22 17:20]

.

2012-06-19 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\AlienAutopsy\pcdrcui.exe [2011-03-22 17:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\users\Jordi\AppData\Roaming\Mozilla\Firefox\Profiles\dcv15hde.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-627470774-947398072-1727455304-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:db,79,f6,18,7d,59,a9,ea,c7,ad,9f,2c,6d,2b,d8,ac,a6,3d,81,27,32,90,94,

b1,8c,d6,bb,ed,a8,21,fd,98,fc,10,33,fd,c6,de,8f,ba,d1,95,25,f5,12,a0,03,d9,\

"??"=hex:ea,1a,32,20,24,5b,df,0a,d5,3e,96,03,d3,cf,87,89

.

[HKEY_USERS\S-1-5-21-627470774-947398072-1727455304-1000\Software\SecuROM\License information*]

"datasecu"=hex:07,fa,08,59,60,b2,fd,e7,05,98,cb,c1,20,0c,46,cb,42,c8,12,ad,84,

1a,97,4f,98,30,cc,ed,8a,76,45,7e,e8,e7,d6,62,19,22,c1,6e,dc,c5,f4,2b,c0,1c,\

"rkeysecu"=hex:72,91,60,a0,4c,b1,32,d2,00,fa,6a,2c,22,3e,e5,2c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\AlienRespawn\TOASTER.EXE

c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files\Alienware\Command Center\AlienFusionController.exe

c:\program files (x86)\Common Files\Java\Java Update\jusched.exe

.

**************************************************************************

.

Completion time: 2012-06-19 16:20:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 15:20

ComboFix2.txt 2012-06-19 12:59

.

Pre-Run: 588,624,179,200 bytes free

Post-Run: 588,539,342,848 bytes free

.

- - End Of File - - 01CA7BEE89A583B1898057A868CB729A

Followed the instructions and this is the log.

Link to post
Share on other sites

Pc seems to be running well, have had no problems so far today :)

this is the log from the quick scan :

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.19.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jordi :: JORDI-PC [administrator]

Protection: Enabled

19/06/2012 22:58:46

mbam-log-2012-06-19 (22-58-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 263419

Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great...You lucked out on this one :)

A little cleanup to do.....

Important!

Please delete your version of ComboFix and download a fresh one.

Now......Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.