Jump to content

Redirect virus D: malwarebytes detects but wont remove.


Recommended Posts

Redirect virus really slowing down my computer :(, Got it possibly from what seemed like a java update but can't be sure, please help! Malwarebytes will detect it but not remove it, posted the log after the DDS/Attach logs.

========================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2

Run by Ghostshell at 21:30:48 on 2012-11-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.3435 [GMT -8:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

C:\Program Files (x86)\Stardock\MyColors\WBVista.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\OSD\OSD_Service.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WLANExt.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\World of Warcraft\Wow-64.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.101\deploy\LoLLauncher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.223\deploy\LolClient.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\wbengine.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Ghostshell\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>

BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

uRun: [LolMatches Client] C:\Program Files (x86)\LolMatches\LolMatches Client.exe

uRun: [Google Update] "C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [FAStartup] <no file>

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\0527564747970264C6970266F62702160275966696 : NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\0527564747970264C6970266F62702160275966696 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\1435F524F6162746F525F6F6D6 : NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\1435F524F6162746F525F6F6D6 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\16474777966696 : NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\16474777966696 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554430343 : NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554430343 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\46C696E6B602231333 : DHCPNameServer = 128.54.16.2 132.239.0.252

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\E45445745414258373 : NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\E45445745414258373 : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll

LSA: Notification Packages = scecli FAPassSync

x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: WB - C:\Program Files (x86)\Stardock\MyColors\fast64.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Ghostshell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Ghostshell\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - ExtSQL: 2012-09-27 00:34; crossriderapp4493@crossrider.com; C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\extensions\crossriderapp4493@crossrider.com

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8fAMlSQM&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 32b459e3000000000000c446192559ba

FF - user.js: extensions.incredibar_i.hardId - 32b459e3000000000000c446192559ba

FF - user.js: extensions.incredibar_i.instlDay - 15341

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2721:50:50

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8fAMlSQM

FF - user.js: extensions.incredibar_i.upn2n - 92823603489226040

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10589

FF - user.js: extensions.incredibar_i.ppd -

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

============= SERVICES / DRIVERS ===============

.

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2011-6-29 89600]

R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]

R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-6-29 20984]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-1-15 273072]

S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-12 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-1 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== Created Last 30 ================

.

2012-11-19 01:35:39 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-11-10 17:11:21 -------- d-----w- C:\Users\Ghostshell\AppData\Roaming\Moxzbot

.

==================== Find3M ====================

.

2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-03 03:29:45 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-03 03:29:45 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-27 01:44:58 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-27 01:44:58 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

============= FINISH: 21:34:00.71 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/29/2011 11:48:02 AM

System Uptime: 11/21/2012 5:56:37 PM (4 hours ago)

.

Motherboard: Alienware | |

Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz | CPU 1 | 1597/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 61.538 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\SMO8800\1

Manufacturer:

Name:

PNP Device ID: ACPI\SMO8800\1

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

==== System Restore Points ===================

.

RP144: 11/12/2012 10:44:24 AM - Scheduled Checkpoint

RP145: 11/19/2012 4:46:32 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Verifier (x64)

AutoHotkey 1.0.48.05

BitTorrent

Bonjour

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Command Center

Coupon Companion

Crystal Reports for Visual Studio

CyberLink YouCam

Debugging Tools for Windows (x64)

Diablo III

Do It Again

Dota 2

Dotfuscator Software Services - Community Edition

Drivers For Free

Dropbox

DW WLAN Card Utility

EVGA Precision 2.1.2

Facebook Video Calling 1.2.0.287

Google Chrome

Heroes of Newerth

IDT Audio

Intel® Network Connections 14.2.100.0

Intel® Turbo Boost Technology Monitor 2.0

iTunes

Java 7 Update 7

Java Auto Updater

Java™ 6 Update 31

JavaFX 2.1.1

JungleTimer

League of Legends

LogMeIn Hamachi

LolMatches Client

LOLReplay

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Help Viewer 1.0

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft SQL Server 2008 (64-bit)

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Management Objects (x64)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server System CLR Types (x64)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime v1.0 SP1 (x64)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x64)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

Microsoft Visual Studio 2010 Office Developer Tools (x64)

Microsoft Visual Studio 2010 Performance Collection Tools - ENU

Microsoft Visual Studio 2010 Professional - ENU

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio 2010 Ultimate - ENU

Microsoft Visual Studio Macro Tools

Microsoft Windows Debugging Symbols

Microsoft Windows Performance Toolkit

Microsoft Windows SDK for Windows 7 (7.1)

Microsoft Windows SDK for Windows 7 Common Utilities (30514)

Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)

Microsoft Windows SDK for Windows 7 Samples (30514)

Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT Redists

Mumble 1.2.3

MurGee Auto Mouse Click 1.0

Notepad++

NVIDIA 3D Vision Driver 301.42

NVIDIA Control Panel 301.42

NVIDIA Display Control Panel

NVIDIA Graphics Driver 301.42

NVIDIA HD Audio Driver 1.3.16.0

NVIDIA Install Application

NVIDIA nTune

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.8.15

NVIDIA Update Components

OSD Setup

Pando Media Booster

Prism Video File Converter

QuickTime

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)

Skype™ 5.10

Sql Server Customer Experience Improvement Program

StarCraft II

Stardock MyColors

Steam

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Team Fortress 2

TeamSpeak 3 Client

Terraria

Unigine Heaven DX11 Benchmark 2.5 version 2.5

Vegas Pro 10.0

Ventrilo Client for Windows x64

VideoFileDownload

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 Prerequisites - English

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 1.1.11

Web Deployment Tool

Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (05/01/2009 5.1.0000.1)

Windows Movie Maker 6.1

WinRAR 4.01 (32-bit)

World of Warcraft

XSplit

.

==== Event Viewer Messages From Past Week ========

.

11/21/2012 7:28:15 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

11/21/2012 7:28:15 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

11/21/2012 3:46:31 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

11/21/2012 3:46:31 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

11/21/2012 3:44:19 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

11/21/2012 3:44:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.

11/21/2012 3:44:18 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

11/21/2012 3:44:18 PM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/21/2012 3:43:51 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

11/20/2012 5:38:20 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

11/18/2012 5:35:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

11/18/2012 5:35:43 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/18/2012 5:35:42 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

malwarebytes log

=======================================

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.20.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ghostshell :: GHOSTSHELL-PC [administrator]

11/21/2012 9:25:59 PM

mbam-log-2012-11-21 (21-25-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 267330

Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.

Registry Values Detected: 1

HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

thank you very much for the assistance!

Results of screen317's Security Check version 0.99.54

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````AntivirusFirewall Check``````````````

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malwareOther Utilities Check`````````

Malwarebytes Anti-Malware version 1.65.1.1000

JavaFX 2.1.1

Java 6 Update 31

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.3.300.257 Flash Player out of Date!

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Mozilla Firefox 14.0.1 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome plugins...

````````Process Check objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C 3%

````````````````````End of Log``````````````````````

==============================================

# AdwCleaner v2.008 - Logfile created 11/21/2012 at 22:49:22

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ghostshell - GHOSTSHELL-PC

# Boot Mode : Normal

# Running from : C:\Users\Ghostshell\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\user.js

File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp

Folder Deleted : C:\Program Files (x86)\OApps

Folder Deleted : C:\Program Files (x86)\Smartdl

Folder Deleted : C:\Users\Ghostshell\AppData\Local\APN

Folder Deleted : C:\Users\Ghostshell\AppData\Local\Conduit

Folder Deleted : C:\Users\Ghostshell\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\ConduitCommon

Folder Deleted : C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\CT2790392

Folder Deleted : C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.FBApi

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.FBApi.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default

File : C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\prefs.js

C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\user.js ... Deleted !

Deleted : user_pref("CT2790392..clientLogIsEnabled", true);

Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2790392.CTID", "CT2790392");

Deleted : user_pref("CT2790392.CurrentServerDate", "17-8-2011");

Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific Daylig[...]

Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");

Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Tue Aug 16 2011 20:14:05 GMT-0700 (Pacific Daylight Ti[...]

Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 189);

Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Tue Aug 16 2011 19:14:07 GMT-0700 (Pacific Da[...]

Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);

Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);

Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);

Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);

Deleted : user_pref("CT2790392.FirstServerDate", "17-8-2011");

Deleted : user_pref("CT2790392.FirstTime", true);

Deleted : user_pref("CT2790392.FirstTimeFF3", true);

Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false);

Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);

Deleted : user_pref("CT2790392.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2790392.Initialize", true);

Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);

Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 1);

Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration");

Deleted : user_pref("CT2790392.InstalledDate", "Tue Aug 16 2011 17:09:53 GMT-0700 (Pacific Daylight Time)");

Deleted : user_pref("CT2790392.IsAlertDBUpdated", true);

Deleted : user_pref("CT2790392.IsGrouping", false);

Deleted : user_pref("CT2790392.IsInitSetupIni", true);

Deleted : user_pref("CT2790392.IsMulticommunity", false);

Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);

Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);

Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific Dayligh[...]

Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2790392.LastLogin_3.5.0.12", "Tue Aug 16 2011 17:09:53 GMT-0700 (Pacific Daylight Time)[...]

Deleted : user_pref("CT2790392.LatestVersion", "3.6.0.10");

Deleted : user_pref("CT2790392.Locale", "en");

Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.5.0.12");

Deleted : user_pref("CT2790392.SearchEngineBeforeUnload", "Google");

Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]

Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific Dayli[...]

Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Deleted : user_pref("CT2790392.SearchInNewTabUserEnabled", false);

Deleted : user_pref("CT2790392.SearchProtectorEnabled", false);

Deleted : user_pref("CT2790392.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Tue Aug 16 2011 17:09:51 GMT-0700 (Pacific Daylight [...]

Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Tue Aug 16 2011 17:09:51 GMT-0700 (Pacific Daylight Ti[...]

Deleted : user_pref("CT2790392.SettingsLastUpdate", "1312887586");

Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Tue Aug 16 2011 17:09:51 GMT-0700 (Pacific Day[...]

Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246786978");

Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");

Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2790392.UserID", "UN40666071406563929");

Deleted : user_pref("CT2790392.WeatherNetwork", "");

Deleted : user_pref("CT2790392.WeatherPollDate", "Tue Aug 16 2011 20:10:07 GMT-0700 (Pacific Daylight Time)");

Deleted : user_pref("CT2790392.WeatherUnit", "C");

Deleted : user_pref("CT2790392.alertChannelId", "1182482");

Deleted : user_pref("CT2790392.backendstorage.pairingkey", "32383244313839453434363337443141364634324232303138[...]

Deleted : user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Deleted : user_pref("CT2790392.backendstorage.url_history", "687474703A2F2F646576696C73776F726B73686F702E6F726[...]

Deleted : user_pref("CT2790392.backendstorage.url_history_time", "31333133353530383337383330");

Deleted : user_pref("CT2790392.backendstorage.uttorrents", "7B226275696C64223A32353433322C226C6162656C223A5B5D[...]

Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific [...]

Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2790392.initDone", true);

Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);

Deleted : user_pref("CT2790392.myStuffEnabled", true);

Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2790392.testingCtid", "");

Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Tue Aug 16 2011 17:09:53 GMT-0700 (Pacific D[...]

Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Tue Aug 16 2011 17:09:54 GMT-0700 (Pacific D[...]

Deleted : user_pref("CT2790392.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ghostshell\\AppData\\Roaming\\Mozil[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2790392");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 16 2011 17:09:55 GMT-0700 (Pac[...]

Deleted : user_pref("CommunityToolbar.globalUserId", "22466031-31f4-4769-8d59-4ae74b96c4f7");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 16 2011 17:09:5[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 16 2011 18:10:04 GMT-070[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 16 2011 17:09:53 GMT-0700 (P[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "85950f62-69ef-476f-bccf-027ec23cada1");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1348731290);

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);

Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.affid", "0");

Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);

Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1348731290");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1348731290");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Wed Nov 21 2012 16:[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Tue Nov 27 2012 [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1353543287");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2240944%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1349316387005");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221238%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2286999%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1349316380725");

Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");

Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.emailsig", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.exposesites", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);

Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "41");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Wed Nov 21[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");

Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 7);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16,47,1000015");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 17);

Deleted : user_pref("extensions.crossriderapp4493.4493.premium", true);

Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");

Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 41);

Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");

Deleted : user_pref("extensions.crossriderapp4493.bic", "13a2985fedfa700a1597963c1b7cab38");

Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);

Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);

Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1349316378);

Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22559054);

Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22559056);

Deleted : user_pref("extensions.crossriderapp4493.misc.lastBgWorkerTimer", "1353543326697");

Deleted : user_pref("extensions.crossriderapp4493.misc.lastDomWorkerTimer", "1353543326697");

Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");

Deleted : user_pref("extensions.enabledAddons", "crossriderapp4493@crossrider.com:0.81.12,{972ce4c6-7e08-4474-[...]

Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar_i.dfltLng", "");

Deleted : user_pref("extensions.incredibar_i.did", "10589");

Deleted : user_pref("extensions.incredibar_i.excTlbr", "false");

Deleted : user_pref("extensions.incredibar_i.hardId", "32b459e3000000000000c446192559ba");

Deleted : user_pref("extensions.incredibar_i.id", "32b459e3000000000000c446192559ba");

Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");

Deleted : user_pref("extensions.incredibar_i.instlDay", "15341");

Deleted : user_pref("extensions.incredibar_i.instlRef", "");

Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");

Deleted : user_pref("extensions.incredibar_i.newTab", false);

Deleted : user_pref("extensions.incredibar_i.ppd", "");

Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar_i.productid", "26");

Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");

Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");

Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8fAMlSQM&loc=IB[...]

Deleted : user_pref("extensions.incredibar_i.upn2", "6R8fAMlSQM");

Deleted : user_pref("extensions.incredibar_i.upn2n", "92823603489226040");

Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");

Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2721:50:50");

Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Ghostshell\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : homepage = "hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55E54A}&mid=500452e994[...]

Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90[...]

Deleted [l.1653] : homepage = "hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55E54A}&mid=500452e994ba4[...]

Deleted [l.2084] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55[...]

*************************

AdwCleaner[s1].txt - [31392 octets] - [21/11/2012 22:49:22]

########## EOF - C:\AdwCleaner[s1].txt - [31453 octets] ##########

=================================================

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Ghostshell [Admin rights]

Mode : Remove -- Date : 11/21/2012 22:53:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> DELETED

[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job : C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> DELETED

[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job : C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe /c -> DELETED

[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job : C:\Users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> DELETED

[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job : C:\Users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> DELETED

[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core : C:\Users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver -> DELETED

[TASK][sUSP PATH] FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA : C:\Users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler -> ERROR

[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core : C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe /c -> ERROR

[TASK][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA : C:\Users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> ERROR

[TASK][sUSP PATH] {A187D0D7-1E2E-4BCD-AC26-21F050719B33} : "c:\users\ghostshell\appdata\local\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2 -> DELETED

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : NameServer (208.62.222.222,208.67.220.220) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : NameServer (208.62.222.222,208.67.220.220) -> NOT REMOVED, USE DNSFIX

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\@ --> REMOVED AT REBOOT

[ZeroAccess][FILE] @ : C:\Windows\syswow64\config\systemprofile\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\@ --> REMOVED

[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000004.@ --> REMOVED

[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000000.@ --> REMOVED

[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000064.@ --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Windows\syswow64\config\systemprofile\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U --> REMOVED

[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\00000004.@ --> REMOVED

[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\201d3dde --> REMOVED

[Del.Parent][FILE] 55490ac4 : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\55490ac4 --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Windows\syswow64\config\systemprofile\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\L --> REMOVED

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT

[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250410AS ATA Device +++++

--- User ---

[MBR] 478efe6c5c618819af8753cb9435931d

[bSP] 7c235b53190a6021ae3d31243aeafecb : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_11212012_02d2253.txt >>

RKreport[1]_S_11212012_02d2253.txt ; RKreport[2]_D_11212012_02d2253.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

No problems running combo fix, opening new windows/tabs seem to work fine now with no redirects or serious slow downs. Thank you for helping me, please let me know what to do next :)

ComboFix 12-11-21.01 - Ghostshell 11/21/2012 23:13:49.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.6667 [GMT -8:00]

Running from: c:\users\Ghostshell\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\4158.tmp

c:\programdata\Microsoft\Windows\DRM\692D.tmp

c:\programdata\Microsoft\Windows\DRM\C2B3.tmp

c:\programdata\Microsoft\Windows\DRM\EBFB.tmp

c:\programdata\Microsoft\Windows\DRM\EBFC.tmp

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\erdnt\cache64\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))

.

.

2012-11-22 07:25 . 2012-11-22 07:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2BB0E9F-C983-4F15-9FC3-7A6B4009D88B}\offreg.dll

2012-11-22 07:23 . 2012-11-22 07:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-22 07:23 . 2012-11-22 07:23 -------- d-----w- c:\users\UpdatusUser.Ghostshell-PC\AppData\Local\temp

2012-11-22 07:23 . 2012-11-22 07:23 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-22 07:23 . 2012-11-22 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-22 06:51 . 2012-11-22 06:51 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-20 05:16 . 2012-11-20 05:16 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Notepad++

2012-11-20 05:16 . 2012-11-20 05:16 -------- d-----w- c:\program files (x86)\Notepad++

2012-11-10 17:11 . 2012-11-10 17:11 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Moxzbot

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-30 02:54 . 2011-09-02 01:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-03 03:29 . 2012-09-03 03:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-03 03:29 . 2011-12-01 02:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-27 01:44 . 2012-08-01 18:18 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-27 01:44 . 2012-08-01 18:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]

2012-06-17 13:07 488832 ----a-w- c:\program files (x86)\Coupon Companion\Coupon Companion.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LolMatches Client"="c:\program files (x86)\LolMatches\LolMatches Client.exe" [2012-04-05 1149952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]

"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-25 136488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]

S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]

S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]

S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}: NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\1435F524F6162746F525F6F6D6: NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\16474777966696: NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554430343: NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\E45445745414258373: NameServer = 208.62.222.222,208.67.220.220

FF - ProfilePath - c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

FF - ExtSQL: 2012-09-27 00:34; crossriderapp4493@crossrider.com; c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\extensions\crossriderapp4493@crossrider.com

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-FAStartup - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ñ*4%%d"*²*Æ!#H*K*X%]

"Successes"=dword:e0000000

"Failures"=dword:e0000001

"{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}"=hex:00,18,f8,7c,33,3b

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-11-21 23:31:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-22 07:31

.

Pre-Run: 68,290,519,040 bytes free

Post-Run: 68,159,197,184 bytes free

.

- - End Of File - - 6555B98AAC30E2B3080EEB72C5805E20

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

23:59:10.0103 3424 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

23:59:10.0550 3424 ============================================================

23:59:10.0550 3424 Current date / time: 2012/11/21 23:59:10.0550

23:59:10.0550 3424 SystemInfo:

23:59:10.0550 3424

23:59:10.0551 3424 OS Version: 6.1.7601 ServicePack: 1.0

23:59:10.0551 3424 Product type: Workstation

23:59:10.0551 3424 ComputerName: GHOSTSHELL-PC

23:59:10.0551 3424 UserName: Ghostshell

23:59:10.0551 3424 Windows directory: C:\Windows

23:59:10.0551 3424 System windows directory: C:\Windows

23:59:10.0551 3424 Running under WOW64

23:59:10.0551 3424 Processor architecture: Intel x64

23:59:10.0551 3424 Number of processors: 8

23:59:10.0551 3424 Page size: 0x1000

23:59:10.0551 3424 Boot type: Normal boot

23:59:10.0551 3424 ============================================================

23:59:12.0059 3424 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:59:12.0068 3424 ============================================================

23:59:12.0068 3424 \Device\Harddisk0\DR0:

23:59:12.0068 3424 MBR partitions:

23:59:12.0069 3424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:59:12.0069 3424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800

23:59:12.0069 3424 ============================================================

23:59:12.0094 3424 C: <-> \Device\Harddisk0\DR0\Partition2

23:59:12.0094 3424 ============================================================

23:59:12.0094 3424 Initialize success

23:59:12.0094 3424 ============================================================

23:59:28.0229 5976 ============================================================

23:59:28.0229 5976 Scan started

23:59:28.0229 5976 Mode: Manual;

23:59:28.0229 5976 ============================================================

23:59:29.0107 5976 ================ Scan system memory ========================

23:59:29.0107 5976 System memory - ok

23:59:29.0107 5976 ================ Scan services =============================

23:59:29.0443 5976 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:59:29.0447 5976 1394ohci - ok

23:59:29.0479 5976 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:59:29.0484 5976 ACPI - ok

23:59:29.0500 5976 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:59:29.0502 5976 AcpiPmi - ok

23:59:29.0639 5976 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:59:29.0640 5976 AdobeARMservice - ok

23:59:29.0690 5976 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:59:29.0697 5976 adp94xx - ok

23:59:29.0740 5976 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:59:29.0745 5976 adpahci - ok

23:59:29.0758 5976 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:59:29.0761 5976 adpu320 - ok

23:59:29.0795 5976 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:59:29.0797 5976 AeLookupSvc - ok

23:59:29.0938 5976 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe

23:59:29.0939 5976 AESTFilters - ok

23:59:29.0996 5976 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys

23:59:30.0002 5976 AFD - ok

23:59:30.0030 5976 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:59:30.0032 5976 agp440 - ok

23:59:30.0048 5976 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:59:30.0050 5976 ALG - ok

23:59:30.0151 5976 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe

23:59:30.0152 5976 AlienFusionService - ok

23:59:30.0183 5976 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

23:59:30.0184 5976 aliide - ok

23:59:30.0193 5976 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

23:59:30.0195 5976 amdide - ok

23:59:30.0234 5976 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:59:30.0236 5976 AmdK8 - ok

23:59:30.0239 5976 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:59:30.0241 5976 AmdPPM - ok

23:59:30.0273 5976 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:59:30.0275 5976 amdsata - ok

23:59:30.0297 5976 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:59:30.0300 5976 amdsbs - ok

23:59:30.0315 5976 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:59:30.0315 5976 amdxata - ok

23:59:30.0379 5976 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

23:59:30.0381 5976 AppID - ok

23:59:30.0396 5976 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:59:30.0398 5976 AppIDSvc - ok

23:59:30.0441 5976 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

23:59:30.0443 5976 Appinfo - ok

23:59:30.0542 5976 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:59:30.0544 5976 Apple Mobile Device - ok

23:59:30.0583 5976 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

23:59:30.0585 5976 arc - ok

23:59:30.0600 5976 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:59:30.0602 5976 arcsas - ok

23:59:30.0802 5976 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:59:30.0803 5976 aspnet_state - ok

23:59:30.0818 5976 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:59:30.0820 5976 AsyncMac - ok

23:59:30.0841 5976 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

23:59:30.0842 5976 atapi - ok

23:59:30.0897 5976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:59:30.0914 5976 AudioEndpointBuilder - ok

23:59:30.0934 5976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:59:30.0937 5976 AudioSrv - ok

23:59:30.0967 5976 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:59:30.0969 5976 AxInstSV - ok

23:59:31.0000 5976 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

23:59:31.0007 5976 b06bdrv - ok

23:59:31.0050 5976 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:59:31.0054 5976 b57nd60a - ok

23:59:31.0102 5976 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

23:59:31.0103 5976 BCM42RLY - ok

23:59:31.0158 5976 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

23:59:31.0171 5976 BCM43XX - ok

23:59:31.0225 5976 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys

23:59:31.0225 5976 BcmVWL - ok

23:59:31.0250 5976 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:59:31.0252 5976 BDESVC - ok

23:59:31.0259 5976 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:59:31.0261 5976 Beep - ok

23:59:31.0334 5976 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

23:59:31.0342 5976 BFE - ok

23:59:31.0427 5976 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

23:59:31.0446 5976 BITS - ok

23:59:31.0473 5976 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:59:31.0476 5976 blbdrive - ok

23:59:31.0536 5976 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:59:31.0542 5976 Bonjour Service - ok

23:59:31.0578 5976 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:59:31.0581 5976 bowser - ok

23:59:31.0611 5976 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:59:31.0613 5976 BrFiltLo - ok

23:59:31.0624 5976 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:59:31.0625 5976 BrFiltUp - ok

23:59:31.0638 5976 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

23:59:31.0640 5976 BridgeMP - ok

23:59:31.0672 5976 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

23:59:31.0675 5976 Browser - ok

23:59:31.0696 5976 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:59:31.0700 5976 Brserid - ok

23:59:31.0711 5976 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:59:31.0713 5976 BrSerWdm - ok

23:59:31.0727 5976 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:59:31.0728 5976 BrUsbMdm - ok

23:59:31.0739 5976 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:59:31.0741 5976 BrUsbSer - ok

23:59:31.0763 5976 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:59:31.0765 5976 BTHMODEM - ok

23:59:31.0788 5976 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:59:31.0791 5976 bthserv - ok

23:59:31.0794 5976 catchme - ok

23:59:31.0818 5976 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:59:31.0820 5976 cdfs - ok

23:59:31.0852 5976 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

23:59:31.0856 5976 cdrom - ok

23:59:31.0900 5976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

23:59:31.0902 5976 CertPropSvc - ok

23:59:31.0931 5976 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:59:31.0933 5976 circlass - ok

23:59:31.0959 5976 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:59:31.0965 5976 CLFS - ok

23:59:32.0119 5976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:59:32.0122 5976 clr_optimization_v2.0.50727_32 - ok

23:59:32.0163 5976 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:59:32.0165 5976 clr_optimization_v2.0.50727_64 - ok

23:59:32.0256 5976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:59:32.0258 5976 clr_optimization_v4.0.30319_32 - ok

23:59:32.0269 5976 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:59:32.0272 5976 clr_optimization_v4.0.30319_64 - ok

23:59:32.0333 5976 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

23:59:32.0333 5976 clwvd - ok

23:59:32.0354 5976 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:59:32.0356 5976 CmBatt - ok

23:59:32.0373 5976 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:59:32.0374 5976 cmdide - ok

23:59:32.0424 5976 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys

23:59:32.0430 5976 CNG - ok

23:59:32.0461 5976 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:59:32.0461 5976 Compbatt - ok

23:59:32.0497 5976 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:59:32.0498 5976 CompositeBus - ok

23:59:32.0509 5976 COMSysApp - ok

23:59:32.0524 5976 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:59:32.0526 5976 crcdisk - ok

23:59:32.0579 5976 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:59:32.0582 5976 CryptSvc - ok

23:59:32.0631 5976 [ 5BC67F1EFB6B1D039B151CF7353EC742 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys

23:59:32.0632 5976 DAdderFltr - ok

23:59:32.0657 5976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:59:32.0664 5976 DcomLaunch - ok

23:59:32.0693 5976 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:59:32.0698 5976 defragsvc - ok

23:59:32.0732 5976 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:59:32.0735 5976 DfsC - ok

23:59:32.0750 5976 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

23:59:32.0755 5976 Dhcp - ok

23:59:32.0763 5976 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:59:32.0764 5976 discache - ok

23:59:32.0797 5976 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:59:32.0799 5976 Disk - ok

23:59:32.0835 5976 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:59:32.0839 5976 Dnscache - ok

23:59:32.0876 5976 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:59:32.0881 5976 dot3svc - ok

23:59:32.0895 5976 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

23:59:32.0898 5976 DPS - ok

23:59:32.0934 5976 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:59:32.0936 5976 drmkaud - ok

23:59:32.0982 5976 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:59:32.0986 5976 DXGKrnl - ok

23:59:33.0033 5976 [ 04DDDEA79B9E616F50B9132752F656FC ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys

23:59:33.0035 5976 e1kexpress - ok

23:59:33.0067 5976 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:59:33.0070 5976 EapHost - ok

23:59:33.0134 5976 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

23:59:33.0210 5976 ebdrv - ok

23:59:33.0228 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe

23:59:33.0229 5976 EFS - ok

23:59:33.0294 5976 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:59:33.0303 5976 ehRecvr - ok

23:59:33.0332 5976 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:59:33.0334 5976 ehSched - ok

23:59:33.0361 5976 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:59:33.0368 5976 elxstor - ok

23:59:33.0390 5976 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:59:33.0392 5976 ErrDev - ok

23:59:33.0412 5976 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:59:33.0418 5976 EventSystem - ok

23:59:33.0444 5976 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:59:33.0448 5976 exfat - ok

23:59:33.0503 5976 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys

23:59:33.0504 5976 FACAP - ok

23:59:33.0608 5976 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

23:59:33.0618 5976 FAService - ok

23:59:33.0627 5976 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:59:33.0630 5976 fastfat - ok

23:59:33.0666 5976 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

23:59:33.0683 5976 Fax - ok

23:59:33.0702 5976 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:59:33.0704 5976 fdc - ok

23:59:33.0736 5976 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:59:33.0737 5976 fdPHost - ok

23:59:33.0750 5976 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:59:33.0752 5976 FDResPub - ok

23:59:33.0781 5976 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:59:33.0782 5976 FileInfo - ok

23:59:33.0791 5976 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:59:33.0792 5976 Filetrace - ok

23:59:33.0807 5976 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:59:33.0809 5976 flpydisk - ok

23:59:33.0829 5976 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:59:33.0833 5976 FltMgr - ok

23:59:33.0861 5976 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll

23:59:33.0886 5976 FontCache - ok

23:59:33.0934 5976 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:59:33.0937 5976 FontCache3.0.0.0 - ok

23:59:33.0950 5976 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:59:33.0952 5976 FsDepends - ok

23:59:33.0961 5976 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:59:33.0962 5976 Fs_Rec - ok

23:59:34.0000 5976 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:59:34.0004 5976 fvevol - ok

23:59:34.0031 5976 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:59:34.0033 5976 gagp30kx - ok

23:59:34.0092 5976 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:59:34.0093 5976 GEARAspiWDM - ok

23:59:34.0137 5976 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

23:59:34.0153 5976 gpsvc - ok

23:59:34.0208 5976 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

23:59:34.0208 5976 hamachi - ok

23:59:34.0569 5976 [ A5963114373834D78782013BC803043E ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

23:59:34.0661 5976 Hamachi2Svc - ok

23:59:34.0779 5976 [ 8CD92502FEC49E837155B9F20E5E2D2C ] HappyOSD C:\Program Files (x86)\OSD\OSD_Service.exe

23:59:34.0779 5976 HappyOSD - ok

23:59:34.0791 5976 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:59:34.0793 5976 hcw85cir - ok

23:59:34.0835 5976 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:59:34.0840 5976 HdAudAddService - ok

23:59:34.0867 5976 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:59:34.0870 5976 HDAudBus - ok

23:59:34.0891 5976 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:59:34.0893 5976 HidBatt - ok

23:59:34.0906 5976 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:59:34.0908 5976 HidBth - ok

23:59:34.0935 5976 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:59:34.0938 5976 HidIr - ok

23:59:34.0962 5976 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

23:59:34.0963 5976 hidserv - ok

23:59:34.0990 5976 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:59:34.0992 5976 HidUsb - ok

23:59:35.0049 5976 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:59:35.0051 5976 hkmsvc - ok

23:59:35.0089 5976 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:59:35.0094 5976 HomeGroupListener - ok

23:59:35.0108 5976 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:59:35.0112 5976 HomeGroupProvider - ok

23:59:35.0124 5976 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:59:35.0126 5976 HpSAMD - ok

23:59:35.0153 5976 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:59:35.0170 5976 HTTP - ok

23:59:35.0181 5976 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:59:35.0181 5976 hwpolicy - ok

23:59:35.0215 5976 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:59:35.0218 5976 i8042prt - ok

23:59:35.0244 5976 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:59:35.0250 5976 iaStorV - ok

23:59:35.0314 5976 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:59:35.0333 5976 idsvc - ok

23:59:35.0344 5976 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:59:35.0346 5976 iirsp - ok

23:59:35.0412 5976 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

23:59:35.0429 5976 IKEEXT - ok

23:59:35.0448 5976 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

23:59:35.0449 5976 intelide - ok

23:59:35.0480 5976 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:59:35.0481 5976 intelppm - ok

23:59:35.0523 5976 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:59:35.0526 5976 IPBusEnum - ok

23:59:35.0562 5976 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:59:35.0564 5976 IpFilterDriver - ok

23:59:35.0631 5976 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:59:35.0639 5976 iphlpsvc - ok

23:59:35.0664 5976 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:59:35.0666 5976 IPMIDRV - ok

23:59:35.0683 5976 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:59:35.0685 5976 IPNAT - ok

23:59:35.0755 5976 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:59:35.0775 5976 iPod Service - ok

23:59:35.0791 5976 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:59:35.0794 5976 IRENUM - ok

23:59:35.0807 5976 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:59:35.0809 5976 isapnp - ok

23:59:35.0827 5976 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:59:35.0831 5976 iScsiPrt - ok

23:59:35.0864 5976 [ 9291643B494F87BFDAC95A524F69E737 ] itecir C:\Windows\system32\DRIVERS\itecir.sys

23:59:35.0866 5976 itecir - ok

23:59:35.0897 5976 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

23:59:35.0897 5976 kbdclass - ok

23:59:35.0909 5976 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

23:59:35.0911 5976 kbdhid - ok

23:59:35.0918 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe

23:59:35.0918 5976 KeyIso - ok

23:59:35.0930 5976 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:59:35.0932 5976 KSecDD - ok

23:59:35.0969 5976 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:59:35.0971 5976 KSecPkg - ok

23:59:35.0985 5976 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:59:35.0987 5976 ksthunk - ok

23:59:36.0018 5976 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:59:36.0024 5976 KtmRm - ok

23:59:36.0077 5976 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

23:59:36.0081 5976 LanmanServer - ok

23:59:36.0132 5976 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:59:36.0135 5976 LanmanWorkstation - ok

23:59:36.0170 5976 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:59:36.0172 5976 lltdio - ok

23:59:36.0192 5976 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:59:36.0197 5976 lltdsvc - ok

23:59:36.0211 5976 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:59:36.0213 5976 lmhosts - ok

23:59:36.0227 5976 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:59:36.0230 5976 LSI_FC - ok

23:59:36.0234 5976 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:59:36.0236 5976 LSI_SAS - ok

23:59:36.0244 5976 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:59:36.0247 5976 LSI_SAS2 - ok

23:59:36.0257 5976 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:59:36.0260 5976 LSI_SCSI - ok

23:59:36.0276 5976 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:59:36.0278 5976 luafv - ok

23:59:36.0320 5976 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys

23:59:36.0322 5976 ManyCam - ok

23:59:36.0369 5976 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:59:36.0372 5976 Mcx2Svc - ok

23:59:36.0382 5976 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:59:36.0384 5976 megasas - ok

23:59:36.0418 5976 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:59:36.0426 5976 MegaSR - ok

23:59:36.0439 5976 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:59:36.0441 5976 MMCSS - ok

23:59:36.0455 5976 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:59:36.0457 5976 Modem - ok

23:59:36.0466 5976 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:59:36.0467 5976 monitor - ok

23:59:36.0486 5976 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:59:36.0486 5976 mouclass - ok

23:59:36.0520 5976 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:59:36.0522 5976 mouhid - ok

23:59:36.0565 5976 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:59:36.0567 5976 mountmgr - ok

23:59:36.0640 5976 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:59:36.0642 5976 MozillaMaintenance - ok

23:59:36.0679 5976 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

23:59:36.0684 5976 mpio - ok

23:59:36.0696 5976 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:59:36.0698 5976 mpsdrv - ok

23:59:36.0758 5976 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:59:36.0775 5976 MpsSvc - ok

23:59:36.0818 5976 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:59:36.0821 5976 MRxDAV - ok

23:59:36.0853 5976 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:59:36.0856 5976 mrxsmb - ok

23:59:36.0892 5976 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:59:36.0896 5976 mrxsmb10 - ok

23:59:36.0909 5976 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:59:36.0912 5976 mrxsmb20 - ok

23:59:36.0935 5976 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

23:59:36.0935 5976 msahci - ok

23:59:36.0953 5976 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:59:36.0957 5976 msdsm - ok

23:59:36.0970 5976 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:59:36.0974 5976 MSDTC - ok

23:59:37.0013 5976 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:59:37.0016 5976 Msfs - ok

23:59:37.0046 5976 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:59:37.0048 5976 mshidkmdf - ok

23:59:37.0057 5976 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:59:37.0058 5976 msisadrv - ok

23:59:37.0093 5976 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:59:37.0097 5976 MSiSCSI - ok

23:59:37.0100 5976 msiserver - ok

23:59:37.0263 5976 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:59:37.0324 5976 MSKSSRV - ok

23:59:37.0359 5976 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:59:37.0361 5976 MSPCLOCK - ok

23:59:37.0367 5976 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:59:37.0369 5976 MSPQM - ok

23:59:37.0413 5976 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:59:37.0418 5976 MsRPC - ok

23:59:37.0433 5976 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

23:59:37.0433 5976 mssmbios - ok

23:59:37.0507 5976 MSSQL$SQLEXPRESS - ok

23:59:37.0593 5976 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

23:59:37.0595 5976 MSSQLServerADHelper100 - ok

23:59:37.0614 5976 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:59:37.0616 5976 MSTEE - ok

23:59:37.0629 5976 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:59:37.0631 5976 MTConfig - ok

23:59:37.0658 5976 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:59:37.0659 5976 Mup - ok

23:59:37.0701 5976 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

23:59:37.0708 5976 napagent - ok

23:59:37.0738 5976 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:59:37.0742 5976 NativeWifiP - ok

23:59:37.0792 5976 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

23:59:37.0813 5976 NDIS - ok

23:59:37.0823 5976 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:59:37.0826 5976 NdisCap - ok

23:59:37.0852 5976 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:59:37.0853 5976 NdisTapi - ok

23:59:37.0881 5976 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:59:37.0883 5976 Ndisuio - ok

23:59:37.0919 5976 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:59:37.0922 5976 NdisWan - ok

23:59:37.0949 5976 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:59:37.0951 5976 NDProxy - ok

23:59:37.0958 5976 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:59:37.0960 5976 NetBIOS - ok

23:59:37.0979 5976 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:59:37.0982 5976 NetBT - ok

23:59:37.0989 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe

23:59:37.0990 5976 Netlogon - ok

23:59:38.0019 5976 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:59:38.0024 5976 Netman - ok

23:59:38.0071 5976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:59:38.0074 5976 NetMsmqActivator - ok

23:59:38.0094 5976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:59:38.0095 5976 NetPipeActivator - ok

23:59:38.0112 5976 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:59:38.0119 5976 netprofm - ok

23:59:38.0186 5976 [ 883269C1CA478658F1334F3C39B0C7AC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys

23:59:38.0211 5976 netr28ux - ok

23:59:38.0231 5976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:59:38.0232 5976 NetTcpActivator - ok

23:59:38.0235 5976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:59:38.0236 5976 NetTcpPortSharing - ok

23:59:38.0257 5976 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:59:38.0258 5976 nfrd960 - ok

23:59:38.0279 5976 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:59:38.0284 5976 NlaSvc - ok

23:59:38.0298 5976 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:59:38.0300 5976 Npfs - ok

23:59:38.0322 5976 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:59:38.0324 5976 nsi - ok

23:59:38.0333 5976 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:59:38.0333 5976 nsiproxy - ok

23:59:38.0370 5976 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:59:38.0404 5976 Ntfs - ok

23:59:38.0473 5976 nTuneService - ok

23:59:38.0484 5976 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:59:38.0486 5976 Null - ok

23:59:38.0545 5976 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

23:59:38.0546 5976 NVHDA - ok

23:59:38.0765 5976 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:59:38.0830 5976 nvlddmkm - ok

23:59:38.0874 5976 [ 241A095631570A9CEF4F126C87605C60 ] NVR0Dev C:\Windows\nvoclk64.sys

23:59:38.0875 5976 NVR0Dev - ok

23:59:38.0908 5976 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:59:38.0912 5976 nvraid - ok

23:59:38.0926 5976 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:59:38.0930 5976 nvstor - ok

23:59:38.0980 5976 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe

23:59:39.0000 5976 nvsvc - ok

23:59:39.0048 5976 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

23:59:39.0073 5976 nvUpdatusService - ok

23:59:39.0111 5976 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:59:39.0114 5976 nv_agp - ok

23:59:39.0130 5976 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:59:39.0132 5976 ohci1394 - ok

23:59:39.0163 5976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:59:39.0168 5976 p2pimsvc - ok

23:59:39.0185 5976 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:59:39.0191 5976 p2psvc - ok

23:59:39.0218 5976 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:59:39.0220 5976 Parport - ok

23:59:39.0254 5976 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:59:39.0256 5976 partmgr - ok

23:59:39.0271 5976 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:59:39.0275 5976 PcaSvc - ok

23:59:39.0284 5976 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

23:59:39.0287 5976 pci - ok

23:59:39.0305 5976 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

23:59:39.0307 5976 pciide - ok

23:59:39.0328 5976 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:59:39.0331 5976 pcmcia - ok

23:59:39.0348 5976 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:59:39.0349 5976 pcw - ok

23:59:39.0366 5976 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:59:39.0383 5976 PEAUTH - ok

23:59:39.0459 5976 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:59:39.0461 5976 PerfHost - ok

23:59:39.0500 5976 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

23:59:39.0526 5976 pla - ok

23:59:39.0587 5976 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:59:39.0594 5976 PlugPlay - ok

23:59:39.0601 5976 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:59:39.0603 5976 PNRPAutoReg - ok

23:59:39.0616 5976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:59:39.0618 5976 PNRPsvc - ok

23:59:39.0663 5976 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:59:39.0670 5976 PolicyAgent - ok

23:59:39.0704 5976 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:59:39.0707 5976 Power - ok

23:59:39.0746 5976 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:59:39.0767 5976 PptpMiniport - ok

23:59:39.0778 5976 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:59:39.0780 5976 Processor - ok

23:59:39.0793 5976 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

23:59:39.0797 5976 ProfSvc - ok

23:59:39.0805 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe

23:59:39.0805 5976 ProtectedStorage - ok

23:59:39.0833 5976 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:59:39.0836 5976 Psched - ok

23:59:39.0889 5976 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:59:39.0915 5976 ql2300 - ok

23:59:39.0927 5976 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:59:39.0929 5976 ql40xx - ok

23:59:39.0959 5976 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:59:39.0965 5976 QWAVE - ok

23:59:39.0973 5976 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:59:39.0974 5976 QWAVEdrv - ok

23:59:39.0994 5976 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:59:39.0995 5976 RasAcd - ok

23:59:40.0014 5976 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:59:40.0016 5976 RasAgileVpn - ok

23:59:40.0028 5976 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:59:40.0031 5976 RasAuto - ok

23:59:40.0071 5976 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:59:40.0073 5976 Rasl2tp - ok

23:59:40.0090 5976 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

23:59:40.0095 5976 RasMan - ok

23:59:40.0106 5976 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:59:40.0108 5976 RasPppoe - ok

23:59:40.0116 5976 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:59:40.0118 5976 RasSstp - ok

23:59:40.0135 5976 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:59:40.0139 5976 rdbss - ok

23:59:40.0156 5976 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:59:40.0158 5976 rdpbus - ok

23:59:40.0171 5976 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:59:40.0172 5976 RDPCDD - ok

23:59:40.0186 5976 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:59:40.0187 5976 RDPENCDD - ok

23:59:40.0201 5976 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:59:40.0202 5976 RDPREFMP - ok

23:59:40.0241 5976 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:59:40.0245 5976 RDPWD - ok

23:59:40.0267 5976 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:59:40.0270 5976 rdyboost - ok

23:59:40.0302 5976 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:59:40.0305 5976 RemoteAccess - ok

23:59:40.0317 5976 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:59:40.0321 5976 RemoteRegistry - ok

23:59:40.0365 5976 [ CB7C996F3878E936BFDD9CDFE6A3A987 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys

23:59:40.0367 5976 rimmptsk - ok

23:59:40.0376 5976 [ 2C543F0E04B5F6FD5C17509D0ECE6D1D ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys

23:59:40.0378 5976 rimsptsk - ok

23:59:40.0388 5976 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys

23:59:40.0390 5976 rismxdp - ok

23:59:40.0398 5976 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:59:40.0401 5976 RpcEptMapper - ok

23:59:40.0409 5976 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:59:40.0411 5976 RpcLocator - ok

23:59:40.0455 5976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

23:59:40.0458 5976 RpcSs - ok

23:59:40.0509 5976 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys

23:59:40.0514 5976 RsFx0103 - ok

23:59:40.0532 5976 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:59:40.0534 5976 rspndr - ok

23:59:40.0547 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe

23:59:40.0548 5976 SamSs - ok

23:59:40.0568 5976 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:59:40.0570 5976 sbp2port - ok

23:59:40.0587 5976 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:59:40.0592 5976 SCardSvr - ok

23:59:40.0625 5976 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:59:40.0627 5976 scfilter - ok

23:59:40.0671 5976 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

23:59:40.0697 5976 Schedule - ok

23:59:40.0713 5976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:59:40.0713 5976 SCPolicySvc - ok

23:59:40.0759 5976 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

23:59:40.0761 5976 sdbus - ok

23:59:40.0801 5976 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:59:40.0805 5976 SDRSVC - ok

23:59:40.0829 5976 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:59:40.0830 5976 secdrv - ok

23:59:40.0841 5976 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

23:59:40.0844 5976 seclogon - ok

23:59:40.0883 5976 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

23:59:40.0886 5976 SENS - ok

23:59:40.0896 5976 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:59:40.0898 5976 SensrSvc - ok

23:59:40.0915 5976 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:59:40.0917 5976 Serenum - ok

23:59:40.0946 5976 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:59:40.0948 5976 Serial - ok

23:59:40.0961 5976 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:59:40.0963 5976 sermouse - ok

23:59:40.0999 5976 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

23:59:41.0002 5976 SessionEnv - ok

23:59:41.0029 5976 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:59:41.0031 5976 sffdisk - ok

23:59:41.0051 5976 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:59:41.0053 5976 sffp_mmc - ok

23:59:41.0062 5976 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:59:41.0064 5976 sffp_sd - ok

23:59:41.0076 5976 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:59:41.0077 5976 sfloppy - ok

23:59:41.0117 5976 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:59:41.0123 5976 SharedAccess - ok

23:59:41.0168 5976 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:59:41.0174 5976 ShellHWDetection - ok

23:59:41.0184 5976 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:59:41.0186 5976 SiSRaid2 - ok

23:59:41.0203 5976 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:59:41.0206 5976 SiSRaid4 - ok

23:59:41.0278 5976 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

23:59:41.0279 5976 SkypeUpdate - ok

23:59:41.0300 5976 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:59:41.0302 5976 Smb - ok

23:59:41.0343 5976 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:59:41.0346 5976 SNMPTRAP - ok

23:59:41.0353 5976 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:59:41.0353 5976 spldr - ok

23:59:41.0392 5976 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

23:59:41.0409 5976 Spooler - ok

23:59:41.0492 5976 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

23:59:41.0600 5976 sppsvc - ok

23:59:41.0615 5976 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:59:41.0617 5976 sppuinotify - ok

23:59:41.0668 5976 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

23:59:41.0674 5976 SQLAgent$SQLEXPRESS - ok

23:59:41.0726 5976 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

23:59:41.0731 5976 SQLBrowser - ok

23:59:41.0755 5976 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

23:59:41.0757 5976 SQLWriter - ok

23:59:41.0798 5976 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

23:59:41.0804 5976 srv - ok

23:59:41.0818 5976 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:59:41.0824 5976 srv2 - ok

23:59:41.0839 5976 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:59:41.0843 5976 srvnet - ok

23:59:41.0865 5976 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:59:41.0869 5976 SSDPSRV - ok

23:59:41.0883 5976 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:59:41.0886 5976 SstpSvc - ok

23:59:42.0020 5976 [ 1FCAF9C8A17985A28507338F36200320 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe

23:59:42.0025 5976 STacSV - ok

23:59:42.0068 5976 Steam Client Service - ok

23:59:42.0164 5976 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

23:59:42.0168 5976 Stereo Service - ok

23:59:42.0202 5976 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:59:42.0204 5976 stexstor - ok

23:59:42.0229 5976 [ 3C400155894B9CAF176EB4F64737050B ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

23:59:42.0236 5976 STHDA - ok

23:59:42.0285 5976 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

23:59:42.0293 5976 stisvc - ok

23:59:42.0320 5976 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

23:59:42.0320 5976 swenum - ok

23:59:42.0359 5976 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:59:42.0367 5976 swprv - ok

23:59:42.0425 5976 [ 5C9BB68B1F4BBCB85B4F6E675FC523A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

23:59:42.0427 5976 SynTP - ok

23:59:42.0488 5976 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

23:59:42.0521 5976 SysMain - ok

23:59:42.0557 5976 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:59:42.0560 5976 TabletInputService - ok

23:59:42.0598 5976 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:59:42.0604 5976 TapiSrv - ok

23:59:42.0617 5976 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:59:42.0618 5976 TBS - ok

23:59:42.0695 5976 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:59:42.0728 5976 Tcpip - ok

23:59:42.0769 5976 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:59:42.0777 5976 TCPIP6 - ok

23:59:42.0819 5976 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:59:42.0821 5976 tcpipreg - ok

23:59:42.0853 5976 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:59:42.0854 5976 TDPIPE - ok

23:59:42.0872 5976 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:59:42.0873 5976 TDTCP - ok

23:59:42.0911 5976 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:59:42.0914 5976 tdx - ok

23:59:42.0946 5976 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

23:59:42.0947 5976 TermDD - ok

23:59:42.0965 5976 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

23:59:42.0982 5976 TermService - ok

23:59:42.0990 5976 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:59:42.0993 5976 Themes - ok

23:59:43.0014 5976 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:59:43.0015 5976 THREADORDER - ok

23:59:43.0028 5976 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:59:43.0031 5976 TrkWks - ok

23:59:43.0096 5976 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:59:43.0099 5976 TrustedInstaller - ok

23:59:43.0138 5976 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:59:43.0139 5976 tssecsrv - ok

23:59:43.0184 5976 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:59:43.0186 5976 TsUsbFlt - ok

23:59:43.0215 5976 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:59:43.0217 5976 tunnel - ok

23:59:43.0259 5976 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

23:59:43.0259 5976 TurboB - ok

23:59:43.0340 5976 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

23:59:43.0344 5976 TurboBoost - ok

23:59:43.0371 5976 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:59:43.0374 5976 uagp35 - ok

23:59:43.0396 5976 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:59:43.0401 5976 udfs - ok

23:59:43.0418 5976 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:59:43.0420 5976 UI0Detect - ok

23:59:43.0461 5976 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:59:43.0463 5976 uliagpkx - ok

23:59:43.0481 5976 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

23:59:43.0483 5976 umbus - ok

23:59:43.0502 5976 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:59:43.0504 5976 UmPass - ok

23:59:43.0538 5976 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:59:43.0544 5976 upnphost - ok

23:59:43.0576 5976 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

23:59:43.0578 5976 USBAAPL64 - ok

23:59:43.0632 5976 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

23:59:43.0634 5976 usbaudio - ok

23:59:43.0674 5976 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:59:43.0677 5976 usbccgp - ok

23:59:43.0700 5976 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:59:43.0702 5976 usbcir - ok

23:59:43.0716 5976 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys

23:59:43.0718 5976 usbehci - ok

23:59:43.0732 5976 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys

23:59:43.0737 5976 usbhub - ok

23:59:43.0746 5976 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:59:43.0749 5976 usbohci - ok

23:59:43.0761 5976 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:59:43.0763 5976 usbprint - ok

23:59:43.0797 5976 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:59:43.0799 5976 USBSTOR - ok

23:59:43.0813 5976 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

23:59:43.0816 5976 usbuhci - ok

23:59:43.0853 5976 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

23:59:43.0856 5976 usbvideo - ok

23:59:43.0868 5976 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:59:43.0871 5976 UxSms - ok

23:59:43.0880 5976 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe

23:59:43.0881 5976 VaultSvc - ok

23:59:43.0889 5976 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:59:43.0889 5976 vdrvroot - ok

23:59:43.0941 5976 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

23:59:43.0957 5976 vds - ok

23:59:43.0983 5976 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:59:43.0985 5976 vga - ok

23:59:43.0996 5976 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:59:43.0998 5976 VgaSave - ok

23:59:44.0012 5976 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:59:44.0016 5976 vhdmp - ok

23:59:44.0033 5976 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

23:59:44.0035 5976 viaide - ok

23:59:44.0052 5976 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:59:44.0054 5976 volmgr - ok

23:59:44.0094 5976 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:59:44.0099 5976 volmgrx - ok

23:59:44.0114 5976 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:59:44.0118 5976 volsnap - ok

23:59:44.0140 5976 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:59:44.0144 5976 vsmraid - ok

23:59:44.0323 5976 [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys

23:59:44.0325 5976 VSPerfDrv100 - ok

23:59:44.0380 5976 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

23:59:44.0413 5976 VSS - ok

23:59:44.0423 5976 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

23:59:44.0424 5976 vwifibus - ok

23:59:44.0436 5976 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

23:59:44.0439 5976 vwififlt - ok

23:59:44.0459 5976 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

23:59:44.0459 5976 vwifimp - ok

23:59:44.0499 5976 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:59:44.0506 5976 W32Time - ok

23:59:44.0525 5976 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:59:44.0526 5976 WacomPen - ok

23:59:44.0575 5976 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:59:44.0577 5976 WANARP - ok

23:59:44.0580 5976 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:59:44.0581 5976 Wanarpv6 - ok

23:59:44.0644 5976 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:59:44.0669 5976 WatAdminSvc - ok

23:59:44.0729 5976 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

23:59:44.0756 5976 wbengine - ok

23:59:44.0771 5976 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:59:44.0776 5976 WbioSrvc - ok

23:59:44.0821 5976 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:59:44.0827 5976 wcncsvc - ok

23:59:44.0840 5976 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:59:44.0843 5976 WcsPlugInService - ok

23:59:44.0868 5976 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:59:44.0869 5976 Wd - ok

23:59:44.0894 5976 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:59:44.0910 5976 Wdf01000 - ok

23:59:44.0926 5976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:59:44.0930 5976 WdiServiceHost - ok

23:59:44.0933 5976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:59:44.0935 5976 WdiSystemHost - ok

23:59:44.0946 5976 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

23:59:44.0951 5976 WebClient - ok

23:59:44.0961 5976 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:59:44.0966 5976 Wecsvc - ok

23:59:44.0977 5976 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:59:44.0981 5976 wercplsupport - ok

23:59:45.0001 5976 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:59:45.0004 5976 WerSvc - ok

23:59:45.0014 5976 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:59:45.0016 5976 WfpLwf - ok

23:59:45.0032 5976 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:59:45.0034 5976 WIMMount - ok

23:59:45.0074 5976 WinDefend - ok

23:59:45.0171 5976 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

23:59:45.0173 5976 WindowBlinds - ok

23:59:45.0178 5976 WinHttpAutoProxySvc - ok

23:59:45.0242 5976 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:59:45.0246 5976 Winmgmt - ok

23:59:45.0317 5976 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

23:59:45.0367 5976 WinRM - ok

23:59:45.0417 5976 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:59:45.0418 5976 WinUsb - ok

23:59:45.0456 5976 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:59:45.0481 5976 Wlansvc - ok

23:59:45.0522 5976 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

23:59:45.0524 5976 wltrysvc - ok

23:59:45.0537 5976 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:59:45.0538 5976 WmiAcpi - ok

23:59:45.0567 5976 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:59:45.0571 5976 wmiApSrv - ok

23:59:45.0601 5976 WMPNetworkSvc - ok

23:59:45.0619 5976 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:59:45.0622 5976 WPCSvc - ok

23:59:45.0661 5976 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:59:45.0665 5976 WPDBusEnum - ok

23:59:45.0684 5976 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:59:45.0684 5976 ws2ifsl - ok

23:59:45.0726 5976 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

23:59:45.0729 5976 wscsvc - ok

23:59:45.0732 5976 WSearch - ok

23:59:45.0801 5976 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll

23:59:45.0868 5976 wuauserv - ok

23:59:45.0901 5976 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:59:45.0903 5976 WudfPf - ok

23:59:45.0938 5976 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:59:45.0942 5976 WUDFRd - ok

23:59:45.0958 5976 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:59:45.0961 5976 wudfsvc - ok

23:59:45.0987 5976 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

23:59:45.0992 5976 WwanSvc - ok

23:59:46.0031 5976 ================ Scan global ===============================

23:59:46.0055 5976 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:59:46.0084 5976 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

23:59:46.0093 5976 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

23:59:46.0114 5976 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:59:46.0154 5976 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:59:46.0160 5976 [Global] - ok

23:59:46.0161 5976 ================ Scan MBR ==================================

23:59:46.0179 5976 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:59:46.0489 5976 \Device\Harddisk0\DR0 - ok

23:59:46.0489 5976 ================ Scan VBR ==================================

23:59:46.0491 5976 [ 30D2389C7B05B11E67EB039F63ACD4B8 ] \Device\Harddisk0\DR0\Partition1

23:59:46.0493 5976 \Device\Harddisk0\DR0\Partition1 - ok

23:59:46.0499 5976 [ A0A89077AA5B897F3231741F6E3F1496 ] \Device\Harddisk0\DR0\Partition2

23:59:46.0501 5976 \Device\Harddisk0\DR0\Partition2 - ok

23:59:46.0502 5976 ============================================================

23:59:46.0502 5976 Scan finished

23:59:46.0502 5976 ============================================================

23:59:46.0510 6048 Detected object count: 0

23:59:46.0511 6048 Actual detected object count: 0

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-22 00:01:59

-----------------------------

00:01:59.208 OS Version: Windows x64 6.1.7601 Service Pack 1

00:01:59.209 Number of processors: 8 586 0x1E05

00:01:59.209 ComputerName: GHOSTSHELL-PC UserName: Ghostshell

00:02:00.936 Initialize success

00:02:38.090 AVAST engine download error: 0

00:04:09.963 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

00:04:09.966 Disk 0 Vendor: ST9250410AS D004SDM1 Size: 238475MB BusType: 11

00:04:10.057 Disk 0 MBR read successfully

00:04:10.061 Disk 0 MBR scan

00:04:10.065 Disk 0 Windows 7 default MBR code

00:04:10.096 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

00:04:10.110 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848

00:04:10.141 Disk 0 scanning C:\Windows\system32\drivers

00:04:19.683 Service scanning

00:04:36.429 Modules scanning

00:04:36.440 Disk 0 trace - called modules:

00:04:36.490 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

00:04:36.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bc3790]

00:04:36.505 3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079790c0]

00:04:36.512 Scan finished successfully

00:04:46.212 Disk 0 MBR has been saved successfully to "C:\Users\Ghostshell\Desktop\MBR.dat"

00:04:46.219 The log file has been saved successfully to "C:\Users\Ghostshell\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

no problems, computer is still runnning great as of the last post from what i can tell, no more redirects or slow downs.

ComboFix 12-11-21.01 - Ghostshell 11/22/2012 0:18.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.6487 [GMT -8:00]

Running from: c:\users\Ghostshell\Desktop\ComboFix.exe

Command switches used :: c:\users\Ghostshell\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))

.

.

2012-11-22 08:25 . 2012-11-22 08:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-22 08:25 . 2012-11-22 08:25 -------- d-----w- c:\users\UpdatusUser.Ghostshell-PC\AppData\Local\temp

2012-11-22 08:25 . 2012-11-22 08:25 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-22 08:25 . 2012-11-22 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-22 07:33 . 2012-11-22 07:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2BB0E9F-C983-4F15-9FC3-7A6B4009D88B}\offreg.dll

2012-11-22 06:51 . 2012-11-22 06:51 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-20 05:16 . 2012-11-20 05:16 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Notepad++

2012-11-20 05:16 . 2012-11-20 05:16 -------- d-----w- c:\program files (x86)\Notepad++

2012-11-10 17:11 . 2012-11-10 17:11 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Moxzbot

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-30 02:54 . 2011-09-02 01:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-03 03:29 . 2012-09-03 03:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-03 03:29 . 2011-12-01 02:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-27 01:44 . 2012-08-01 18:18 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-27 01:44 . 2012-08-01 18:18 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]

2012-06-17 13:07 488832 ----a-w- c:\program files (x86)\Coupon Companion\Coupon Companion.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LolMatches Client"="c:\program files (x86)\LolMatches\LolMatches Client.exe" [2012-04-05 1149952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]

"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-25 136488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]

"FAStartup"="" [bU]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]

S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]

S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 24751917

*NewlyCreated* - ASWMBR

*Deregistered* - 24751917

*Deregistered* - aswMBR

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}: NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\1435F524F6162746F525F6F6D6: NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\16474777966696: NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554430343: NameServer = 208.62.222.222,208.67.220.220

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\E45445745414258373: NameServer = 208.62.222.222,208.67.220.220

FF - ProfilePath - c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

FF - ExtSQL: 2012-09-27 00:34; crossriderapp4493@crossrider.com; c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\extensions\crossriderapp4493@crossrider.com

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ñ*4%%d"*²*Æ!#H*K*X%]

"Successes"=dword:e0000000

"Failures"=dword:e0000001

"{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}"=hex:00,18,f8,7c,33,3b

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-22 00:28:31

ComboFix-quarantined-files.txt 2012-11-22 08:28

.

Pre-Run: 68,312,518,656 bytes free

Post-Run: 68,099,395,584 bytes free

.

- - End Of File - - 7FC9CDA1FAB4CBB8CB7108FDFA38C3DE

Link to post
Share on other sites