Jump to content

HomeLand security/FBI Moneypak virus, no safe mode

Khorrl
 Share

Recommended Posts

Khorrl

Khorrl

Posted
Posted

Hi there I run a windows 7 64-bit. My Pc has become infected, and when ever I try to run it any of the safe modes my computer restarts itself into the normal mode to display the ransom screen again. How do you suggest that I remove the virus, I've seen you all have done so with other computers but also warned people to not use the stuff you sent as it was keyed for individual people. So any help would be appreciated. 

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Hello Khorrl and welcome to Malwarebytes!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

Here is the log for you Thank you for your help 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01
Ran by SYSTEM on 19-06-2013 18:53:04
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2012-09-06] (SupportSoft, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKU\Ben\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Ben\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Ben\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [5915480 2010-10-29] (Logitech Inc.)
HKU\Ben\...\Run: [startNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT [1352048 2012-09-06] ()
HKU\Ben\...\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart [2529096 2011-11-18] (Desura Pty Ltd)
HKU\Ben\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Ben\...\Run: [bddafcabecddfgfdgfdgdfg] "C:\ProgramData\bddafcabecddfgfdgfdgdfg.exe" [x]
HKU\Ben\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Ben\AppData\Local\Temp\nguspxuyhusaqsjqx.exe [55296 2013-06-16] (Mozilla Foundation)
HKU\Ben\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Ben\...\Command Processor: "C:\Users\Ben\AppData\Local\Temp\nguspxuyhusaqsjqx.exe" <===== ATTENTION!
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
 
==================== Services (Whitelisted) =================
 
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-17] ()
S2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2012-09-06] (SupportSoft, Inc.)
S2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2012-09-06] (SupportSoft, Inc.)
S2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()
S2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-06-04] ()
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [40464 2007-11-07] (CACE Technologies)
S3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-19 18:52 - 2013-06-19 18:52 - 00000000 ____D C:\FRST
2013-06-16 19:35 - 2013-06-16 19:35 - 02019327 ____A C:\Users\Ben\AppData\Roaming\2433f433
2013-06-16 19:35 - 2013-06-16 19:35 - 02019305 ____A C:\ProgramData\2433f433
2013-06-16 19:35 - 2013-06-16 19:35 - 02019302 ____A C:\Users\Ben\AppData\Local\2433f433
2013-06-16 04:41 - 2013-06-16 16:41 - 00000000 ____D C:\Users\Ben\AppData\Local\{A4381A6E-5510-49CE-9937-FB4A98D1397C}
2013-06-15 21:01 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 21:01 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 21:01 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 21:01 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 21:01 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 21:01 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 21:01 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 21:01 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 21:01 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 21:01 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 21:01 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-15 21:01 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-15 21:01 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-15 21:01 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-15 21:01 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-15 21:01 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-15 21:01 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-15 21:01 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-15 21:01 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-15 21:01 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-15 21:01 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-15 21:01 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-15 21:01 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-15 21:01 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-15 21:01 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-15 21:01 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-15 21:01 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-15 21:01 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-15 21:01 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-15 21:00 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 21:00 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 14:30 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-15 14:30 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-15 14:30 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-15 14:30 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-15 14:30 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-15 14:29 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-15 14:29 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-15 14:29 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-15 14:29 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-15 14:29 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-15 14:29 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-15 14:29 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-15 14:29 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-15 14:29 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-15 14:29 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-15 14:29 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-15 14:29 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-15 14:29 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-15 14:29 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-15 12:32 - 2013-06-16 19:18 - 00000000 ____D C:\Users\Ben\AppData\Local\The Witcher
2013-06-15 12:32 - 2013-06-16 05:04 - 00000000 ____D C:\Users\Ben\Documents\The Witcher
2013-06-15 12:29 - 2013-06-15 12:29 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2013-06-15 09:12 - 2013-06-15 09:13 - 00000000 ____D C:\Users\Ben\AppData\Local\{957E6496-FFD6-4801-B94F-7E6CCC7A1AB7}
2013-06-14 19:19 - 2013-06-14 19:19 - 00000000 ____D C:\Users\Ben\AppData\Local\{338DCC1C-F45C-4953-9BBE-C666B873C762}
2013-06-14 17:56 - 2013-06-14 17:56 - 00000000 ____D C:\Users\Ben\AppData\Local\{58A827F8-623C-452C-84E5-6740678AFBB6}
2013-06-13 12:36 - 2013-06-13 12:37 - 00000000 ____D C:\Users\Ben\AppData\Local\{F504C2DE-BD8C-4872-8619-0F7C7E26673A}
2013-06-12 17:48 - 2013-06-12 17:49 - 00000000 ____D C:\Users\Ben\AppData\Local\{C5B53F7E-1D3E-43F8-AB0B-A4CA69892845}
2013-06-11 13:23 - 2013-06-11 13:23 - 00000000 ____D C:\Users\Ben\AppData\Local\{1522EB91-ED30-41BC-93C1-63D1127275AE}
2013-06-10 14:48 - 2013-06-10 14:48 - 00000000 ____D C:\Users\Ben\AppData\Local\{93C667C4-E572-4B6D-8526-DD93DFFBCFE8}
2013-06-08 21:14 - 2013-06-08 21:35 - 195758212 ____A C:\Users\Ben\Downloads\SexSlaveClassmate.part2.rar
2013-06-08 19:23 - 2013-06-08 21:35 - 209000000 ____A C:\Users\Ben\Downloads\SexSlaveClassmate.part1.rar
2013-06-08 05:05 - 2013-06-08 05:19 - 124330442 ____A C:\Users\Ben\Downloads\OrionHeart.part2.rar
2013-06-08 04:58 - 2013-06-09 17:01 - 00000000 ____D C:\Users\Ben\AppData\Local\{AC522653-D4B1-4403-A03B-3A8BA5EA5C10}
2013-06-08 04:50 - 2013-06-08 04:50 - 00000000 ____D C:\Users\Ben\AppData\Local\{E51BECFB-5E7E-4CA9-BF81-DF3ADB78C652}
2013-06-05 17:33 - 2013-06-05 17:33 - 00000000 ____D C:\Users\Ben\AppData\Local\{0D504733-142A-49BC-87B8-95307588A367}
2013-06-04 19:26 - 2013-06-04 19:26 - 00000000 ____D C:\Users\Ben\AppData\Local\{82E2095C-FEE1-4301-B16D-4DE6BCDD1DE3}
2013-06-04 16:17 - 2013-06-04 16:17 - 00000000 ____D C:\Users\Ben\AppData\Local\{4CD47C4B-182A-4454-8876-A83756D659B0}
2013-06-03 14:56 - 2013-06-03 14:56 - 00000000 ____D C:\Users\Ben\AppData\Local\{5A3F7074-ED7E-44EE-BCB1-C42A2C263E2F}
2013-06-02 19:27 - 2013-06-02 19:27 - 00000000 ____D C:\Users\Ben\AppData\Local\{00310121-DC85-4306-8011-79917AFAE5D1}
2013-06-02 18:47 - 2013-06-02 18:47 - 00027648 ____A C:\ProgramData\neqfctfctwinrkd
2013-06-02 18:36 - 2013-06-02 18:36 - 00111616 ____A C:\ProgramData\mtpnboidqibxnut
2013-06-02 18:30 - 2013-06-02 19:01 - 00000310 ____A C:\ProgramData\bddafcabecddfgfdgfdgdfg.cfg
2013-06-02 18:30 - 2013-06-02 18:30 - 00093696 ____A C:\ProgramData\bytcyckoujtvsic
2013-06-02 18:27 - 2013-06-02 18:27 - 00000000 ____D C:\Microsoft_SDK
2013-06-02 17:28 - 2013-06-02 17:28 - 00000000 ____D C:\Users\Ben\AppData\Local\{D4DD9CBD-EC51-4284-B3B0-19483A1D379F}
2013-06-01 17:43 - 2013-06-01 17:43 - 00000000 ____D C:\Users\Ben\AppData\Local\{4CC7644F-B8C8-4790-BEDD-F59E12F718DF}
2013-05-30 18:36 - 2013-05-30 18:36 - 02250054 ____A C:\ProgramData\1.bmp
2013-05-30 18:02 - 2013-05-30 19:02 - 00000000 ____D C:\Windows\System32\appmgmt
2013-05-30 15:20 - 2013-05-30 15:22 - 00000000 ____D C:\Users\Ben\AppData\Local\{5F2CA931-FC1C-4331-AFEA-2E5C73E5F2A2}
2013-05-29 18:10 - 2013-05-29 18:11 - 00000000 ____D C:\Users\Ben\AppData\Local\{650CF599-85DD-40D0-AEE5-480395EE0C95}
2013-05-29 03:07 - 2013-05-29 03:07 - 00000000 ____D C:\Users\Ben\AppData\Local\{9A002C5F-BC50-4D7F-8E82-B00273B29145}
2013-05-28 15:26 - 2013-05-28 15:26 - 00000000 ____D C:\Users\Ben\AppData\Local\{22113B23-6E2C-4446-BB36-D80941C226C4}
2013-05-28 03:07 - 2013-05-28 03:07 - 00000000 ____D C:\Users\Ben\AppData\Local\{0EB21378-5F98-4588-B921-49B3CFD22281}
2013-05-27 11:25 - 2013-05-27 11:25 - 00000000 ____D C:\Users\Ben\AppData\Local\{663442A5-29CD-4C59-B8F7-5FA80FD694F1}
2013-05-27 04:37 - 2013-05-27 04:37 - 00000000 ____D C:\Users\Ben\AppData\Local\{5BA57D7D-C01F-4459-A29F-0D5EA28F002C}
2013-05-26 06:02 - 2013-05-26 06:02 - 00000000 ____D C:\Users\Ben\AppData\Local\{EA5AB753-90A3-4C90-8D0D-24CEA8DDCCFA}
2013-05-25 20:59 - 2013-05-25 20:59 - 00000000 ____D C:\Users\Ben\Desktop\sandbox_1_2
2013-05-25 19:15 - 2013-05-25 19:15 - 00000000 ____D C:\Users\Ben\AppData\Local\{A13633BB-A1F7-45E8-9DDB-AC2E3E29A2C0}
2013-05-25 08:04 - 2013-05-25 08:04 - 00000000 ____D C:\Users\Ben\AppData\Local\{66ADBE85-D9B3-4144-AF13-EE77518A2C2D}
2013-05-25 06:37 - 2013-05-25 06:37 - 00000000 ____D C:\Users\Ben\AppData\Local\{3C7F4A6A-BBBE-4CA3-856A-21C92090E449}
2013-05-24 19:00 - 2013-05-24 19:00 - 00001111 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-24 19:00 - 2013-05-24 19:00 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Mozilla
2013-05-24 19:00 - 2013-05-24 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 18:34 - 2013-05-24 18:37 - 00000000 ____D C:\Users\Ben\AppData\Local\{933AEDEB-69D8-45FF-96B2-08A0AD880A98}
2013-05-24 12:48 - 2013-05-24 12:48 - 00000000 ____D C:\Users\Ben\AppData\Local\{A7B8F632-1145-4206-990E-88483C772DBA}
2013-05-23 17:51 - 2013-05-23 17:54 - 00000000 ____D C:\Users\Ben\AppData\Local\{4DE865AB-719B-421A-AA0A-C650EE27165A}
2013-05-23 12:31 - 2013-05-23 12:31 - 00000000 ____D C:\Users\Ben\AppData\Local\{B4E07A36-4834-4CA2-BD2D-6D076FFA0725}
2013-05-23 03:42 - 2013-05-23 03:42 - 00000000 ____D C:\Users\Ben\AppData\Local\{167D02FE-A705-41F4-8A26-F17CD19F9609}
2013-05-22 13:35 - 2013-05-24 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-22 12:31 - 2013-05-22 12:31 - 00000000 ____D C:\Users\Ben\AppData\Local\{81F31D8C-0C7C-47B0-AB73-AC3354EE0D86}
2013-05-22 03:37 - 2013-05-22 03:37 - 00000000 ____D C:\Users\Ben\AppData\Local\{39A720ED-CAD2-4F56-BD27-5F945ED252E6}
2013-05-21 12:59 - 2013-05-21 12:59 - 10484230 ____A C:\Users\Ben\Downloads\NVTC 1_3_2-42653-1-3-2.7z
2013-05-21 12:30 - 2013-05-21 12:30 - 00000000 ____D C:\Users\Ben\AppData\Local\{095099B8-43F2-475C-A670-2B9C6C231317}
2013-05-20 16:16 - 2013-05-20 16:16 - 00000000 ____D C:\Users\Ben\AppData\Local\{5EDCB527-47E8-4173-B110-F42EF7BF0977}
2013-05-20 12:28 - 2013-05-20 12:28 - 00000000 ____D C:\Users\Ben\AppData\Local\{0775BA60-0B22-44F0-A8AD-E16FC542DCC7}
 
==================== One Month Modified Files and Folders =======
 
2013-06-19 18:52 - 2013-06-19 18:52 - 00000000 ____D C:\FRST
2013-06-19 14:23 - 2011-07-07 00:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-19 14:23 - 2009-07-13 20:51 - 55921676 ____A C:\Windows\setupact.log
2013-06-19 14:20 - 2011-10-07 15:10 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 14:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 19:35 - 2013-06-16 19:35 - 02019327 ____A C:\Users\Ben\AppData\Roaming\2433f433
2013-06-16 19:35 - 2013-06-16 19:35 - 02019305 ____A C:\ProgramData\2433f433
2013-06-16 19:35 - 2013-06-16 19:35 - 02019302 ____A C:\Users\Ben\AppData\Local\2433f433
2013-06-16 19:23 - 2011-07-08 13:59 - 01571795 ____A C:\Windows\WindowsUpdate.log
2013-06-16 19:22 - 2012-07-02 13:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-16 19:18 - 2013-06-15 12:32 - 00000000 ____D C:\Users\Ben\AppData\Local\The Witcher
2013-06-16 19:05 - 2011-07-17 14:41 - 00000000 ____D C:\Users\Ben\AppData\Local\PhoenixViewer
2013-06-16 18:57 - 2011-10-07 15:10 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-16 16:41 - 2013-06-16 04:41 - 00000000 ____D C:\Users\Ben\AppData\Local\{A4381A6E-5510-49CE-9937-FB4A98D1397C}
2013-06-16 16:23 - 2011-07-09 13:12 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-16 11:01 - 2013-04-01 10:26 - 00000272 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-06-16 07:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-16 05:04 - 2013-06-15 12:32 - 00000000 ____D C:\Users\Ben\Documents\The Witcher
2013-06-16 04:48 - 2009-07-13 20:45 - 00021904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-16 04:48 - 2009-07-13 20:45 - 00021904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-16 04:40 - 2011-09-04 07:24 - 00000000 ____D C:\Users\Ben\Tracing
2013-06-15 21:02 - 2012-10-28 06:27 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-15 14:15 - 2012-06-21 03:02 - 00000000 ____D C:\Users\Ben\AppData\Local\TSVNCache
2013-06-15 12:32 - 2011-07-07 06:10 - 00202907 ____A C:\Windows\DirectX.log
2013-06-15 12:29 - 2013-06-15 12:29 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2013-06-15 10:23 - 2012-07-02 13:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-15 10:23 - 2011-07-17 15:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-15 09:13 - 2013-06-15 09:12 - 00000000 ____D C:\Users\Ben\AppData\Local\{957E6496-FFD6-4801-B94F-7E6CCC7A1AB7}
2013-06-14 23:16 - 2012-04-26 12:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-14 23:16 - 2012-04-26 12:47 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype
2013-06-14 23:16 - 2012-04-26 12:47 - 00000000 ____D C:\ProgramData\Skype
2013-06-14 23:16 - 2011-10-07 15:10 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-14 23:16 - 2011-07-17 15:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-06-14 23:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-06-14 23:16 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-14 19:19 - 2013-06-14 19:19 - 00000000 ____D C:\Users\Ben\AppData\Local\{338DCC1C-F45C-4953-9BBE-C666B873C762}
2013-06-14 19:18 - 2011-07-08 13:51 - 00000000 ____D C:\users\Ben
2013-06-14 17:56 - 2013-06-14 17:56 - 00000000 ____D C:\Users\Ben\AppData\Local\{58A827F8-623C-452C-84E5-6740678AFBB6}
2013-06-13 12:37 - 2013-06-13 12:36 - 00000000 ____D C:\Users\Ben\AppData\Local\{F504C2DE-BD8C-4872-8619-0F7C7E26673A}
2013-06-12 17:49 - 2013-06-12 17:48 - 00000000 ____D C:\Users\Ben\AppData\Local\{C5B53F7E-1D3E-43F8-AB0B-A4CA69892845}
2013-06-11 13:23 - 2013-06-11 13:23 - 00000000 ____D C:\Users\Ben\AppData\Local\{1522EB91-ED30-41BC-93C1-63D1127275AE}
2013-06-10 14:48 - 2013-06-10 14:48 - 00000000 ____D C:\Users\Ben\AppData\Local\{93C667C4-E572-4B6D-8526-DD93DFFBCFE8}
2013-06-09 17:01 - 2013-06-08 04:58 - 00000000 ____D C:\Users\Ben\AppData\Local\{AC522653-D4B1-4403-A03B-3A8BA5EA5C10}
2013-06-09 05:46 - 2011-07-08 17:01 - 00000000 ____D C:\Users\Ben\Documents\My Games
2013-06-08 21:36 - 2013-04-01 16:21 - 00000000 ____D C:\Users\Ben\Desktop\+++Alpha+++
2013-06-08 21:35 - 2013-06-08 21:14 - 195758212 ____A C:\Users\Ben\Downloads\SexSlaveClassmate.part2.rar
2013-06-08 21:35 - 2013-06-08 19:23 - 209000000 ____A C:\Users\Ben\Downloads\SexSlaveClassmate.part1.rar
2013-06-08 17:10 - 2011-08-06 08:44 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-08 06:08 - 2013-06-15 21:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-15 21:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-15 21:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-15 21:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-15 21:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 05:19 - 2013-06-08 05:05 - 124330442 ____A C:\Users\Ben\Downloads\OrionHeart.part2.rar
2013-06-08 05:10 - 2011-10-25 18:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-06-08 04:50 - 2013-06-08 04:50 - 00000000 ____D C:\Users\Ben\AppData\Local\{E51BECFB-5E7E-4CA9-BF81-DF3ADB78C652}
2013-06-08 04:28 - 2013-06-15 21:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-15 21:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-15 21:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-15 21:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-15 21:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:40 - 2013-06-15 21:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:13 - 2013-06-15 21:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-05 17:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-05 17:33 - 2013-06-05 17:33 - 00000000 ____D C:\Users\Ben\AppData\Local\{0D504733-142A-49BC-87B8-95307588A367}
2013-06-04 19:26 - 2013-06-04 19:26 - 00000000 ____D C:\Users\Ben\AppData\Local\{82E2095C-FEE1-4301-B16D-4DE6BCDD1DE3}
2013-06-04 16:17 - 2013-06-04 16:17 - 00000000 ____D C:\Users\Ben\AppData\Local\{4CD47C4B-182A-4454-8876-A83756D659B0}
2013-06-03 14:56 - 2013-06-03 14:56 - 00000000 ____D C:\Users\Ben\AppData\Local\{5A3F7074-ED7E-44EE-BCB1-C42A2C263E2F}
2013-06-02 19:27 - 2013-06-02 19:27 - 00000000 ____D C:\Users\Ben\AppData\Local\{00310121-DC85-4306-8011-79917AFAE5D1}
2013-06-02 19:26 - 2010-11-20 19:47 - 00049258 ____A C:\Windows\PFRO.log
2013-06-02 19:01 - 2013-06-02 18:30 - 00000310 ____A C:\ProgramData\bddafcabecddfgfdgfdgdfg.cfg
2013-06-02 18:47 - 2013-06-02 18:47 - 00027648 ____A C:\ProgramData\neqfctfctwinrkd
2013-06-02 18:36 - 2013-06-02 18:36 - 00111616 ____A C:\ProgramData\mtpnboidqibxnut
2013-06-02 18:30 - 2013-06-02 18:30 - 00093696 ____A C:\ProgramData\bytcyckoujtvsic
2013-06-02 18:27 - 2013-06-02 18:27 - 00000000 ____D C:\Microsoft_SDK
2013-06-02 17:28 - 2013-06-02 17:28 - 00000000 ____D C:\Users\Ben\AppData\Local\{D4DD9CBD-EC51-4284-B3B0-19483A1D379F}
2013-06-01 17:43 - 2013-06-01 17:43 - 00000000 ____D C:\Users\Ben\AppData\Local\{4CC7644F-B8C8-4790-BEDD-F59E12F718DF}
2013-05-30 19:02 - 2013-05-30 18:02 - 00000000 ____D C:\Windows\System32\appmgmt
2013-05-30 18:36 - 2013-05-30 18:36 - 02250054 ____A C:\ProgramData\1.bmp
2013-05-30 18:02 - 2013-05-17 20:26 - 00000000 ____D C:\ProgramData\coNtinuuetosave
2013-05-30 18:02 - 2013-04-28 06:47 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-05-30 18:02 - 2013-04-01 10:25 - 00000000 ____D C:\ProgramData\InstallMate
2013-05-30 15:22 - 2013-05-30 15:20 - 00000000 ____D C:\Users\Ben\AppData\Local\{5F2CA931-FC1C-4331-AFEA-2E5C73E5F2A2}
2013-05-29 18:11 - 2013-05-29 18:10 - 00000000 ____D C:\Users\Ben\AppData\Local\{650CF599-85DD-40D0-AEE5-480395EE0C95}
2013-05-29 03:07 - 2013-05-29 03:07 - 00000000 ____D C:\Users\Ben\AppData\Local\{9A002C5F-BC50-4D7F-8E82-B00273B29145}
2013-05-28 15:26 - 2013-05-28 15:26 - 00000000 ____D C:\Users\Ben\AppData\Local\{22113B23-6E2C-4446-BB36-D80941C226C4}
2013-05-28 03:07 - 2013-05-28 03:07 - 00000000 ____D C:\Users\Ben\AppData\Local\{0EB21378-5F98-4588-B921-49B3CFD22281}
2013-05-27 11:25 - 2013-05-27 11:25 - 00000000 ____D C:\Users\Ben\AppData\Local\{663442A5-29CD-4C59-B8F7-5FA80FD694F1}
2013-05-27 04:37 - 2013-05-27 04:37 - 00000000 ____D C:\Users\Ben\AppData\Local\{5BA57D7D-C01F-4459-A29F-0D5EA28F002C}
2013-05-26 06:02 - 2013-05-26 06:02 - 00000000 ____D C:\Users\Ben\AppData\Local\{EA5AB753-90A3-4C90-8D0D-24CEA8DDCCFA}
2013-05-25 20:59 - 2013-05-25 20:59 - 00000000 ____D C:\Users\Ben\Desktop\sandbox_1_2
2013-05-25 19:15 - 2013-05-25 19:15 - 00000000 ____D C:\Users\Ben\AppData\Local\{A13633BB-A1F7-45E8-9DDB-AC2E3E29A2C0}
2013-05-25 08:04 - 2013-05-25 08:04 - 00000000 ____D C:\Users\Ben\AppData\Local\{66ADBE85-D9B3-4144-AF13-EE77518A2C2D}
2013-05-25 06:37 - 2013-05-25 06:37 - 00000000 ____D C:\Users\Ben\AppData\Local\{3C7F4A6A-BBBE-4CA3-856A-21C92090E449}
2013-05-24 19:00 - 2013-05-24 19:00 - 00001111 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-24 19:00 - 2013-05-24 19:00 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Mozilla
2013-05-24 19:00 - 2013-05-24 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 18:59 - 2013-05-22 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 18:37 - 2013-05-24 18:34 - 00000000 ____D C:\Users\Ben\AppData\Local\{933AEDEB-69D8-45FF-96B2-08A0AD880A98}
2013-05-24 12:48 - 2013-05-24 12:48 - 00000000 ____D C:\Users\Ben\AppData\Local\{A7B8F632-1145-4206-990E-88483C772DBA}
2013-05-23 17:54 - 2013-05-23 17:51 - 00000000 ____D C:\Users\Ben\AppData\Local\{4DE865AB-719B-421A-AA0A-C650EE27165A}
2013-05-23 12:31 - 2013-05-23 12:31 - 00000000 ____D C:\Users\Ben\AppData\Local\{B4E07A36-4834-4CA2-BD2D-6D076FFA0725}
2013-05-23 03:42 - 2013-05-23 03:42 - 00000000 ____D C:\Users\Ben\AppData\Local\{167D02FE-A705-41F4-8A26-F17CD19F9609}
2013-05-22 12:31 - 2013-05-22 12:31 - 00000000 ____D C:\Users\Ben\AppData\Local\{81F31D8C-0C7C-47B0-AB73-AC3354EE0D86}
2013-05-22 03:37 - 2013-05-22 03:37 - 00000000 ____D C:\Users\Ben\AppData\Local\{39A720ED-CAD2-4F56-BD27-5F945ED252E6}
2013-05-21 12:59 - 2013-05-21 12:59 - 10484230 ____A C:\Users\Ben\Downloads\NVTC 1_3_2-42653-1-3-2.7z
2013-05-21 12:30 - 2013-05-21 12:30 - 00000000 ____D C:\Users\Ben\AppData\Local\{095099B8-43F2-475C-A670-2B9C6C231317}
2013-05-20 16:16 - 2013-05-20 16:16 - 00000000 ____D C:\Users\Ben\AppData\Local\{5EDCB527-47E8-4173-B110-F42EF7BF0977}
2013-05-20 12:28 - 2013-05-20 12:28 - 00000000 ____D C:\Users\Ben\AppData\Local\{0775BA60-0B22-44F0-A8AD-E16FC542DCC7}
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4087.05 MB
Available physical RAM: 3461.71 MB
Total Pagefile: 4085.25 MB
Available Pagefile: 3469.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:37.08 GB) NTFS (Disk=0 Partition=2)
Drive e: (Sims3EP02) (CDROM) (Total:4.6 GB) (Free:0 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:14.43 GB) (Free:13.03 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 36B1BED9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14 GB) (Disk ID: 336F6601)
Partition 1: (Not Active) - (Size=14 GB) - (Type=0B)
 
 
LastRegBack: 2013-06-14 19:55
 
==================== End Of Log ============================
Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

 

2013-05-30 18:36 - 2013-05-30 18:36 - 02250054 ____A C:\ProgramData\1.bmp
2013-05-30 18:02 - 2013-05-17 20:26 - 00000000 ____D C:\ProgramData\coNtinuuetosave
2013-05-30 18:02 - 2013-04-28 06:47 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-05-30 18:02 - 2013-04-01 10:25 - 00000000 ____D C:\ProgramData\InstallMate
2013-06-02 17:28 - 2013-06-02 17:28 - 00000000 ____D C:\Users\Ben\AppData\Local\{D4DD9CBD-EC51-4284-B3B0-19483A1D379F}
2013-06-01 17:43 - 2013-06-01 17:43 - 00000000 ____D C:\Users\Ben\AppData\Local\{4CC7644F-B8C8-4790-BEDD-F59E12F718DF}
2013-06-02 19:01 - 2013-06-02 18:30 - 00000310 ____A C:\ProgramData\bddafcabecddfgfdgfdgdfg.cfg
2013-06-02 18:47 - 2013-06-02 18:47 - 00027648 ____A C:\ProgramData\neqfctfctwinrkd
2013-06-02 18:36 - 2013-06-02 18:36 - 00111616 ____A C:\ProgramData\mtpnboidqibxnut
2013-06-02 18:30 - 2013-06-02 18:30 - 00093696 ____A C:\ProgramData\bytcyckoujtvsic
2013-06-19 14:20 - 2011-10-07 15:10 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 14:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-16 19:35 - 2013-06-16 19:35 - 02019327 ____A C:\Users\Ben\AppData\Roaming\2433f433
2013-06-16 19:35 - 2013-06-16 19:35 - 02019305 ____A C:\ProgramData\2433f433
2013-06-16 19:35 - 2013-06-16 19:35 - 02019302 ____A C:\Users\Ben\AppData\Local\2433f433
2013-06-02 18:47 - 2013-06-02 18:47 - 00027648 ____A C:\ProgramData\neqfctfctwinrkd
2013-06-02 18:36 - 2013-06-02 18:36 - 00111616 ____A C:\ProgramData\mtpnboidqibxnut
2013-06-02 18:30 - 2013-06-02 19:01 - 00000310 ____A C:\ProgramData\bddafcabecddfgfdgfdgdfg.cfg
2013-06-02 18:30 - 2013-06-02 18:30 - 00093696 ____A C:\ProgramData\bytcyckoujtvsic
HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
HKU\Ben\...\Run: [bddafcabecddfgfdgfdgdfg] "C:\ProgramData\bddafcabecddfgfdgfdgdfg.exe" [x]
HKU\Ben\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Ben\AppData\Local\Temp\nguspxuyhusaqsjqx.exe [55296 2013-06-16] (Mozilla Foundation)
HKU\Ben\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Ben\...\Command Processor: "C:\Users\Ben\AppData\Local\Temp\nguspxuyhusaqsjqx.exe" <===== ATTENTION!
HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

 

After that- are you able to boot into normal mode?

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

Thank you again, here is the log and yes I am able to start it in normal mode again you rule dude. 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2013 01
Ran by SYSTEM at 2013-06-19 20:10:53 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
 
C:\ProgramData\1.bmp => Moved successfully.
C:\ProgramData\coNtinuuetosave => Moved successfully.
C:\ProgramData\SearchNewTab => Moved successfully.
C:\ProgramData\InstallMate => Moved successfully.
C:\Users\Ben\AppData\Local\{D4DD9CBD-EC51-4284-B3B0-19483A1D379F} => Moved successfully.
C:\Users\Ben\AppData\Local\{4CC7644F-B8C8-4790-BEDD-F59E12F718DF} => Moved successfully.
C:\ProgramData\bddafcabecddfgfdgfdgdfg.cfg => Moved successfully.
C:\ProgramData\neqfctfctwinrkd => Moved successfully.
C:\ProgramData\mtpnboidqibxnut => Moved successfully.
C:\ProgramData\bytcyckoujtvsic => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\SA.DAT => Moved successfully.
C:\Users\Ben\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Ben\AppData\Local\2433f433 => Moved successfully.
C:\ProgramData\neqfctfctwinrkd => File/Directory not found.
C:\ProgramData\mtpnboidqibxnut => File/Directory not found.
C:\ProgramData\bddafcabecddfgfdgfdgdfg.cfg => File/Directory not found.
C:\ProgramData\bytcyckoujtvsic => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper => Value deleted successfully.
HKU\Ben\Software\Microsoft\Windows\CurrentVersion\Run\\bddafcabecddfgfdgfdgdfg => Value deleted successfully.
HKU\Ben\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Ben\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Ben\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper => Value not found.
 
==== End of Fixlog ====
Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Awesome. Let's start getting rid of the rest of it:

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

As per step 1 here is the log

20:47:22.0798 4824  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
20:47:23.0453 4824  ============================================================
20:47:23.0453 4824  Current date / time: 2013/06/19 20:47:23.0453
20:47:23.0453 4824  SystemInfo:
20:47:23.0453 4824 
20:47:23.0454 4824  OS Version: 6.1.7601 ServicePack: 1.0
20:47:23.0454 4824  Product type: Workstation
20:47:23.0454 4824  ComputerName: BEN-PC
20:47:23.0454 4824  UserName: Ben
20:47:23.0454 4824  Windows directory: C:\Windows
20:47:23.0454 4824  System windows directory: C:\Windows
20:47:23.0454 4824  Running under WOW64
20:47:23.0454 4824  Processor architecture: Intel x64
20:47:23.0454 4824  Number of processors: 4
20:47:23.0454 4824  Page size: 0x1000
20:47:23.0454 4824  Boot type: Normal boot
20:47:23.0454 4824  ============================================================
20:47:24.0872 4824  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:24.0875 4824  ============================================================
20:47:24.0875 4824  \Device\Harddisk0\DR0:
20:47:24.0875 4824  MBR partitions:
20:47:24.0875 4824  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:47:24.0875 4824  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:47:24.0875 4824  ============================================================
20:47:24.0886 4824  C: <-> \Device\Harddisk0\DR0\Partition2
20:47:24.0886 4824  ============================================================
20:47:24.0886 4824  Initialize success
20:47:24.0887 4824  ============================================================
20:47:27.0021 4440  ============================================================
20:47:27.0021 4440  Scan started
20:47:27.0021 4440  Mode: Manual;
20:47:27.0021 4440  ============================================================
20:47:27.0530 4440  ================ Scan system memory ========================
20:47:27.0530 4440  System memory - ok
20:47:27.0531 4440  ================ Scan services =============================
20:47:27.0631 4440  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:47:27.0634 4440  1394ohci - ok
20:47:27.0655 4440  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:47:27.0660 4440  ACPI - ok
20:47:27.0674 4440  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:47:27.0675 4440  AcpiPmi - ok
20:47:27.0756 4440  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:47:27.0758 4440  AdobeARMservice - ok
20:47:27.0894 4440  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:27.0898 4440  AdobeFlashPlayerUpdateSvc - ok
20:47:27.0941 4440  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:47:27.0948 4440  adp94xx - ok
20:47:27.0970 4440  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:47:27.0976 4440  adpahci - ok
20:47:27.0996 4440  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:47:27.0999 4440  adpu320 - ok
20:47:28.0040 4440  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:47:28.0042 4440  AeLookupSvc - ok
20:47:28.0091 4440  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:47:28.0098 4440  AFD - ok
20:47:28.0119 4440  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:47:28.0121 4440  agp440 - ok
20:47:28.0137 4440  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:47:28.0139 4440  ALG - ok
20:47:28.0152 4440  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:47:28.0153 4440  aliide - ok
20:47:28.0204 4440  [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
20:47:28.0210 4440  Amazon Download Agent - ok
20:47:28.0229 4440  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:47:28.0230 4440  amdide - ok
20:47:28.0236 4440  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:47:28.0240 4440  AmdK8 - ok
20:47:28.0260 4440  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:47:28.0262 4440  AmdPPM - ok
20:47:28.0299 4440  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:47:28.0301 4440  amdsata - ok
20:47:28.0310 4440  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:47:28.0313 4440  amdsbs - ok
20:47:28.0334 4440  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:47:28.0334 4440  amdxata - ok
20:47:28.0346 4440  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:47:28.0347 4440  AppID - ok
20:47:28.0361 4440  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:47:28.0363 4440  AppIDSvc - ok
20:47:28.0397 4440  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
20:47:28.0399 4440  Appinfo - ok
20:47:28.0437 4440  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:47:28.0441 4440  AppMgmt - ok
20:47:28.0460 4440  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:47:28.0461 4440  arc - ok
20:47:28.0478 4440  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:47:28.0480 4440  arcsas - ok
20:47:28.0582 4440  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:47:28.0584 4440  aspnet_state - ok
20:47:28.0612 4440  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:28.0613 4440  AsyncMac - ok
20:47:28.0640 4440  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:47:28.0641 4440  atapi - ok
20:47:28.0692 4440  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:47:28.0702 4440  AudioEndpointBuilder - ok
20:47:28.0725 4440  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:47:28.0731 4440  AudioSrv - ok
20:47:28.0740 4440  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:47:28.0742 4440  AxInstSV - ok
20:47:28.0771 4440  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:47:28.0776 4440  b06bdrv - ok
20:47:28.0815 4440  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:28.0818 4440  b57nd60a - ok
20:47:28.0847 4440  BBSvc - ok
20:47:28.0865 4440  BBUpdate - ok
20:47:28.0912 4440  [ 912E49ED3C14E00CB9613884A3B957D0 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
20:47:28.0920 4440  BCMH43XX - ok
20:47:28.0934 4440  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:47:28.0936 4440  BDESVC - ok
20:47:28.0948 4440  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:47:28.0949 4440  Beep - ok
20:47:28.0986 4440  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:47:28.0996 4440  BITS - ok
20:47:29.0014 4440  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:29.0015 4440  blbdrive - ok
20:47:29.0044 4440  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:47:29.0045 4440  bowser - ok
20:47:29.0056 4440  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:47:29.0057 4440  BrFiltLo - ok
20:47:29.0063 4440  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:47:29.0064 4440  BrFiltUp - ok
20:47:29.0100 4440  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:47:29.0102 4440  Browser - ok
20:47:29.0123 4440  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:47:29.0127 4440  Brserid - ok
20:47:29.0142 4440  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:29.0143 4440  BrSerWdm - ok
20:47:29.0161 4440  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:29.0162 4440  BrUsbMdm - ok
20:47:29.0166 4440  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:29.0167 4440  BrUsbSer - ok
20:47:29.0181 4440  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:47:29.0284 4440  BTHMODEM - ok
20:47:29.0339 4440  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:47:29.0367 4440  bthserv - ok
20:47:29.0431 4440  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:47:29.0433 4440  cdfs - ok
20:47:29.0456 4440  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:47:29.0459 4440  cdrom - ok
20:47:29.0490 4440  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:47:29.0492 4440  CertPropSvc - ok
20:47:29.0512 4440  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:47:29.0514 4440  circlass - ok
20:47:29.0533 4440  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:47:29.0539 4440  CLFS - ok
20:47:29.0588 4440  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:29.0591 4440  clr_optimization_v2.0.50727_32 - ok
20:47:29.0617 4440  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:29.0619 4440  clr_optimization_v2.0.50727_64 - ok
20:47:29.0664 4440  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:29.0666 4440  clr_optimization_v4.0.30319_32 - ok
20:47:29.0680 4440  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:47:29.0683 4440  clr_optimization_v4.0.30319_64 - ok
20:47:29.0710 4440  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:47:29.0711 4440  CmBatt - ok
20:47:29.0724 4440  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:47:29.0726 4440  cmdide - ok
20:47:29.0753 4440  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:47:29.0760 4440  CNG - ok
20:47:29.0776 4440  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:47:29.0777 4440  Compbatt - ok
20:47:29.0813 4440  [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64    C:\Windows\system32\DRIVERS\lvbflt64.sys
20:47:29.0814 4440  CompFilter64 - ok
20:47:29.0827 4440  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:47:29.0829 4440  CompositeBus - ok
20:47:29.0837 4440  COMSysApp - ok
20:47:29.0862 4440  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:47:29.0863 4440  crcdisk - ok
20:47:29.0922 4440  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:47:29.0924 4440  Creative ALchemy AL6 Licensing Service - ok
20:47:29.0972 4440  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
20:47:29.0973 4440  Creative Audio Engine Licensing Service - ok
20:47:30.0017 4440  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:47:30.0019 4440  CryptSvc - ok
20:47:30.0053 4440  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:47:30.0061 4440  CSC - ok
20:47:30.0078 4440  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:47:30.0085 4440  CscService - ok
20:47:30.0140 4440  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
20:47:30.0231 4440  CTAudSvcService - ok
20:47:30.0257 4440  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:47:30.0262 4440  DcomLaunch - ok
20:47:30.0295 4440  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:47:30.0298 4440  defragsvc - ok
20:47:30.0363 4440  [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
20:47:30.0365 4440  Desura Install Service - ok
20:47:30.0377 4440  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:47:30.0379 4440  DfsC - ok
20:47:30.0390 4440  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:47:30.0395 4440  Dhcp - ok
20:47:30.0405 4440  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:47:30.0406 4440  discache - ok
20:47:30.0428 4440  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:47:30.0430 4440  Disk - ok
20:47:30.0463 4440  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
20:47:30.0465 4440  dmvsc - ok
20:47:30.0496 4440  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:47:30.0499 4440  Dnscache - ok
20:47:30.0527 4440  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:47:30.0532 4440  dot3svc - ok
20:47:30.0543 4440  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:47:30.0547 4440  DPS - ok
20:47:30.0585 4440  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:47:30.0586 4440  drmkaud - ok
20:47:30.0628 4440  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:47:30.0642 4440  DXGKrnl - ok
20:47:30.0657 4440  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:47:30.0659 4440  EapHost - ok
20:47:30.0716 4440  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:47:30.0759 4440  ebdrv - ok
20:47:30.0790 4440  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:47:30.0791 4440  EFS - ok
20:47:30.0835 4440  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:47:30.0846 4440  ehRecvr - ok
20:47:30.0862 4440  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:47:30.0864 4440  ehSched - ok
20:47:30.0884 4440  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:47:30.0890 4440  elxstor - ok
20:47:30.0902 4440  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:47:30.0903 4440  ErrDev - ok
20:47:30.0937 4440  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:47:30.0941 4440  EventSystem - ok
20:47:30.0960 4440  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:47:30.0963 4440  exfat - ok
20:47:30.0977 4440  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:47:30.0979 4440  fastfat - ok
20:47:31.0018 4440  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:47:31.0029 4440  Fax - ok
20:47:31.0043 4440  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:47:31.0044 4440  fdc - ok
20:47:31.0059 4440  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:47:31.0060 4440  fdPHost - ok
20:47:31.0072 4440  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:47:31.0073 4440  FDResPub - ok
20:47:31.0082 4440  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:47:31.0083 4440  FileInfo - ok
20:47:31.0096 4440  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:47:31.0098 4440  Filetrace - ok
20:47:31.0116 4440  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:47:31.0117 4440  flpydisk - ok
20:47:31.0138 4440  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:47:31.0141 4440  FltMgr - ok
20:47:31.0190 4440  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:47:31.0203 4440  FontCache - ok
20:47:31.0240 4440  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:31.0241 4440  FontCache3.0.0.0 - ok
20:47:31.0253 4440  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:47:31.0254 4440  FsDepends - ok
20:47:31.0287 4440  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:47:31.0288 4440  Fs_Rec - ok
20:47:31.0342 4440  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:47:31.0344 4440  fvevol - ok
20:47:31.0373 4440  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:47:31.0375 4440  gagp30kx - ok
20:47:31.0424 4440  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:47:31.0434 4440  gpsvc - ok
20:47:31.0528 4440  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:47:31.0531 4440  gupdate - ok
20:47:31.0552 4440  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:47:31.0554 4440  gupdatem - ok
20:47:31.0611 4440  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:47:31.0616 4440  gusvc - ok
20:47:31.0635 4440  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:47:31.0636 4440  hcw85cir - ok
20:47:31.0680 4440  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:47:31.0686 4440  HdAudAddService - ok
20:47:31.0703 4440  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:47:31.0704 4440  HDAudBus - ok
20:47:31.0724 4440  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:47:31.0725 4440  HidBatt - ok
20:47:31.0747 4440  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:47:31.0749 4440  HidBth - ok
20:47:31.0770 4440  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:47:31.0772 4440  HidIr - ok
20:47:31.0783 4440  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:47:31.0785 4440  hidserv - ok
20:47:31.0804 4440  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:47:31.0805 4440  HidUsb - ok
20:47:31.0827 4440  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:47:31.0830 4440  hkmsvc - ok
20:47:31.0845 4440  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:47:31.0849 4440  HomeGroupListener - ok
20:47:31.0879 4440  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:47:31.0883 4440  HomeGroupProvider - ok
20:47:31.0895 4440  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:47:31.0897 4440  HpSAMD - ok
20:47:31.0925 4440  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:47:31.0935 4440  HTTP - ok
20:47:31.0950 4440  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:47:31.0950 4440  hwpolicy - ok
20:47:31.0978 4440  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:47:31.0980 4440  i8042prt - ok
20:47:32.0014 4440  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:47:32.0020 4440  iaStorV - ok
20:47:32.0085 4440  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:47:32.0086 4440  IDriverT - ok
20:47:32.0140 4440  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:32.0152 4440  idsvc - ok
20:47:32.0220 4440  [ 23E1BCADABE423C35C19BBDFF10CCE6D ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
20:47:32.0224 4440  IHA_MessageCenter - ok
20:47:32.0241 4440  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:47:32.0242 4440  iirsp - ok
20:47:32.0294 4440  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:47:32.0308 4440  IKEEXT - ok
20:47:32.0336 4440  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:47:32.0337 4440  intelide - ok
20:47:32.0366 4440  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:47:32.0366 4440  intelppm - ok
20:47:32.0377 4440  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:47:32.0379 4440  IPBusEnum - ok
20:47:32.0395 4440  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:32.0397 4440  IpFilterDriver - ok
20:47:32.0415 4440  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:47:32.0417 4440  IPMIDRV - ok
20:47:32.0434 4440  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:47:32.0436 4440  IPNAT - ok
20:47:32.0460 4440  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:47:32.0461 4440  IRENUM - ok
20:47:32.0480 4440  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:47:32.0481 4440  isapnp - ok
20:47:32.0516 4440  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:47:32.0520 4440  iScsiPrt - ok
20:47:32.0549 4440  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:32.0550 4440  kbdclass - ok
20:47:32.0561 4440  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:32.0562 4440  kbdhid - ok
20:47:32.0581 4440  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:47:32.0583 4440  KeyIso - ok
20:47:32.0607 4440  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:47:32.0608 4440  KSecDD - ok
20:47:32.0623 4440  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:47:32.0625 4440  KSecPkg - ok
20:47:32.0641 4440  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:47:32.0642 4440  ksthunk - ok
20:47:32.0688 4440  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:47:32.0695 4440  KtmRm - ok
20:47:32.0736 4440  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:47:32.0741 4440  LanmanServer - ok
20:47:32.0765 4440  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:47:32.0770 4440  LanmanWorkstation - ok
20:47:32.0796 4440  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:47:32.0797 4440  lltdio - ok
20:47:32.0832 4440  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:47:32.0838 4440  lltdsvc - ok
20:47:32.0873 4440  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:47:32.0875 4440  lmhosts - ok
20:47:32.0909 4440  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:47:32.0912 4440  LSI_FC - ok
20:47:32.0930 4440  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:47:32.0933 4440  LSI_SAS - ok
20:47:32.0946 4440  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:47:32.0948 4440  LSI_SAS2 - ok
20:47:32.0970 4440  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:47:32.0972 4440  LSI_SCSI - ok
20:47:32.0991 4440  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:47:32.0993 4440  luafv - ok
20:47:33.0025 4440  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
20:47:33.0031 4440  LVRS64 - ok
20:47:33.0139 4440  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
20:47:33.0225 4440  LVUVC64 - ok
20:47:33.0256 4440  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:47:33.0258 4440  Mcx2Svc - ok
20:47:33.0276 4440  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:47:33.0277 4440  megasas - ok
20:47:33.0293 4440  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:47:33.0296 4440  MegaSR - ok
20:47:33.0320 4440  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:47:33.0322 4440  MMCSS - ok
20:47:33.0337 4440  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:47:33.0338 4440  Modem - ok
20:47:33.0355 4440  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:47:33.0355 4440  monitor - ok
20:47:33.0384 4440  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:47:33.0386 4440  mouclass - ok
20:47:33.0405 4440  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:47:33.0406 4440  mouhid - ok
20:47:33.0417 4440  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:47:33.0419 4440  mountmgr - ok
20:47:33.0486 4440  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:47:33.0488 4440  MozillaMaintenance - ok
20:47:33.0538 4440  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:47:33.0542 4440  MpFilter - ok
20:47:33.0556 4440  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:47:33.0559 4440  mpio - ok
20:47:33.0579 4440  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:47:33.0580 4440  mpsdrv - ok
20:47:33.0614 4440  MREMP50 - ok
20:47:33.0648 4440  MREMP50a64 - ok
20:47:33.0656 4440  MREMPR5 - ok
20:47:33.0670 4440  MRENDIS5 - ok
20:47:33.0708 4440  MRESP50 - ok
20:47:33.0716 4440  MRESP50a64 - ok
20:47:33.0738 4440  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:47:33.0741 4440  MRxDAV - ok
20:47:33.0767 4440  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:33.0769 4440  mrxsmb - ok
20:47:33.0803 4440  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:33.0806 4440  mrxsmb10 - ok
20:47:33.0822 4440  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:33.0824 4440  mrxsmb20 - ok
20:47:33.0839 4440  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:47:33.0840 4440  msahci - ok
20:47:33.0854 4440  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:47:33.0856 4440  msdsm - ok
20:47:33.0866 4440  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:47:33.0869 4440  MSDTC - ok
20:47:33.0885 4440  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:47:33.0886 4440  Msfs - ok
20:47:33.0906 4440  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:47:33.0907 4440  mshidkmdf - ok
20:47:33.0915 4440  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:47:33.0915 4440  msisadrv - ok
20:47:33.0944 4440  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:47:33.0947 4440  MSiSCSI - ok
20:47:33.0951 4440  msiserver - ok
20:47:33.0981 4440  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:47:33.0982 4440  MSKSSRV - ok
20:47:34.0029 4440  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:47:34.0030 4440  MsMpSvc - ok
20:47:34.0056 4440  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:34.0056 4440  MSPCLOCK - ok
20:47:34.0072 4440  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:47:34.0074 4440  MSPQM - ok
20:47:34.0101 4440  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:47:34.0105 4440  MsRPC - ok
20:47:34.0119 4440  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:47:34.0120 4440  mssmbios - ok
20:47:34.0133 4440  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:47:34.0134 4440  MSTEE - ok
20:47:34.0151 4440  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:47:34.0152 4440  MTConfig - ok
20:47:34.0184 4440  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:47:34.0185 4440  MTsensor - ok
20:47:34.0201 4440  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:47:34.0202 4440  Mup - ok
20:47:34.0236 4440  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:47:34.0242 4440  napagent - ok
20:47:34.0272 4440  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:47:34.0276 4440  NativeWifiP - ok
20:47:34.0326 4440  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:47:34.0336 4440  NDIS - ok
20:47:34.0357 4440  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:34.0358 4440  NdisCap - ok
20:47:34.0380 4440  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:34.0381 4440  NdisTapi - ok
20:47:34.0393 4440  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:34.0395 4440  Ndisuio - ok
20:47:34.0414 4440  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:34.0417 4440  NdisWan - ok
20:47:34.0432 4440  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:47:34.0474 4440  NDProxy - ok
20:47:34.0510 4440  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:47:34.0511 4440  NetBIOS - ok
20:47:34.0565 4440  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:47:34.0628 4440  NetBT - ok
20:47:34.0648 4440  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:47:34.0650 4440  Netlogon - ok
20:47:34.0689 4440  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:47:34.0696 4440  Netman - ok
20:47:34.0731 4440  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:34.0733 4440  NetMsmqActivator - ok
20:47:34.0740 4440  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:34.0742 4440  NetPipeActivator - ok
20:47:34.0768 4440  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:47:34.0774 4440  netprofm - ok
20:47:34.0779 4440  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:34.0780 4440  NetTcpActivator - ok
20:47:34.0785 4440  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:34.0787 4440  NetTcpPortSharing - ok
20:47:34.0804 4440  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:47:34.0805 4440  nfrd960 - ok
20:47:34.0828 4440  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:47:34.0830 4440  NisDrv - ok
20:47:34.0867 4440  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:47:34.0871 4440  NisSrv - ok
20:47:34.0908 4440  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:47:34.0913 4440  NlaSvc - ok
20:47:34.0935 4440  [ 3CEEE0BE85D24D911B9C02714817774C ] NPF             C:\Windows\system32\DRIVERS\npf.sys
20:47:34.0937 4440  NPF - ok
20:47:34.0952 4440  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:47:34.0953 4440  Npfs - ok
20:47:34.0981 4440  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:47:34.0984 4440  nsi - ok
20:47:35.0001 4440  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:47:35.0001 4440  nsiproxy - ok
20:47:35.0056 4440  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:47:35.0090 4440  Ntfs - ok
20:47:35.0104 4440  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:47:35.0105 4440  Null - ok
20:47:35.0294 4440  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:47:35.0446 4440  nvlddmkm - ok
20:47:35.0475 4440  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:47:35.0477 4440  nvraid - ok
20:47:35.0492 4440  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:47:35.0494 4440  nvstor - ok
20:47:35.0532 4440  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:47:35.0544 4440  nvsvc - ok
20:47:35.0608 4440  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:47:35.0632 4440  nvUpdatusService - ok
20:47:35.0649 4440  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:47:35.0651 4440  nv_agp - ok
20:47:35.0665 4440  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:47:35.0667 4440  ohci1394 - ok
20:47:35.0699 4440  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:47:35.0704 4440  p2pimsvc - ok
20:47:35.0741 4440  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:47:35.0747 4440  p2psvc - ok
20:47:35.0762 4440  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
20:47:35.0764 4440  Parport - ok
20:47:35.0797 4440  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:47:35.0798 4440  partmgr - ok
20:47:35.0811 4440  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:47:35.0814 4440  PcaSvc - ok
20:47:35.0840 4440  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:47:35.0842 4440  pci - ok
20:47:35.0867 4440  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:47:35.0868 4440  pciide - ok
20:47:35.0881 4440  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:47:35.0885 4440  pcmcia - ok
20:47:35.0901 4440  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:47:35.0902 4440  pcw - ok
20:47:35.0921 4440  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:47:35.0928 4440  PEAUTH - ok
20:47:35.0978 4440  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:47:36.0000 4440  PeerDistSvc - ok
20:47:36.0075 4440  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:47:36.0077 4440  PerfHost - ok
20:47:36.0118 4440  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:47:36.0154 4440  pla - ok
20:47:36.0196 4440  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:47:36.0204 4440  PlugPlay - ok
20:47:36.0233 4440  PnkBstrA - ok
20:47:36.0248 4440  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:47:36.0251 4440  PNRPAutoReg - ok
20:47:36.0266 4440  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:47:36.0271 4440  PNRPsvc - ok
20:47:36.0303 4440  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:47:36.0311 4440  PolicyAgent - ok
20:47:36.0344 4440  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:47:36.0347 4440  Power - ok
20:47:36.0388 4440  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:47:36.0390 4440  PptpMiniport - ok
20:47:36.0416 4440  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:47:36.0418 4440  Processor - ok
20:47:36.0448 4440  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:47:36.0453 4440  ProfSvc - ok
20:47:36.0465 4440  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:47:36.0467 4440  ProtectedStorage - ok
20:47:36.0490 4440  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:47:36.0492 4440  Psched - ok
20:47:36.0530 4440  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:47:36.0558 4440  ql2300 - ok
20:47:36.0575 4440  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:47:36.0577 4440  ql40xx - ok
20:47:36.0606 4440  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:47:36.0610 4440  QWAVE - ok
20:47:36.0625 4440  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:47:36.0626 4440  QWAVEdrv - ok
20:47:36.0638 4440  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:47:36.0639 4440  RasAcd - ok
20:47:36.0664 4440  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:47:36.0665 4440  RasAgileVpn - ok
20:47:36.0676 4440  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:47:36.0678 4440  RasAuto - ok
20:47:36.0688 4440  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:36.0690 4440  Rasl2tp - ok
20:47:36.0710 4440  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:47:36.0713 4440  RasMan - ok
20:47:36.0726 4440  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:36.0727 4440  RasPppoe - ok
20:47:36.0739 4440  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:47:36.0740 4440  RasSstp - ok
20:47:36.0752 4440  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:47:36.0754 4440  rdbss - ok
20:47:36.0760 4440  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:47:36.0761 4440  rdpbus - ok
20:47:36.0770 4440  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:36.0770 4440  RDPCDD - ok
20:47:36.0797 4440  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:47:36.0799 4440  RDPDR - ok
20:47:36.0819 4440  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:47:36.0820 4440  RDPENCDD - ok
20:47:36.0825 4440  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:47:36.0825 4440  RDPREFMP - ok
20:47:36.0859 4440  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:47:36.0861 4440  RDPWD - ok
20:47:36.0879 4440  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:47:36.0881 4440  rdyboost - ok
20:47:36.0908 4440  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:47:36.0910 4440  RemoteAccess - ok
20:47:36.0918 4440  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:47:36.0920 4440  RemoteRegistry - ok
20:47:36.0949 4440  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:47:36.0951 4440  RpcEptMapper - ok
20:47:36.0981 4440  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:47:36.0982 4440  RpcLocator - ok
20:47:37.0015 4440  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:47:37.0018 4440  RpcSs - ok
20:47:37.0028 4440  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:47:37.0029 4440  rspndr - ok
20:47:37.0053 4440  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:47:37.0055 4440  RTL8167 - ok
20:47:37.0071 4440  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:47:37.0072 4440  s3cap - ok
20:47:37.0089 4440  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:47:37.0090 4440  SamSs - ok
20:47:37.0108 4440  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:47:37.0109 4440  sbp2port - ok
20:47:37.0128 4440  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:47:37.0131 4440  SCardSvr - ok
20:47:37.0138 4440  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:47:37.0139 4440  scfilter - ok
20:47:37.0161 4440  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:47:37.0171 4440  Schedule - ok
20:47:37.0214 4440  [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
20:47:37.0214 4440  SCMNdisP - ok
20:47:37.0248 4440  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:47:37.0249 4440  SCPolicySvc - ok
20:47:37.0264 4440  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:47:37.0269 4440  SDRSVC - ok
20:47:37.0288 4440  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:47:37.0289 4440  secdrv - ok
20:47:37.0297 4440  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:47:37.0300 4440  seclogon - ok
20:47:37.0330 4440  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:47:37.0332 4440  SENS - ok
20:47:37.0339 4440  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:47:37.0341 4440  SensrSvc - ok
20:47:37.0351 4440  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:47:37.0352 4440  Serenum - ok
20:47:37.0381 4440  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
20:47:37.0382 4440  Serial - ok
20:47:37.0398 4440  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:47:37.0399 4440  sermouse - ok
20:47:37.0424 4440  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:47:37.0426 4440  SessionEnv - ok
20:47:37.0439 4440  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:47:37.0440 4440  sffdisk - ok
20:47:37.0450 4440  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:47:37.0451 4440  sffp_mmc - ok
20:47:37.0470 4440  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:47:37.0471 4440  sffp_sd - ok
20:47:37.0481 4440  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:47:37.0482 4440  sfloppy - ok
20:47:37.0506 4440  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:47:37.0511 4440  SharedAccess - ok
20:47:37.0527 4440  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:47:37.0532 4440  ShellHWDetection - ok
20:47:37.0551 4440  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:47:37.0552 4440  SiSRaid2 - ok
20:47:37.0574 4440  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:47:37.0576 4440  SiSRaid4 - ok
20:47:37.0729 4440  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:47:37.0815 4440  Skype C2C Service - ok
20:47:37.0894 4440  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:47:37.0896 4440  SkypeUpdate - ok
20:47:37.0919 4440  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:47:37.0922 4440  Smb - ok
20:47:37.0965 4440  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:47:37.0968 4440  SNMPTRAP - ok
20:47:37.0976 4440  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:47:37.0977 4440  spldr - ok
20:47:38.0008 4440  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:47:38.0018 4440  Spooler - ok
20:47:38.0082 4440  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:47:38.0147 4440  sppsvc - ok
20:47:38.0158 4440  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:47:38.0160 4440  sppuinotify - ok
20:47:38.0204 4440  sprtsvc_verizondm - ok
20:47:38.0233 4440  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:47:38.0238 4440  srv - ok
20:47:38.0252 4440  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:47:38.0257 4440  srv2 - ok
20:47:38.0270 4440  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:47:38.0272 4440  srvnet - ok
20:47:38.0301 4440  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:47:38.0305 4440  SSDPSRV - ok
20:47:38.0333 4440  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:47:38.0336 4440  SstpSvc - ok
20:47:38.0381 4440  Steam Client Service - ok
20:47:38.0448 4440  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:47:38.0454 4440  Stereo Service - ok
20:47:38.0472 4440  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:47:38.0474 4440  stexstor - ok
20:47:38.0513 4440  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:47:38.0524 4440  stisvc - ok
20:47:38.0545 4440  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:47:38.0546 4440  storflt - ok
20:47:38.0567 4440  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
20:47:38.0569 4440  StorSvc - ok
20:47:38.0598 4440  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:47:38.0599 4440  storvsc - ok
20:47:38.0605 4440  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:47:38.0606 4440  swenum - ok
20:47:38.0628 4440  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:47:38.0635 4440  swprv - ok
20:47:38.0677 4440  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:47:38.0708 4440  SysMain - ok
20:47:38.0723 4440  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:47:38.0727 4440  TabletInputService - ok
20:47:38.0748 4440  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:47:38.0753 4440  TapiSrv - ok
20:47:38.0780 4440  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:47:38.0782 4440  TBS - ok
20:47:38.0840 4440  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:47:38.0871 4440  Tcpip - ok
20:47:38.0900 4440  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:47:38.0911 4440  TCPIP6 - ok
20:47:38.0938 4440  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:47:38.0939 4440  tcpipreg - ok
20:47:38.0957 4440  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:47:38.0958 4440  TDPIPE - ok
20:47:38.0985 4440  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:47:38.0986 4440  TDTCP - ok
20:47:39.0005 4440  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:47:39.0007 4440  tdx - ok
20:47:39.0021 4440  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:47:39.0023 4440  TermDD - ok
20:47:39.0042 4440  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:47:39.0051 4440  TermService - ok
20:47:39.0054 4440  tgsrvc_verizondm - ok
20:47:39.0072 4440  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:47:39.0075 4440  Themes - ok
20:47:39.0095 4440  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:47:39.0096 4440  THREADORDER - ok
20:47:39.0108 4440  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:47:39.0110 4440  TrkWks - ok
20:47:39.0148 4440  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:47:39.0151 4440  TrustedInstaller - ok
20:47:39.0170 4440  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:39.0171 4440  tssecsrv - ok
20:47:39.0187 4440  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:47:39.0189 4440  TsUsbFlt - ok
20:47:39.0199 4440  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:47:39.0200 4440  TsUsbGD - ok
20:47:39.0229 4440  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:47:39.0231 4440  tunnel - ok
20:47:39.0242 4440  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:47:39.0244 4440  uagp35 - ok
20:47:39.0260 4440  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:47:39.0264 4440  udfs - ok
20:47:39.0294 4440  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:47:39.0297 4440  UI0Detect - ok
20:47:39.0317 4440  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:47:39.0319 4440  uliagpkx - ok
20:47:39.0342 4440  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:47:39.0344 4440  umbus - ok
20:47:39.0361 4440  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:47:39.0362 4440  UmPass - ok
20:47:39.0388 4440  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:47:39.0393 4440  UmRdpService - ok
20:47:39.0446 4440  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:47:39.0453 4440  UMVPFSrv - ok
20:47:39.0511 4440  [ 1E9993AC255B3220BCE71FE9E056BBC9 ] Updater Service for StartNow Toolbar C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
20:47:39.0515 4440  Updater Service for StartNow Toolbar - ok
20:47:39.0532 4440  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:47:39.0539 4440  upnphost - ok
20:47:39.0561 4440  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:47:39.0563 4440  usbaudio - ok
20:47:39.0584 4440  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:47:39.0585 4440  usbccgp - ok
20:47:39.0615 4440  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:47:39.0617 4440  usbcir - ok
20:47:39.0631 4440  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:47:39.0633 4440  usbehci - ok
20:47:39.0646 4440  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:47:39.0651 4440  usbhub - ok
20:47:39.0710 4440  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:47:39.0711 4440  usbohci - ok
20:47:39.0742 4440  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:47:39.0744 4440  usbprint - ok
20:47:39.0774 4440  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:47:39.0775 4440  usbscan - ok
20:47:39.0805 4440  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:39.0807 4440  USBSTOR - ok
20:47:39.0827 4440  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:47:39.0828 4440  usbuhci - ok
20:47:39.0853 4440  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:47:39.0857 4440  UxSms - ok
20:47:39.0873 4440  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:47:39.0875 4440  VaultSvc - ok
20:47:39.0888 4440  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:47:39.0890 4440  vdrvroot - ok
20:47:39.0925 4440  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:47:39.0935 4440  vds - ok
20:47:39.0949 4440  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:47:39.0951 4440  vga - ok
20:47:39.0967 4440  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:47:39.0968 4440  VgaSave - ok
20:47:39.0990 4440  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:47:39.0993 4440  vhdmp - ok
20:47:40.0042 4440  [ 1F1225CC7538086F2EB611DACA141E8A ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:47:40.0055 4440  VIAHdAudAddService - ok
20:47:40.0065 4440  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:47:40.0066 4440  viaide - ok
20:47:40.0090 4440  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:47:40.0093 4440  vmbus - ok
20:47:40.0107 4440  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:47:40.0108 4440  VMBusHID - ok
20:47:40.0125 4440  [ 754C8BF43F0DD4B54865F174A62761E9 ] VMfilt          C:\Windows\system32\drivers\VMfilt64.sys
20:47:40.0126 4440  VMfilt - ok
20:47:40.0140 4440  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:47:40.0141 4440  volmgr - ok
20:47:40.0154 4440  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:47:40.0158 4440  volmgrx - ok
20:47:40.0169 4440  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:47:40.0173 4440  volsnap - ok
20:47:40.0194 4440  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:47:40.0196 4440  vsmraid - ok
20:47:40.0236 4440  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:47:40.0260 4440  VSS - ok
20:47:40.0275 4440  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:47:40.0277 4440  vwifibus - ok
20:47:40.0298 4440  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:47:40.0303 4440  W32Time - ok
20:47:40.0316 4440  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:47:40.0318 4440  WacomPen - ok
20:47:40.0348 4440  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:47:40.0350 4440  WANARP - ok
20:47:40.0367 4440  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:47:40.0368 4440  Wanarpv6 - ok
20:47:40.0425 4440  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:47:40.0449 4440  WatAdminSvc - ok
20:47:40.0487 4440  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:47:40.0512 4440  wbengine - ok
20:47:40.0526 4440  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:47:40.0530 4440  WbioSrvc - ok
20:47:40.0543 4440  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:47:40.0549 4440  wcncsvc - ok
20:47:40.0562 4440  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:47:40.0565 4440  WcsPlugInService - ok
20:47:40.0583 4440  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:47:40.0584 4440  Wd - ok
20:47:40.0620 4440  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:47:40.0629 4440  Wdf01000 - ok
20:47:40.0645 4440  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:47:40.0648 4440  WdiServiceHost - ok
20:47:40.0654 4440  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:47:40.0657 4440  WdiSystemHost - ok
20:47:40.0668 4440  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:47:40.0673 4440  WebClient - ok
20:47:40.0693 4440  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:47:40.0697 4440  Wecsvc - ok
20:47:40.0711 4440  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:47:40.0714 4440  wercplsupport - ok
20:47:40.0728 4440  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:47:40.0731 4440  WerSvc - ok
20:47:40.0749 4440  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:47:40.0750 4440  WfpLwf - ok
20:47:40.0765 4440  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:47:40.0767 4440  WIMMount - ok
20:47:40.0788 4440  WinHttpAutoProxySvc - ok
20:47:40.0842 4440  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:47:40.0844 4440  Winmgmt - ok
20:47:40.0902 4440  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:47:40.0939 4440  WinRM - ok
20:47:40.0996 4440  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:47:40.0997 4440  WinUsb - ok
20:47:41.0042 4440  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:47:41.0057 4440  Wlansvc - ok
20:47:41.0160 4440  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:47:41.0203 4440  wlidsvc - ok
20:47:41.0228 4440  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:47:41.0229 4440  WmiAcpi - ok
20:47:41.0256 4440  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:47:41.0259 4440  wmiApSrv - ok
20:47:41.0298 4440  WMPNetworkSvc - ok
20:47:41.0313 4440  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:47:41.0317 4440  WPCSvc - ok
20:47:41.0328 4440  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:47:41.0332 4440  WPDBusEnum - ok
20:47:41.0338 4440  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:47:41.0339 4440  ws2ifsl - ok
20:47:41.0342 4440  WSearch - ok
20:47:41.0377 4440  [ 75D12C614E3336B639211016D0C5C2C7 ] WSWNDA3100      C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
20:47:41.0378 4440  WSWNDA3100 - ok
20:47:41.0438 4440  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:47:41.0482 4440  wuauserv - ok
20:47:41.0505 4440  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:47:41.0507 4440  WudfPf - ok
20:47:41.0527 4440  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:47:41.0530 4440  WUDFRd - ok
20:47:41.0553 4440  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:47:41.0557 4440  wudfsvc - ok
20:47:41.0587 4440  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:47:41.0592 4440  WwanSvc - ok
20:47:41.0664 4440  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:47:41.0673 4440  YahooAUService - ok
20:47:41.0708 4440  ================ Scan global ===============================
20:47:41.0725 4440  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:47:41.0747 4440  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:47:41.0754 4440  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:47:41.0778 4440  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:47:41.0807 4440  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:47:41.0811 4440  [Global] - ok
20:47:41.0813 4440  ================ Scan MBR ==================================
20:47:41.0822 4440  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:47:42.0003 4440  \Device\Harddisk0\DR0 - ok
20:47:42.0004 4440  ================ Scan VBR ==================================
20:47:42.0007 4440  [ E808A9DC33B68F2678A99FE3BBA9873D ] \Device\Harddisk0\DR0\Partition1
20:47:42.0009 4440  \Device\Harddisk0\DR0\Partition1 - ok
20:47:42.0019 4440  [ 30396C6C9BCB6D87E47B6A39814BCE41 ] \Device\Harddisk0\DR0\Partition2
20:47:42.0021 4440  \Device\Harddisk0\DR0\Partition2 - ok
20:47:42.0022 4440  ============================================================
20:47:42.0022 4440  Scan finished
20:47:42.0022 4440  ============================================================
20:47:42.0035 4416  Detected object count: 0
20:47:42.0035 4416  Actual detected object count: 0
20:48:07.0616 4776  Deinitialize success
 

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

And as per requested in step 2

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Ben :: BEN-PC [administrator]

6/19/2013 8:51:54 PM
mbar-log-2013-06-19 (20-51-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 291528
Time elapsed: 27 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\Ben\AppData\Local\Temp\nguspxuyhusaqsjqx.exe (Trojan.Winlock) -> Delete on reboot.
c:\Users\Ben\AppData\Roaming\Microsoft\Windows\Templates\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.209000 GHz
Memory total: 4285587456, free: 2498228224

Downloaded database version: v2013.06.19.10
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/19/2013 20:51:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\scmndisp.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\VMfilt64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\lvbflt64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004806060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa8004119060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004806060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004806b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004806060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004113520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004119060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 36B1BED9

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: c:\Users\Ben\AppData\Local\Temp\nguspxuyhusaqsjqx.exe --> [Trojan.Winlock]
Infected: c:\Users\Ben\AppData\Roaming\Microsoft\Windows\Templates\2433f433 --> [Trojan.Agent.TPL]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

Java version: 1.6.0_27

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.209000 GHz
Memory total: 4285587456, free: 3054333952

Initializing...
------------ Kernel report ------------
     06/19/2013 21:31:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\scmndisp.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\VMfilt64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\lvbflt64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80047e7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa800455d060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80047e7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004676860, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80047e7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004557520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800455d060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 36B1BED9

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

Step three's log

ComboFix 13-06-18.02 - Ben 9/2013 Wed  22:20:09.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.932.81.1033.18.4087.1995 [GMT -4:00]
Running from: c:\users\Ben\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\genfix.exe
c:\program files (x86)\StartNow Toolbar\Reactivate.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\search_protect.exe
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\StartNow Toolbar\XBrowser.dll
c:\programdata\Broowsee22save
c:\programdata\Broowsee22save\5159d10b47bd6.tlb
c:\programdata\Broowsee22save\data\Broowsee22save.dat
c:\programdata\Broowsee22save\settings.ini
c:\programdata\Microsoft\Windows\DRM\B72E.tmp
c:\programdata\Microsoft\Windows\DRM\B809.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SET81EE.tmp
c:\windows\SysWow64\tmp4411.tmp
c:\windows\SysWow64\tmp4579.tmp
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-20 to 2013-06-20  )))))))))))))))))))))))))))))))
.
.
2074-05-18 21:44 . 2008-03-21 18:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2013-06-20 02:52 . 2013-06-20 02:52 -------- d-----w- C:\FRST
2013-06-20 02:35 . 2013-06-20 02:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-20 02:35 . 2013-06-20 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-20 01:57 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{597582B0-B95E-44F3-B667-7E23843D4492}\mpengine.dll
2013-06-20 01:31 . 2013-06-20 01:31 162008 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-20 00:51 . 2013-06-20 00:51 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-16 05:00 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll
2013-06-15 22:30 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 22:30 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-15 22:30 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-15 22:30 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-15 22:30 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-15 22:28 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-15 20:32 . 2013-06-17 03:18 -------- d-----w- c:\users\Ben\AppData\Local\The Witcher
2013-06-04 00:44 . 2013-06-15 07:16 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-06-03 02:27 . 2013-06-03 02:27 -------- d-----w- C:\Microsoft_SDK
2013-05-31 02:02 . 2013-05-31 03:02 -------- d-----w- c:\windows\system32\appmgmt
2013-05-25 03:00 . 2013-05-25 03:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-16 05:02 . 2012-10-28 14:27 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-15 18:23 . 2012-07-02 21:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-15 18:23 . 2011-07-17 23:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-12 03:02 . 2011-03-28 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 12:19 . 2013-04-18 12:19 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 15:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 15:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 15:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 15:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 15:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 15:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 11:42 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 15:14 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 15:14 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 15:14 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-06 20:03 . 2011-10-26 17:53 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-06 20:03 . 2011-10-26 17:25 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-04-04 18:50 . 2011-12-13 19:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 02:14 . 2013-03-29 02:14 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 02:14 . 2013-03-29 02:14 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-29 02:14 . 2013-03-29 02:14 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 02:14 . 2013-03-29 02:14 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 02:14 . 2013-03-29 02:14 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-29 02:14 . 2013-03-29 02:14 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-29 02:14 . 2013-03-29 02:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-29 02:14 . 2013-03-29 02:14 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-29 02:14 . 2013-03-29 02:14 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-29 02:14 . 2013-03-29 02:14 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 02:14 . 2013-03-29 02:14 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-29 02:14 . 2013-03-29 02:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-29 02:14 . 2013-03-29 02:14 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-29 02:14 . 2013-03-29 02:14 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-29 02:14 . 2013-03-29 02:14 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-29 02:14 . 2013-03-29 02:14 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-29 02:14 . 2013-03-29 02:14 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-29 02:14 . 2013-03-29 02:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 02:14 . 2013-03-29 02:14 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-29 02:14 . 2013-03-29 02:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-29 02:14 . 2013-03-29 02:14 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 02:14 . 2013-03-29 02:14 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 02:14 . 2013-03-29 02:14 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-29 02:14 . 2013-03-29 02:14 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-29 02:14 . 2013-03-29 02:14 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-29 02:14 . 2013-03-29 02:14 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 02:14 . 2013-03-29 02:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-29 02:14 . 2013-03-29 02:14 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 02:14 . 2013-03-29 02:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 02:14 . 2013-03-29 02:14 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-29 02:14 . 2013-03-29 02:14 441856 ----a-w- c:\windows\system32\html.iec
2013-03-29 02:14 . 2013-03-29 02:14 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-29 02:14 . 2013-03-29 02:14 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 02:14 . 2013-03-29 02:14 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-29 02:14 . 2013-03-29 02:14 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-29 02:14 . 2013-03-29 02:14 235008 ----a-w- c:\windows\system32\url.dll
2013-03-29 02:14 . 2013-03-29 02:14 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 02:14 . 2013-03-29 02:14 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 02:14 . 2013-03-29 02:14 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 02:14 . 2013-03-29 02:14 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 02:14 . 2013-03-29 02:14 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-29 02:14 . 2013-03-29 02:14 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 02:14 . 2013-03-29 02:14 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-29 02:14 . 2013-03-29 02:14 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 02:14 . 2013-03-29 02:14 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-29 02:14 . 2013-03-29 02:14 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-29 02:14 . 2013-03-29 02:14 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-29 02:14 . 2013-03-29 02:14 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-29 02:14 . 2013-03-29 02:14 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-27 23:58 . 2011-10-26 17:25 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2012-03-15 20:34 262312 ----a-w- c:\program files (x86)\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2012-03-15 20:34 86696 ----a-w- c:\program files (x86)\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Desura"="c:\program files (x86)\Desura\desura.exe" [2011-11-18 2529096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-7-10 3272704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\drivers\mbamswissarmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe;c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe;c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys;c:\windows\SYSNATIVE\drivers\VMfilt64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 18:24]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 23:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\blvykgby.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-06-13 22:38; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-StartNow Search Protect - c:\program files (x86)\StartNow Toolbar\search_protect.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-23344175.sys
SafeBoot-28945799.sys
SafeBoot-49342158.sys
SafeBoot-84788745.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-Desura - c:\program files (x86)\Common Files\Desura\\Desura_Uninstaller.exe
AddRemove-Desura_51346334023696 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_62350040236064 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-SP_f2a323db - c:\program files (x86)\BrowseToSave\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-The OBSE Launcher - c:\program files (x86)\The OBSE Launcher\uninst.exe
AddRemove-{088760E4-A3C2-163A-852C-2C5882E38B8D} - c:\progra~3\INSTAL~1\{30DC4~1\Setup.exe
AddRemove-{2B186283-691C-851A-B943-5CC0580BFF22} - c:\progra~3\INSTAL~1\{8B499~1\Setup.exe
AddRemove-{37377830-B2E4-392B-F1CF-EEFAAA189F04} - c:\progra~3\INSTAL~1\{36B3C~1\Setup.exe
AddRemove-{C2845670-4C91-BAB7-5920-8A39101180F1} - c:\progra~3\INSTAL~1\{BCD02~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2013-06-19  22:43:22 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-20 02:43
.
Pre-Run: 39,470,882,816 bytes free
Post-Run: 51,084,734,464 bytes free
.
- - End Of File - - 4483C6F0F6942D154F1CFD7704C86A84
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

And the last two steps

 Results of screen317's Security Check version 0.99.67 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 22 
 Java 6 Update 27 
 Java 7 Update 17 
 Java version out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox (21.0)
 Google Chrome 23.0.1271.91 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

We're making progress. :)

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
----------Step 2----------------

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
----------Step 3----------------

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 5----------------

Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

Hey again Here is log from step one

 

# AdwCleaner v2.303 - Logfile created 06/20/2013 at 19:43:57
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Ben - BEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe
# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Found : C:\Users\Ben\Desktop\jZip.lnk
Folder Found : C:\Program Files (x86)\jZip
Folder Found : C:\Program Files (x86)\Playbryte
Folder Found : C:\Program Files (x86)\Trymedia
Folder Found : C:\Program Files (x86)\verizontb
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found : C:\ProgramData\SoftSafe
Folder Found : C:\Users\Ben\AppData\Local\jZip
Folder Found : C:\Users\Ben\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Ben\AppData\LocalLow\Playbryte
Folder Found : C:\Users\Ben\AppData\LocalLow\verizontb
Folder Found : C:\Users\Ben\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Found : HKLM\Software\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Playbryte
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-4CDC-8923-F89347A952C0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8D96645-337C-419B-8792-B6C126145811}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Found : HKU\S-1-5-21-4177945036-1794842917-3311295540-1000\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Found : HKU\S-1-5-21-4177945036-1794842917-3311295540-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4177945036-1794842917-3311295540-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F8D96645-337C-419B-8792-B6C126145811}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\blvykgby.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [unable to get version]

File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences

*************************

AdwCleaner[R1].txt - [9396 octets] - [20/06/2013 19:43:57]

########## EOF - C:\AdwCleaner[R1].txt - [9456 octets] ##########

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

Finally

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[1].htm JS/Agent.NJW trojan 
C:\FRST\Quarantine\coNtinuuetosave\5197032a5f7d8.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchNewTab\5196f3369dd6a.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.11.2012_18.54.21\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_10.03.36\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_10.03.36\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_10.03.36\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.BC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_10.03.36\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.UK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_10.03.36\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_10.03.36\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_10.03.36\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcbjlfkdiffdolkbjepnmibipjglongc\1\5197032a5f5909.81036538.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lobpebjpmackfpplalanldmbpfkmpioa\1\5159d10b4798c7.85699625.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmpenkndnfgfgenolokikikihmdfmdm\1\5196f3369db3f7.58195694.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\oomlhbiofgellihmkhdmmcdfiodfnnmb\1\517d3fc4920e66.88740311.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\75b745c4-5ffa9c21 a variant of Java/Exploit.Agent.OPR trojan cleaned by deleting - quarantined
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7603db9-70525ba5 a variant of Java/Exploit.Agent.OPN trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[1].htm JS/Agent.NJW trojan cleaned by deleting - quarantined
 

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Still have a little more to do, but we're nearly there.

----------Step 1----------------

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

    :OTL

    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    :Commands

    [purity]

    [emptytemp]

    [emptyjava]

    [emptyflash]

    [Reboot]

  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
----------Step 2----------------

Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Afterwards, please reboot the computer.

----------Step 3----------------

Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

All processes killed
========== OTL ==========
C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.
C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ben
->Temp folder emptied: 1747760 bytes
->Temporary Internet Files folder emptied: 348760512 bytes
->Java cache emptied: 2905516 bytes
->FireFox cache emptied: 103461327 bytes
->Google Chrome cache emptied: 344235654 bytes
->Flash cache emptied: 273507 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43766396 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 26011523 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 831.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Ben
->Java cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Ben
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06222013_073925

Files\Folders moved on Reboot...
C:\Users\Ben\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V06QS4J7\fastbutton[3].htm moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V06QS4J7\xd_arbiter[2].htm moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P8NMJVIQ\pictos-web[1].woff moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCOER7XB\xd_arbiter[1].htm moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EHTU07TB\index[5].htm moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6X9BJ058\like[4].htm moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6X9BJ058\v4[1].htm moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites
Khorrl

Khorrl

Posted
  • Author
Posted

Thinks are running pretty damn well.

 

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 07:52:09
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Ben - BEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Ben\Desktop\jZip.lnk
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\verizontb
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Users\Ben\AppData\Local\jZip

***** [Registry] *****

Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F8D96645-337C-419B-8792-B6C126145811}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\blvykgby.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences

*************************

AdwCleaner[R1].txt - [9511 octets] - [20/06/2013 19:43:57]
AdwCleaner[s1].txt - [6097 octets] - [22/06/2013 07:52:09]

########## EOF - C:\AdwCleaner[s1].txt - [6157 octets] ##########

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Things look good. Judging by your last few logs, I'd say your system is clean. :)

Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.

---------

Upgrade Java : (64 bits)

  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

---------

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

---------

Please let me know how the updates went, as failed updates may be dule to malware.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.