65 replies to this topic

[jahjaylee]

Hey guys,
I've read a couple other of your help posts on this topic so I have an idea of what needs to be done.

First off, I have attached my DDS and Attach txts. I made sure to update my malwarebytes fully and attached that log as well.

Any help is appreciated. Malwarebytes is currently not catching any viruses and I believe I have disabled ad-aware so I don't think that is interfering.
Thanks for all your help.

Attached Files

•  DDS.txt   17.29K   26 downloads
•  Attach.txt   8.3K   11 downloads
•  mbam-log-2012-05-24 (19-53-06).txt   3.03K   32 downloads

[D-FRED-BROWN]

Hello jahjaylee and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

• TDSSKiller logfile
  
• C:\ComboFix.txt
  
• Security Check checkup.txt

How is your computer running now?

[jahjaylee]

Thanks so much Fred. I really appreciate it.
I am currently away from my computer over memorial day weekend so I will post my results asap when I return.
Thanks again for your help.

[D-FRED-BROWN]

No worries. We'll pick up when you get back. Have a nice weekend .

[jahjaylee]

Also, can all of this be done in safe mode?
Or should I just boot up regularly and do this.

[D-FRED-BROWN]

For now, stick with Normal Mode. If you encounter difficulty (like if one of the scans crashes), then you can try Safe Mode .

[jahjaylee]

17:38:03.0805 3792 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
17:38:04.0180 3792 ============================================================
17:38:04.0180 3792 Current date / time: 2012/05/29 17:38:04.0180
17:38:04.0180 3792 SystemInfo:
17:38:04.0180 3792
17:38:04.0180 3792 OS Version: 6.1.7600 ServicePack: 0.0
17:38:04.0180 3792 Product type: Workstation
17:38:04.0180 3792 ComputerName: THEALLSPARK
17:38:04.0180 3792 UserName: Jay Lee
17:38:04.0180 3792 Windows directory: C:\Windows
17:38:04.0180 3792 System windows directory: C:\Windows
17:38:04.0180 3792 Running under WOW64
17:38:04.0180 3792 Processor architecture: Intel x64
17:38:04.0180 3792 Number of processors: 2
17:38:04.0180 3792 Page size: 0x1000
17:38:04.0180 3792 Boot type: Normal boot
17:38:04.0180 3792 ============================================================
17:38:05.0865 3792 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:05.0880 3792 ============================================================
17:38:05.0880 3792 \Device\Harddisk0\DR0:
17:38:05.0880 3792 MBR partitions:
17:38:05.0880 3792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1659000
17:38:05.0880 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1678800, BlocksNum 0x38D0D000
17:38:05.0880 3792 ============================================================
17:38:05.0911 3792 C: <-> \Device\Harddisk0\DR0\Partition1
17:38:05.0911 3792 ============================================================
17:38:05.0911 3792 Initialize success
17:38:05.0911 3792 ============================================================
17:38:07.0830 3432 ============================================================
17:38:07.0830 3432 Scan started
17:38:07.0830 3432 Mode: Manual;
17:38:07.0830 3432 ============================================================
17:38:11.0075 3432 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
17:38:11.0106 3432 1394ohci - ok
17:38:11.0153 3432 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:38:11.0184 3432 ACPI - ok
17:38:11.0200 3432 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:38:11.0200 3432 AcpiPmi - ok
17:38:11.0387 3432 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:38:11.0387 3432 AdobeFlashPlayerUpdateSvc - ok
17:38:11.0512 3432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:38:11.0543 3432 adp94xx - ok
17:38:11.0590 3432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:38:11.0605 3432 adpahci - ok
17:38:11.0637 3432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:38:11.0652 3432 adpu320 - ok
17:38:11.0683 3432 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:38:11.0683 3432 AeLookupSvc - ok
17:38:11.0793 3432 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:38:11.0808 3432 AFD - ok
17:38:11.0839 3432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:38:11.0839 3432 agp440 - ok
17:38:11.0871 3432 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:38:11.0871 3432 ALG - ok
17:38:11.0886 3432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:38:11.0902 3432 aliide - ok
17:38:11.0949 3432 AMD External Events Utility (9a5495edebe7d6b3f7e9a86ebe5ea248) C:\Windows\system32\atiesrxx.exe
17:38:11.0949 3432 AMD External Events Utility - ok
17:38:11.0964 3432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:38:11.0964 3432 amdide - ok
17:38:12.0073 3432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:38:12.0089 3432 AmdK8 - ok
17:38:12.0604 3432 amdkmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
17:38:12.0760 3432 amdkmdag - ok
17:38:12.0916 3432 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
17:38:12.0931 3432 amdkmdap - ok
17:38:12.0947 3432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:38:12.0947 3432 AmdPPM - ok
17:38:13.0009 3432 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:38:13.0009 3432 amdsata - ok
17:38:13.0041 3432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:38:13.0056 3432 amdsbs - ok
17:38:13.0087 3432 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:38:13.0087 3432 amdxata - ok
17:38:13.0119 3432 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:38:13.0119 3432 AppID - ok
17:38:13.0150 3432 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:38:13.0150 3432 AppIDSvc - ok
17:38:13.0197 3432 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:38:13.0197 3432 Appinfo - ok
17:38:13.0321 3432 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:38:13.0321 3432 Apple Mobile Device - ok
17:38:13.0368 3432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:38:13.0368 3432 arc - ok
17:38:13.0384 3432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:38:13.0384 3432 arcsas - ok
17:38:13.0727 3432 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:38:13.0758 3432 aspnet_state - ok
17:38:13.0821 3432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:38:13.0821 3432 AsyncMac - ok
17:38:13.0867 3432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:38:13.0867 3432 atapi - ok
17:38:13.0992 3432 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
17:38:13.0992 3432 AtiHDAudioService - ok
17:38:14.0055 3432 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
17:38:14.0055 3432 AtiHdmiService - ok
17:38:15.0786 3432 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
17:38:15.0802 3432 atikmdag - ok
17:38:16.0441 3432 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:38:16.0473 3432 AudioEndpointBuilder - ok
17:38:16.0488 3432 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:38:16.0504 3432 AudioSrv - ok
17:38:16.0613 3432 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:38:16.0629 3432 AxInstSV - ok
17:38:16.0722 3432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:38:16.0753 3432 b06bdrv - ok
17:38:16.0800 3432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:38:16.0816 3432 b57nd60a - ok
17:38:16.0847 3432 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
17:38:16.0847 3432 BCM42RLY - ok
17:38:17.0674 3432 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:38:17.0705 3432 BCM43XX - ok
17:38:18.0048 3432 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:38:18.0079 3432 BDESVC - ok
17:38:18.0189 3432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:38:18.0189 3432 Beep - ok
17:38:18.0579 3432 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:38:18.0610 3432 BFE - ok
17:38:18.0672 3432 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:38:18.0672 3432 BITS - ok
17:38:18.0750 3432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:38:18.0750 3432 blbdrive - ok
17:38:18.0891 3432 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:38:18.0891 3432 Bonjour Service - ok
17:38:18.0937 3432 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:38:18.0937 3432 bowser - ok
17:38:18.0953 3432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:38:18.0953 3432 BrFiltLo - ok
17:38:18.0984 3432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:38:18.0984 3432 BrFiltUp - ok
17:38:19.0047 3432 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:38:19.0047 3432 BridgeMP - ok
17:38:19.0093 3432 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:38:19.0093 3432 Browser - ok
17:38:19.0125 3432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:38:19.0125 3432 Brserid - ok
17:38:19.0140 3432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:38:19.0156 3432 BrSerWdm - ok
17:38:19.0156 3432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:38:19.0156 3432 BrUsbMdm - ok
17:38:19.0156 3432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:38:19.0156 3432 BrUsbSer - ok
17:38:19.0171 3432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:38:19.0187 3432 BTHMODEM - ok
17:38:19.0281 3432 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:38:19.0281 3432 bthserv - ok
17:38:19.0296 3432 catchme - ok
17:38:19.0327 3432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:38:19.0327 3432 cdfs - ok
17:38:19.0359 3432 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:38:19.0374 3432 cdrom - ok
17:38:19.0390 3432 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:38:19.0390 3432 CertPropSvc - ok
17:38:19.0405 3432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:38:19.0421 3432 circlass - ok
17:38:19.0452 3432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:38:19.0468 3432 CLFS - ok
17:38:19.0515 3432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:19.0515 3432 clr_optimization_v2.0.50727_32 - ok
17:38:19.0546 3432 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:38:19.0546 3432 clr_optimization_v2.0.50727_64 - ok
17:38:19.0686 3432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:38:19.0686 3432 clr_optimization_v4.0.30319_32 - ok
17:38:19.0733 3432 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:38:19.0733 3432 clr_optimization_v4.0.30319_64 - ok
17:38:19.0780 3432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:38:19.0780 3432 CmBatt - ok
17:38:19.0795 3432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:38:19.0795 3432 cmdide - ok
17:38:19.0873 3432 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
17:38:19.0889 3432 CNG - ok
17:38:19.0998 3432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:38:19.0998 3432 Compbatt - ok
17:38:20.0029 3432 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:38:20.0045 3432 CompositeBus - ok
17:38:20.0061 3432 COMSysApp - ok
17:38:20.0092 3432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:38:20.0092 3432 crcdisk - ok
17:38:20.0139 3432 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
17:38:20.0139 3432 CryptSvc - ok
17:38:20.0201 3432 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:38:20.0217 3432 DcomLaunch - ok
17:38:20.0263 3432 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:38:20.0279 3432 defragsvc - ok
17:38:20.0326 3432 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:38:20.0341 3432 DfsC - ok
17:38:20.0388 3432 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:38:20.0419 3432 Dhcp - ok
17:38:20.0435 3432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:38:20.0435 3432 discache - ok
17:38:20.0482 3432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:38:20.0482 3432 Disk - ok
17:38:20.0529 3432 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:38:20.0544 3432 Dnscache - ok
17:38:20.0607 3432 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:38:20.0607 3432 dot3svc - ok
17:38:20.0638 3432 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:38:20.0653 3432 DPS - ok
17:38:20.0700 3432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:38:20.0700 3432 drmkaud - ok
17:38:20.0763 3432 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:38:20.0778 3432 dtsoftbus01 - ok
17:38:20.0887 3432 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:38:20.0903 3432 DXGKrnl - ok
17:38:20.0919 3432 EagleX64 - ok
17:38:20.0950 3432 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:38:20.0965 3432 EapHost - ok
17:38:21.0262 3432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:38:21.0355 3432 ebdrv - ok
17:38:21.0496 3432 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:38:21.0496 3432 EFS - ok
17:38:21.0621 3432 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:38:21.0636 3432 ehRecvr - ok
17:38:21.0683 3432 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:38:21.0683 3432 ehSched - ok
17:38:21.0777 3432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:38:21.0792 3432 elxstor - ok
17:38:21.0808 3432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:38:21.0823 3432 ErrDev - ok
17:38:21.0886 3432 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:38:21.0901 3432 EventSystem - ok
17:38:21.0917 3432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:38:21.0933 3432 exfat - ok
17:38:21.0979 3432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:38:21.0995 3432 fastfat - ok
17:38:22.0073 3432 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:38:22.0089 3432 Fax - ok
17:38:22.0120 3432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:38:22.0120 3432 fdc - ok
17:38:22.0135 3432 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:38:22.0151 3432 fdPHost - ok
17:38:22.0167 3432 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:38:22.0167 3432 FDResPub - ok
17:38:22.0182 3432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:38:22.0198 3432 FileInfo - ok
17:38:22.0213 3432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:38:22.0213 3432 Filetrace - ok
17:38:22.0229 3432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:38:22.0245 3432 flpydisk - ok
17:38:22.0307 3432 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:38:22.0323 3432 FltMgr - ok
17:38:22.0447 3432 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:38:22.0494 3432 FontCache - ok
17:38:22.0557 3432 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:38:22.0557 3432 FontCache3.0.0.0 - ok
17:38:22.0666 3432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:38:22.0666 3432 FsDepends - ok
17:38:22.0853 3432 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:38:22.0853 3432 Fs_Rec - ok
17:38:22.0978 3432 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:38:22.0993 3432 fvevol - ok
17:38:23.0025 3432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:38:23.0040 3432 gagp30kx - ok
17:38:23.0071 3432 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:38:23.0071 3432 GEARAspiWDM - ok
17:38:23.0149 3432 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:38:23.0181 3432 gpsvc - ok
17:38:23.0196 3432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:38:23.0212 3432 hcw85cir - ok
17:38:23.0243 3432 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:38:23.0243 3432 HDAudBus - ok
17:38:23.0274 3432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:38:23.0274 3432 HidBatt - ok
17:38:23.0290 3432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:38:23.0305 3432 HidBth - ok
17:38:23.0337 3432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:38:23.0337 3432 HidIr - ok
17:38:23.0368 3432 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:38:23.0368 3432 hidserv - ok
17:38:23.0399 3432 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:38:23.0399 3432 HidUsb - ok
17:38:23.0415 3432 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:38:23.0430 3432 hkmsvc - ok
17:38:23.0461 3432 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:38:23.0477 3432 HomeGroupListener - ok
17:38:23.0524 3432 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:38:23.0539 3432 HomeGroupProvider - ok
17:38:23.0586 3432 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:38:23.0602 3432 HpSAMD - ok
17:38:23.0680 3432 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:38:23.0711 3432 HTTP - ok
17:38:23.0727 3432 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:38:23.0727 3432 hwpolicy - ok
17:38:23.0758 3432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:38:23.0758 3432 i8042prt - ok
17:38:23.0805 3432 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:38:23.0820 3432 iaStorV - ok
17:38:23.0945 3432 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:38:23.0945 3432 IDriverT - ok
17:38:24.0070 3432 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:38:24.0101 3432 idsvc - ok
17:38:24.0195 3432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:38:24.0195 3432 iirsp - ok
17:38:24.0273 3432 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:38:24.0319 3432 IKEEXT - ok
17:38:24.0351 3432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:38:24.0351 3432 intelide - ok
17:38:24.0397 3432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:38:24.0397 3432 intelppm - ok
17:38:24.0429 3432 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:38:24.0429 3432 IPBusEnum - ok
17:38:24.0460 3432 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:38:24.0460 3432 IpFilterDriver - ok
17:38:24.0522 3432 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:38:24.0538 3432 iphlpsvc - ok
17:38:24.0553 3432 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:38:24.0569 3432 IPMIDRV - ok
17:38:24.0585 3432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:38:24.0585 3432 IPNAT - ok
17:38:24.0787 3432 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
17:38:24.0803 3432 iPod Service - ok
17:38:24.0834 3432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:38:24.0834 3432 IRENUM - ok
17:38:24.0850 3432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:38:24.0865 3432 isapnp - ok
17:38:24.0897 3432 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:38:24.0912 3432 iScsiPrt - ok
17:38:24.0928 3432 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
17:38:24.0943 3432 itecir - ok
17:38:24.0990 3432 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:38:24.0990 3432 k57nd60a - ok
17:38:25.0006 3432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:38:25.0006 3432 kbdclass - ok
17:38:25.0037 3432 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:38:25.0037 3432 kbdhid - ok
17:38:25.0068 3432 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:38:25.0084 3432 KeyIso - ok
17:38:25.0099 3432 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
17:38:25.0099 3432 KSecDD - ok
17:38:25.0131 3432 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
17:38:25.0146 3432 KSecPkg - ok
17:38:25.0162 3432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:38:25.0162 3432 ksthunk - ok
17:38:25.0224 3432 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:38:25.0255 3432 KtmRm - ok
17:38:25.0318 3432 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
17:38:25.0333 3432 LanmanServer - ok
17:38:25.0365 3432 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:38:25.0380 3432 LanmanWorkstation - ok
17:38:25.0614 3432 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
17:38:25.0645 3432 Lavasoft Ad-Aware Service - ok
17:38:25.0708 3432 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:38:25.0723 3432 Lavasoft Kernexplorer - ok
17:38:25.0904 3432 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
17:38:25.0904 3432 Lbd - ok
17:38:25.0954 3432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:38:25.0954 3432 lltdio - ok
17:38:26.0004 3432 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:38:26.0024 3432 lltdsvc - ok
17:38:26.0064 3432 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:38:26.0074 3432 lmhosts - ok
17:38:26.0114 3432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:38:26.0124 3432 LSI_FC - ok
17:38:26.0144 3432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:38:26.0154 3432 LSI_SAS - ok
17:38:26.0174 3432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:38:26.0184 3432 LSI_SAS2 - ok
17:38:26.0204 3432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:38:26.0214 3432 LSI_SCSI - ok
17:38:26.0254 3432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:38:26.0264 3432 luafv - ok
17:38:26.0324 3432 massfilter (36efc8c32829a27baf0e63bfdbd5ee90) C:\Windows\system32\drivers\massfilter.sys
17:38:26.0334 3432 massfilter - ok
17:38:26.0364 3432 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:38:26.0364 3432 Mcx2Svc - ok
17:38:26.0384 3432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:38:26.0384 3432 megasas - ok
17:38:26.0424 3432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:38:26.0434 3432 MegaSR - ok
17:38:26.0474 3432 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:38:26.0474 3432 MMCSS - ok
17:38:26.0504 3432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:38:26.0504 3432 Modem - ok
17:38:26.0544 3432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:38:26.0544 3432 monitor - ok
17:38:26.0584 3432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:38:26.0584 3432 mouclass - ok
17:38:26.0624 3432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:38:26.0634 3432 mouhid - ok
17:38:26.0654 3432 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:38:26.0654 3432 mountmgr - ok
17:38:26.0684 3432 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:38:26.0694 3432 mpio - ok
17:38:26.0724 3432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:38:26.0724 3432 mpsdrv - ok
17:38:26.0937 3432 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:38:26.0968 3432 MpsSvc - ok
17:38:26.0984 3432 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:38:26.0999 3432 MRxDAV - ok
17:38:27.0031 3432 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:38:27.0031 3432 mrxsmb - ok
17:38:27.0109 3432 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:38:27.0124 3432 mrxsmb10 - ok
17:38:27.0280 3432 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:38:27.0280 3432 mrxsmb20 - ok
17:38:27.0321 3432 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
17:38:27.0321 3432 msahci - ok
17:38:27.0341 3432 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:38:27.0351 3432 msdsm - ok
17:38:27.0381 3432 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:38:27.0391 3432 MSDTC - ok
17:38:27.0431 3432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:38:27.0431 3432 Msfs - ok
17:38:27.0441 3432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:38:27.0441 3432 mshidkmdf - ok
17:38:27.0461 3432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:38:27.0461 3432 msisadrv - ok
17:38:27.0511 3432 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:38:27.0521 3432 MSiSCSI - ok
17:38:27.0531 3432 msiserver - ok
17:38:27.0571 3432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:38:27.0571 3432 MSKSSRV - ok
17:38:27.0591 3432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:38:27.0591 3432 MSPCLOCK - ok
17:38:27.0611 3432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:38:27.0611 3432 MSPQM - ok
17:38:27.0651 3432 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:38:27.0671 3432 MsRPC - ok
17:38:27.0701 3432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:38:27.0701 3432 mssmbios - ok
17:38:27.0721 3432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:38:27.0721 3432 MSTEE - ok
17:38:27.0731 3432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:38:27.0741 3432 MTConfig - ok
17:38:27.0761 3432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:38:27.0761 3432 Mup - ok
17:38:27.0831 3432 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:38:27.0851 3432 napagent - ok
17:38:27.0901 3432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:38:27.0974 3432 NativeWifiP - ok
17:38:28.0052 3432 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:38:28.0052 3432 NDIS - ok
17:38:28.0083 3432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:38:28.0083 3432 NdisCap - ok
17:38:28.0130 3432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:38:28.0130 3432 NdisTapi - ok
17:38:28.0145 3432 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:38:28.0145 3432 Ndisuio - ok
17:38:28.0177 3432 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:38:28.0192 3432 NdisWan - ok
17:38:28.0255 3432 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:38:28.0255 3432 NDProxy - ok
17:38:28.0286 3432 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
17:38:28.0286 3432 Netaapl - ok
17:38:28.0301 3432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:38:28.0317 3432 NetBIOS - ok
17:38:28.0333 3432 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:38:28.0333 3432 NetBT - ok
17:38:28.0379 3432 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:38:28.0379 3432 Netlogon - ok
17:38:28.0426 3432 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:38:28.0426 3432 Netman - ok
17:38:28.0535 3432 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:28.0551 3432 NetMsmqActivator - ok
17:38:28.0551 3432 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:28.0551 3432 NetPipeActivator - ok
17:38:28.0582 3432 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:38:28.0598 3432 netprofm - ok
17:38:28.0598 3432 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:28.0598 3432 NetTcpActivator - ok
17:38:28.0598 3432 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:38:28.0598 3432 NetTcpPortSharing - ok
17:38:28.0660 3432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:38:28.0660 3432 nfrd960 - ok
17:38:28.0691 3432 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:38:28.0707 3432 NlaSvc - ok
17:38:28.0723 3432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:38:28.0723 3432 Npfs - ok
17:38:28.0738 3432 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:38:28.0738 3432 nsi - ok
17:38:28.0754 3432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:38:28.0754 3432 nsiproxy - ok
17:38:28.0925 3432 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:38:28.0925 3432 Ntfs - ok
17:38:29.0003 3432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:38:29.0003 3432 Null - ok
17:38:29.0066 3432 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:38:29.0066 3432 nvraid - ok
17:38:29.0113 3432 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:38:29.0113 3432 nvstor - ok
17:38:29.0144 3432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:38:29.0144 3432 nv_agp - ok
17:38:29.0159 3432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:38:29.0159 3432 ohci1394 - ok
17:38:29.0269 3432 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:29.0269 3432 ose - ok
17:38:29.0300 3432 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:38:29.0315 3432 p2pimsvc - ok
17:38:29.0331 3432 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:38:29.0347 3432 p2psvc - ok
17:38:29.0378 3432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:38:29.0378 3432 Parport - ok
17:38:29.0409 3432 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
17:38:29.0409 3432 partmgr - ok
17:38:29.0425 3432 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:38:29.0425 3432 PcaSvc - ok
17:38:29.0456 3432 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:38:29.0456 3432 pci - ok
17:38:29.0471 3432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:38:29.0471 3432 pciide - ok
17:38:29.0503 3432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:38:29.0503 3432 pcmcia - ok
17:38:29.0518 3432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:38:29.0518 3432 pcw - ok
17:38:29.0549 3432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:38:29.0565 3432 PEAUTH - ok
17:38:29.0627 3432 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:38:29.0643 3432 PerfHost - ok
17:38:29.0721 3432 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:38:29.0768 3432 pla - ok
17:38:29.0830 3432 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:38:29.0846 3432 PlugPlay - ok
17:38:29.0877 3432 PnkBstrA - ok
17:38:29.0908 3432 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:38:29.0908 3432 PNRPAutoReg - ok
17:38:29.0939 3432 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:38:29.0939 3432 PNRPsvc - ok
17:38:29.0986 3432 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
17:38:29.0986 3432 Point64 - ok
17:38:30.0017 3432 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:38:30.0033 3432 PolicyAgent - ok
17:38:30.0064 3432 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:38:30.0064 3432 Power - ok
17:38:30.0111 3432 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:38:30.0111 3432 PptpMiniport - ok
17:38:30.0142 3432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:38:30.0142 3432 Processor - ok
17:38:30.0173 3432 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
17:38:30.0173 3432 ProfSvc - ok
17:38:30.0205 3432 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:38:30.0205 3432 ProtectedStorage - ok
17:38:30.0220 3432 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:38:30.0236 3432 Psched - ok
17:38:30.0439 3432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:38:30.0470 3432 ql2300 - ok
17:38:30.0735 3432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:38:30.0735 3432 ql40xx - ok
17:38:30.0782 3432 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:38:30.0797 3432 QWAVE - ok
17:38:30.0829 3432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:38:30.0829 3432 QWAVEdrv - ok
17:38:30.0860 3432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:38:30.0860 3432 RasAcd - ok
17:38:30.0907 3432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:38:30.0922 3432 RasAgileVpn - ok
17:38:30.0938 3432 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:38:30.0953 3432 RasAuto - ok
17:38:30.0985 3432 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:38:31.0000 3432 Rasl2tp - ok
17:38:31.0063 3432 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:38:31.0094 3432 RasMan - ok
17:38:31.0125 3432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:38:31.0141 3432 RasPppoe - ok
17:38:31.0172 3432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:38:31.0172 3432 RasSstp - ok
17:38:31.0219 3432 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:38:31.0234 3432 rdbss - ok
17:38:31.0250 3432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:38:31.0250 3432 rdpbus - ok
17:38:31.0281 3432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:38:31.0281 3432 RDPCDD - ok
17:38:31.0312 3432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:38:31.0312 3432 RDPENCDD - ok
17:38:31.0343 3432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:38:31.0343 3432 RDPREFMP - ok
17:38:31.0406 3432 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
17:38:31.0421 3432 RDPWD - ok
17:38:31.0484 3432 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:38:31.0499 3432 rdyboost - ok
17:38:31.0531 3432 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:38:31.0546 3432 RemoteAccess - ok
17:38:31.0593 3432 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:38:31.0593 3432 RemoteRegistry - ok
17:38:31.0624 3432 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
17:38:31.0640 3432 rimmptsk - ok
17:38:31.0655 3432 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
17:38:31.0655 3432 rimsptsk - ok
17:38:31.0702 3432 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
17:38:31.0702 3432 rismxdp - ok
17:38:31.0718 3432 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:38:31.0733 3432 RpcEptMapper - ok
17:38:31.0749 3432 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:38:31.0749 3432 RpcLocator - ok
17:38:31.0811 3432 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:38:31.0811 3432 RpcSs - ok
17:38:31.0874 3432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:38:31.0889 3432 rspndr - ok
17:38:31.0921 3432 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:38:31.0936 3432 SamSs - ok
17:38:31.0952 3432 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:38:31.0967 3432 sbp2port - ok
17:38:31.0999 3432 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:38:32.0014 3432 SCardSvr - ok
17:38:32.0045 3432 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:38:32.0045 3432 scfilter - ok
17:38:32.0155 3432 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:38:32.0170 3432 Schedule - ok
17:38:32.0201 3432 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:38:32.0201 3432 SCPolicySvc - ok
17:38:32.0264 3432 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys
17:38:32.0264 3432 sdbus - ok
17:38:32.0311 3432 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:38:32.0311 3432 SDRSVC - ok
17:38:32.0404 3432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:38:32.0404 3432 secdrv - ok
17:38:32.0404 3432 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:38:32.0420 3432 seclogon - ok
17:38:32.0467 3432 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:38:32.0482 3432 SENS - ok
17:38:32.0498 3432 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:38:32.0498 3432 SensrSvc - ok
17:38:32.0513 3432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:38:32.0513 3432 Serenum - ok
17:38:32.0560 3432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:38:32.0576 3432 Serial - ok
17:38:32.0623 3432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:38:32.0623 3432 sermouse - ok
17:38:32.0669 3432 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:38:32.0669 3432 SessionEnv - ok
17:38:32.0685 3432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:38:32.0685 3432 sffdisk - ok
17:38:32.0701 3432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:38:32.0716 3432 sffp_mmc - ok
17:38:32.0732 3432 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:38:32.0732 3432 sffp_sd - ok
17:38:32.0747 3432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:38:32.0747 3432 sfloppy - ok
17:38:32.0794 3432 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:38:32.0810 3432 SharedAccess - ok
17:38:32.0857 3432 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:38:32.0872 3432 ShellHWDetection - ok
17:38:32.0903 3432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:38:32.0903 3432 SiSRaid2 - ok
17:38:32.0919 3432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:38:32.0935 3432 SiSRaid4 - ok
17:38:33.0449 3432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:38:33.0449 3432 Smb - ok
17:38:33.0512 3432 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:38:33.0512 3432 SNMPTRAP - ok
17:38:33.0527 3432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:38:33.0527 3432 spldr - ok
17:38:33.0590 3432 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:38:33.0605 3432 Spooler - ok
17:38:34.0417 3432 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:38:34.0448 3432 sppsvc - ok
17:38:34.0588 3432 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:38:34.0588 3432 sppuinotify - ok
17:38:34.0682 3432 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:38:34.0729 3432 srv - ok
17:38:34.0791 3432 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:38:34.0853 3432 srv2 - ok
17:38:34.0916 3432 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:38:34.0931 3432 srvnet - ok
17:38:34.0978 3432 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:38:34.0994 3432 SSDPSRV - ok
17:38:35.0009 3432 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:38:35.0009 3432 SstpSvc - ok
17:38:35.0134 3432 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
17:38:35.0150 3432 STacSV - ok
17:38:35.0212 3432 Steam Client Service - ok
17:38:35.0243 3432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:38:35.0243 3432 stexstor - ok
17:38:35.0306 3432 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
17:38:35.0321 3432 STHDA - ok
17:38:35.0399 3432 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:38:35.0431 3432 stisvc - ok
17:38:35.0446 3432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:38:35.0446 3432 swenum - ok
17:38:35.0524 3432 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:38:35.0540 3432 swprv - ok
17:38:35.0665 3432 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
17:38:35.0665 3432 SynTP - ok
17:38:35.0805 3432 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:38:35.0867 3432 SysMain - ok
17:38:36.0023 3432 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:38:36.0039 3432 TabletInputService - ok
17:38:36.0070 3432 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:38:36.0070 3432 TapiSrv - ok
17:38:36.0101 3432 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:38:36.0117 3432 TBS - ok
17:38:36.0320 3432 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
17:38:36.0335 3432 Tcpip - ok
17:38:36.0616 3432 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
17:38:36.0647 3432 TCPIP6 - ok
17:38:36.0741 3432 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:38:36.0757 3432 tcpipreg - ok
17:38:36.0788 3432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:38:36.0788 3432 TDPIPE - ok
17:38:36.0835 3432 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:38:36.0835 3432 TDTCP - ok
17:38:36.0866 3432 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:38:36.0866 3432 tdx - ok
17:38:36.0897 3432 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:38:36.0897 3432 TermDD - ok
17:38:36.0991 3432 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:38:37.0006 3432 TermService - ok
17:38:37.0022 3432 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:38:37.0022 3432 Themes - ok
17:38:37.0069 3432 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:38:37.0069 3432 THREADORDER - ok
17:38:37.0084 3432 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:38:37.0100 3432 TrkWks - ok
17:38:37.0162 3432 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:38:37.0162 3432 TrustedInstaller - ok
17:38:37.0193 3432 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:37.0193 3432 tssecsrv - ok
17:38:37.0240 3432 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:38:37.0240 3432 tunnel - ok
17:38:37.0271 3432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:38:37.0271 3432 uagp35 - ok
17:38:37.0318 3432 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
17:38:37.0334 3432 udfs - ok
17:38:37.0365 3432 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:38:37.0365 3432 UI0Detect - ok
17:38:37.0381 3432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:38:37.0396 3432 uliagpkx - ok
17:38:37.0412 3432 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:38:37.0427 3432 umbus - ok
17:38:37.0443 3432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:38:37.0443 3432 UmPass - ok
17:38:37.0490 3432 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:38:37.0521 3432 upnphost - ok
17:38:37.0568 3432 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:38:37.0568 3432 USBAAPL64 - ok
17:38:37.0615 3432 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:37.0630 3432 usbccgp - ok
17:38:37.0646 3432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:38:37.0661 3432 usbcir - ok
17:38:37.0708 3432 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
17:38:37.0708 3432 usbehci - ok
17:38:37.0739 3432 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
17:38:37.0755 3432 usbhub - ok
17:38:37.0786 3432 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
17:38:37.0786 3432 usbohci - ok
17:38:37.0802 3432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:38:37.0802 3432 usbprint - ok
17:38:37.0864 3432 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:37.0880 3432 USBSTOR - ok
17:38:37.0895 3432 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
17:38:37.0895 3432 usbuhci - ok
17:38:37.0958 3432 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
17:38:37.0973 3432 usbvideo - ok
17:38:38.0005 3432 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:38:38.0005 3432 UxSms - ok
17:38:38.0051 3432 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:38:38.0051 3432 VaultSvc - ok
17:38:38.0083 3432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:38:38.0083 3432 vdrvroot - ok
17:38:38.0145 3432 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:38:38.0176 3432 vds - ok
17:38:38.0207 3432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:38.0207 3432 vga - ok
17:38:38.0223 3432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:38:38.0239 3432 VgaSave - ok
17:38:38.0270 3432 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:38:38.0285 3432 vhdmp - ok
17:38:38.0332 3432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:38:38.0332 3432 viaide - ok
17:38:38.0363 3432 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:38:38.0379 3432 volmgr - ok
17:38:38.0410 3432 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:38:38.0441 3432 volmgrx - ok
17:38:38.0769 3432 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:38:38.0769 3432 volsnap - ok
17:38:38.0816 3432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:38:38.0831 3432 vsmraid - ok
17:38:39.0019 3432 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:38:39.0065 3432 VSS - ok
17:38:39.0206 3432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:38:39.0206 3432 vwifibus - ok
17:38:39.0237 3432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:38:39.0237 3432 vwififlt - ok
17:38:39.0284 3432 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:38:39.0299 3432 W32Time - ok
17:38:39.0331 3432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:38:39.0331 3432 WacomPen - ok
17:38:39.0362 3432 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:39.0377 3432 WANARP - ok
17:38:39.0393 3432 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:38:39.0393 3432 Wanarpv6 - ok
17:38:39.0533 3432 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:38:39.0565 3432 WatAdminSvc - ok
17:38:39.0721 3432 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:38:39.0767 3432 wbengine - ok
17:38:39.0923 3432 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:38:39.0939 3432 WbioSrvc - ok
17:38:40.0001 3432 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:38:40.0033 3432 wcncsvc - ok
17:38:40.0048 3432 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:38:40.0064 3432 WcsPlugInService - ok
17:38:40.0095 3432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:38:40.0095 3432 Wd - ok
17:38:40.0157 3432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:38:40.0189 3432 Wdf01000 - ok
17:38:40.0204 3432 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:38:40.0220 3432 WdiServiceHost - ok
17:38:40.0235 3432 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:38:40.0235 3432 WdiSystemHost - ok
17:38:40.0298 3432 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:38:40.0329 3432 WebClient - ok
17:38:40.0376 3432 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:38:40.0391 3432 Wecsvc - ok
17:38:40.0407 3432 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:38:40.0423 3432 wercplsupport - ok
17:38:40.0454 3432 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:38:40.0469 3432 WerSvc - ok
17:38:40.0501 3432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:38:40.0516 3432 WfpLwf - ok
17:38:40.0532 3432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:38:40.0532 3432 WIMMount - ok
17:38:40.0579 3432 WinDefend - ok
17:38:40.0594 3432 WinHttpAutoProxySvc - ok
17:38:40.0672 3432 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:38:40.0688 3432 Winmgmt - ok
17:38:40.0875 3432 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:38:40.0937 3432 WinRM - ok
17:38:41.0140 3432 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
17:38:41.0140 3432 WinUsb - ok
17:38:41.0234 3432 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:38:41.0265 3432 Wlansvc - ok
17:38:41.0530 3432 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:38:41.0561 3432 wlidsvc - ok
17:38:41.0593 3432 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
17:38:41.0593 3432 wltrysvc - ok
17:38:41.0764 3432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:38:41.0764 3432 WmiAcpi - ok
17:38:41.0827 3432 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:38:41.0858 3432 wmiApSrv - ok
17:38:41.0905 3432 WMPNetworkSvc - ok
17:38:41.0936 3432 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:38:41.0936 3432 WPCSvc - ok
17:38:41.0967 3432 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:38:41.0983 3432 WPDBusEnum - ok
17:38:41.0998 3432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:38:41.0998 3432 ws2ifsl - ok
17:38:42.0045 3432 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
17:38:42.0061 3432 wscsvc - ok
17:38:42.0061 3432 WSearch - ok
17:38:42.0731 3432 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
17:38:42.0794 3432 wuauserv - ok
17:38:42.0997 3432 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
17:38:42.0997 3432 WudfPf - ok
17:38:43.0059 3432 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:43.0075 3432 WUDFRd - ok
17:38:43.0090 3432 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
17:38:43.0106 3432 wudfsvc - ok
17:38:43.0153 3432 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:38:43.0168 3432 WwanSvc - ok
17:38:43.0246 3432 ZTEusbgps (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbgps.sys
17:38:43.0246 3432 ZTEusbgps - ok
17:38:43.0277 3432 ZTEusbmdm6k (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:38:43.0277 3432 ZTEusbmdm6k - ok
17:38:43.0324 3432 ZTEusbnmea (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:38:43.0324 3432 ZTEusbnmea - ok
17:38:43.0355 3432 ZTEusbnmeaext (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys
17:38:43.0371 3432 ZTEusbnmeaext - ok
17:38:43.0387 3432 ZTEusbser6k (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:38:43.0402 3432 ZTEusbser6k - ok
17:38:43.0433 3432 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:38:43.0730 3432 \Device\Harddisk0\DR0 - ok
17:38:43.0745 3432 Boot (0x1200) (9f1b076fc25b07558f060cc73757c819) \Device\Harddisk0\DR0\Partition0
17:38:43.0761 3432 \Device\Harddisk0\DR0\Partition0 - ok
17:38:43.0777 3432 Boot (0x1200) (0454a369519dfd900929c4199f88e8d0) \Device\Harddisk0\DR0\Partition1
17:38:43.0777 3432 \Device\Harddisk0\DR0\Partition1 - ok
17:38:43.0777 3432 ============================================================
17:38:43.0777 3432 Scan finished
17:38:43.0777 3432 ============================================================
17:38:43.0808 2296 Detected object count: 0
17:38:43.0808 2296 Actual detected object count: 0

[jahjaylee]

ComboFix 12-05-29.01 - Jay Lee 05/29/2012 17:11:32.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2681 [GMT -4:00]
Running from: c:\users\Jay Lee\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Jay Lee\AppData\Local\Temp\kmsap.dll
c:\users\Jay Lee\Documents\~WRL0790.tmp
c:\users\Jay Lee\Documents\~WRL1733.tmp
c:\users\Jay Lee\Documents\~WRL1962.tmp
c:\users\Jay Lee\Documents\~WRL2625.tmp
c:\users\Jay Lee\Documents\~WRL3065.tmp
c:\users\Jay Lee\Documents\~WRL3305.tmp
c:\users\Jay Lee\Documents\~WRL3476.tmp
c:\users\JAYLEE~1\AppData\Local\Temp\kmsap.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-05-29 21:21 . 2012-05-29 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 21:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8F2C012-54D2-4582-85DE-F137BE6C34EE}\mpengine.dll
2012-05-24 23:51 . 2012-05-24 23:51 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Malwarebytes
2012-05-24 23:47 . 2012-05-24 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-24 23:47 . 2012-05-24 23:47 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 23:47 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}
2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}
2012-05-16 04:44 . 2012-05-16 07:33 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\programdata\AMD
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-16 03:50 . 2012-05-16 03:51 -------- d-----w- c:\programdata\DriverGenius
2012-05-16 00:49 . 2012-05-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-16 00:36 . 2012-05-16 00:37 -------- d-----w- c:\programdata\Battle.net
2012-05-14 07:18 . 2012-05-14 07:18 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Trine2
2012-05-10 06:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 06:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 06:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 06:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 06:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 06:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 06:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-10 06:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 06:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-10 06:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-10 06:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 06:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 06:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 06:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 06:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 06:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 06:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 06:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 06:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-05 19:13 . 2012-04-05 19:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 19:13 . 2011-06-25 08:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-07 09:04 . 2012-03-07 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 09:04 . 2012-03-07 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 09:04 . 2012-03-07 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 09:04 . 2012-03-07 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 09:04 . 2012-03-07 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 09:04 . 2012-03-07 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 09:04 . 2012-03-07 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 09:04 . 2012-03-07 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 09:04 . 2012-03-07 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 09:04 . 2012-03-07 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 09:04 . 2012-03-07 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 09:04 . 2012-03-07 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 09:04 . 2012-03-07 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 09:04 . 2012-03-07 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-07 09:04 . 2012-03-07 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 09:04 . 2012-03-07 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 09:04 . 2012-03-07 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 09:04 . 2012-03-07 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 09:04 . 2012-03-07 09:04 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 09:04 . 2012-03-07 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 09:04 . 2012-03-07 09:04 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 09:04 . 2012-03-07 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 09:04 . 2012-03-07 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 09:04 . 2012-03-07 09:04 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 09:04 . 2012-03-07 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 09:04 . 2012-03-07 09:04 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 09:04 . 2012-03-07 09:04 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 09:04 . 2012-03-07 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-01 06:54 . 2012-04-12 08:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 08:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 08:00 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 08:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 08:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 08:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 08:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-09 17152]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]
.
2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:13]
.
2012-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job
- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]
.
2012-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job
- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job
- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job
- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF9413.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.daemon-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D50D39E0-253B-4CF2-8E66-59204F2EE0B8}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Jay Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ibc9ucvw.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Reason5_is1 - c:\program files (x86)\Propellerhead\Reason\Uninstall Reason\unins000.exe
AddRemove-{3AEFE723-F44B-4CD0-B8BE-7A4FAC5E5CCB}_is1 - c:\program files (x86)\Anomaly Warzone Earth\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-05-29 17:31:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-29 21:31
.
Pre-Run: 18,580,242,432 bytes free
Post-Run: 19,280,613,376 bytes free
.
- - End Of File - - 08F1B3BA12000585D9F6C3E9CEBD5809

[D-FRED-BROWN]

Please post the Security Check log as well . How are things running now?

[jahjaylee]

Results of screen317's Security Check version 0.99.41
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Lavasoft Ad-Watch Live! Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

[jahjaylee]

Things are running great! Thanks so much for your help.
Everything look alright?

[jahjaylee]

Thought everything was ok... but one of my google results just got redirected to a spam site again...
I think this goes beyond security shield now.

[jahjaylee]

Weird process that is open: csrss.exe

[jahjaylee]

Also: Atieclxx.exe

[D-FRED-BROWN]

Those are legitimate files.

Let's see if we can take care of those redirects. Are they occurring in one particular browser, or all of them? Does it happen every time, or just on occasion? Please let me know.

Please Launch Malwarebytes' Anti-Malware.

• Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.
  
• Once the program has loaded, select Perform full scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Please save it to a location you will remember.
  
• Copy and Paste that log into your next reply.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

[jahjaylee]

On occasion and I only use firefox. My chrome got buggy so I switched back to firefox until I redownload chrome. I'll check IE results while my MBAM runs.

[D-FRED-BROWN]

It might just be a plugin issue, but carry on with the Malwarebytes scan. Let me know how it goes.

[jahjaylee]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jay Lee :: THEALLSPARK [administrator]

5/29/2012 10:23:43 PM
mbam-log-2012-05-30 (17-13-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 512560
Time elapsed: 2 hour(s), 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)

[D-FRED-BROWN]

Go ahead and run ComboFix.exe again. If an update is found, please allow it to update to the newest version. Please post the newly-created C:\ComboFix.txt in your next reply.

[jahjaylee]

ComboFix 12-05-30.04 - Jay Lee 05/30/2012 21:47:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2724 [GMT -4:00]
Running from: c:\users\Jay Lee\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-05-31 01:54 . 2012-05-31 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 23:51 . 2012-05-24 23:51 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Malwarebytes
2012-05-24 23:47 . 2012-05-24 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-24 23:47 . 2012-05-24 23:47 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 23:47 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}
2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}
2012-05-16 04:44 . 2012-05-29 23:16 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\programdata\AMD
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-16 03:50 . 2012-05-16 03:51 -------- d-----w- c:\programdata\DriverGenius
2012-05-16 00:49 . 2012-05-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-16 00:36 . 2012-05-16 00:37 -------- d-----w- c:\programdata\Battle.net
2012-05-14 07:18 . 2012-05-14 07:18 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Trine2
2012-05-10 06:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 06:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 06:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 06:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 06:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 06:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 06:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-10 06:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 06:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-10 06:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-10 06:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 06:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 06:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 06:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 06:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 06:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 06:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 06:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 06:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 06:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-05 19:13 . 2012-04-05 19:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 19:13 . 2011-06-25 08:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-07 09:04 . 2012-03-07 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 09:04 . 2012-03-07 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-07 09:04 . 2012-03-07 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-07 09:04 . 2012-03-07 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-07 09:04 . 2012-03-07 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-07 09:04 . 2012-03-07 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-07 09:04 . 2012-03-07 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-07 09:04 . 2012-03-07 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-07 09:04 . 2012-03-07 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-07 09:04 . 2012-03-07 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-07 09:04 . 2012-03-07 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-07 09:04 . 2012-03-07 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-07 09:04 . 2012-03-07 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 09:04 . 2012-03-07 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-07 09:04 . 2012-03-07 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 09:04 . 2012-03-07 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-07 09:04 . 2012-03-07 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-07 09:04 . 2012-03-07 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-07 09:04 . 2012-03-07 09:04 448512 ----a-w- c:\windows\system32\html.iec
2012-03-07 09:04 . 2012-03-07 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-07 09:04 . 2012-03-07 09:04 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-07 09:04 . 2012-03-07 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-07 09:04 . 2012-03-07 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-07 09:04 . 2012-03-07 09:04 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-07 09:04 . 2012-03-07 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-07 09:04 . 2012-03-07 09:04 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-07 09:04 . 2012-03-07 09:04 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-07 09:04 . 2012-03-07 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-29_21.26.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-05-30 21:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-30 21:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-29 21:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-30 21:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-31 01:58 38238 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-07 21:17 . 2012-05-31 01:58 15964 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2937579301-1935991548-1390105095-1000_UserData.bin
+ 2011-01-06 20:25 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-06 20:25 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-06 20:25 . 2012-05-17 04:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-06 20:25 . 2012-05-29 22:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-31 01:56 . 2012-05-31 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-31 01:56 . 2012-05-31 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-07 14:22 . 2012-05-30 21:18 309788 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-01-07 02:58 . 2012-05-30 08:50 321834 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-29 21:07 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-29 21:30 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-29 21:30 121426 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-29 21:07 121426 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-29 21:23 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-31 01:54 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-11 00:32 . 2012-05-31 01:54 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat
- 2011-01-11 00:32 . 2012-05-29 21:23 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat
- 2009-07-14 02:34 . 2012-05-29 21:23 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-05-30 21:40 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:13]
.
2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job
- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]
.
2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job
- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job
- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job
- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.daemon-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D50D39E0-253B-4CF2-8E66-59204F2EE0B8}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Jay Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ibc9ucvw.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-05-30 22:03:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-31 02:03
ComboFix2.txt 2012-05-29 21:31
.
Pre-Run: 21,686,472,704 bytes free
Post-Run: 21,366,943,744 bytes free
.
- - End Of File - - 00F2481E506D3336D2FB2ED033387078