jahjaylee

Security Shield Help Please.

66 posts in this topic

Hey guys,

I've read a couple other of your help posts on this topic so I have an idea of what needs to be done.

First off, I have attached my DDS and Attach txts. I made sure to update my malwarebytes fully and attached that log as well.

Any help is appreciated. Malwarebytes is currently not catching any viruses and I believe I have disabled ad-aware so I don't think that is interfering.

Thanks for all your help.

DDS.txt

Attach.txt

mbam-log-2012-05-24 (19-53-06).txt

Share this post


Link to post
Share on other sites

Hello jahjaylee and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

Share this post


Link to post
Share on other sites

Thanks so much Fred. I really appreciate it.

I am currently away from my computer over memorial day weekend so I will post my results asap when I return.

Thanks again for your help.

Share this post


Link to post
Share on other sites

No worries. We'll pick up when you get back. Have a nice weekend :).

Share this post


Link to post
Share on other sites

Also, can all of this be done in safe mode?

Or should I just boot up regularly and do this.

Share this post


Link to post
Share on other sites

For now, stick with Normal Mode. If you encounter difficulty (like if one of the scans crashes), then you can try Safe Mode ;).

Share this post


Link to post
Share on other sites

17:38:03.0805 3792 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31

17:38:04.0180 3792 ============================================================

17:38:04.0180 3792 Current date / time: 2012/05/29 17:38:04.0180

17:38:04.0180 3792 SystemInfo:

17:38:04.0180 3792

17:38:04.0180 3792 OS Version: 6.1.7600 ServicePack: 0.0

17:38:04.0180 3792 Product type: Workstation

17:38:04.0180 3792 ComputerName: THEALLSPARK

17:38:04.0180 3792 UserName: Jay Lee

17:38:04.0180 3792 Windows directory: C:\Windows

17:38:04.0180 3792 System windows directory: C:\Windows

17:38:04.0180 3792 Running under WOW64

17:38:04.0180 3792 Processor architecture: Intel x64

17:38:04.0180 3792 Number of processors: 2

17:38:04.0180 3792 Page size: 0x1000

17:38:04.0180 3792 Boot type: Normal boot

17:38:04.0180 3792 ============================================================

17:38:05.0865 3792 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:38:05.0880 3792 ============================================================

17:38:05.0880 3792 \Device\Harddisk0\DR0:

17:38:05.0880 3792 MBR partitions:

17:38:05.0880 3792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1659000

17:38:05.0880 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1678800, BlocksNum 0x38D0D000

17:38:05.0880 3792 ============================================================

17:38:05.0911 3792 C: <-> \Device\Harddisk0\DR0\Partition1

17:38:05.0911 3792 ============================================================

17:38:05.0911 3792 Initialize success

17:38:05.0911 3792 ============================================================

17:38:07.0830 3432 ============================================================

17:38:07.0830 3432 Scan started

17:38:07.0830 3432 Mode: Manual;

17:38:07.0830 3432 ============================================================

17:38:11.0075 3432 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys

17:38:11.0106 3432 1394ohci - ok

17:38:11.0153 3432 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

17:38:11.0184 3432 ACPI - ok

17:38:11.0200 3432 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:38:11.0200 3432 AcpiPmi - ok

17:38:11.0387 3432 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:38:11.0387 3432 AdobeFlashPlayerUpdateSvc - ok

17:38:11.0512 3432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:38:11.0543 3432 adp94xx - ok

17:38:11.0590 3432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:38:11.0605 3432 adpahci - ok

17:38:11.0637 3432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:38:11.0652 3432 adpu320 - ok

17:38:11.0683 3432 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

17:38:11.0683 3432 AeLookupSvc - ok

17:38:11.0793 3432 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

17:38:11.0808 3432 AFD - ok

17:38:11.0839 3432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:38:11.0839 3432 agp440 - ok

17:38:11.0871 3432 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

17:38:11.0871 3432 ALG - ok

17:38:11.0886 3432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:38:11.0902 3432 aliide - ok

17:38:11.0949 3432 AMD External Events Utility (9a5495edebe7d6b3f7e9a86ebe5ea248) C:\Windows\system32\atiesrxx.exe

17:38:11.0949 3432 AMD External Events Utility - ok

17:38:11.0964 3432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:38:11.0964 3432 amdide - ok

17:38:12.0073 3432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:38:12.0089 3432 AmdK8 - ok

17:38:12.0604 3432 amdkmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys

17:38:12.0760 3432 amdkmdag - ok

17:38:12.0916 3432 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

17:38:12.0931 3432 amdkmdap - ok

17:38:12.0947 3432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:38:12.0947 3432 AmdPPM - ok

17:38:13.0009 3432 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

17:38:13.0009 3432 amdsata - ok

17:38:13.0041 3432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:38:13.0056 3432 amdsbs - ok

17:38:13.0087 3432 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

17:38:13.0087 3432 amdxata - ok

17:38:13.0119 3432 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:38:13.0119 3432 AppID - ok

17:38:13.0150 3432 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

17:38:13.0150 3432 AppIDSvc - ok

17:38:13.0197 3432 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

17:38:13.0197 3432 Appinfo - ok

17:38:13.0321 3432 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:38:13.0321 3432 Apple Mobile Device - ok

17:38:13.0368 3432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:38:13.0368 3432 arc - ok

17:38:13.0384 3432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:38:13.0384 3432 arcsas - ok

17:38:13.0727 3432 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:38:13.0758 3432 aspnet_state - ok

17:38:13.0821 3432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:38:13.0821 3432 AsyncMac - ok

17:38:13.0867 3432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:38:13.0867 3432 atapi - ok

17:38:13.0992 3432 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

17:38:13.0992 3432 AtiHDAudioService - ok

17:38:14.0055 3432 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys

17:38:14.0055 3432 AtiHdmiService - ok

17:38:15.0786 3432 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys

17:38:15.0802 3432 atikmdag - ok

17:38:16.0441 3432 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

17:38:16.0473 3432 AudioEndpointBuilder - ok

17:38:16.0488 3432 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

17:38:16.0504 3432 AudioSrv - ok

17:38:16.0613 3432 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

17:38:16.0629 3432 AxInstSV - ok

17:38:16.0722 3432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:38:16.0753 3432 b06bdrv - ok

17:38:16.0800 3432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:38:16.0816 3432 b57nd60a - ok

17:38:16.0847 3432 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys

17:38:16.0847 3432 BCM42RLY - ok

17:38:17.0674 3432 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

17:38:17.0705 3432 BCM43XX - ok

17:38:18.0048 3432 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

17:38:18.0079 3432 BDESVC - ok

17:38:18.0189 3432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:38:18.0189 3432 Beep - ok

17:38:18.0579 3432 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

17:38:18.0610 3432 BFE - ok

17:38:18.0672 3432 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll

17:38:18.0672 3432 BITS - ok

17:38:18.0750 3432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:38:18.0750 3432 blbdrive - ok

17:38:18.0891 3432 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

17:38:18.0891 3432 Bonjour Service - ok

17:38:18.0937 3432 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:38:18.0937 3432 bowser - ok

17:38:18.0953 3432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:38:18.0953 3432 BrFiltLo - ok

17:38:18.0984 3432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:38:18.0984 3432 BrFiltUp - ok

17:38:19.0047 3432 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

17:38:19.0047 3432 BridgeMP - ok

17:38:19.0093 3432 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

17:38:19.0093 3432 Browser - ok

17:38:19.0125 3432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:38:19.0125 3432 Brserid - ok

17:38:19.0140 3432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:38:19.0156 3432 BrSerWdm - ok

17:38:19.0156 3432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:38:19.0156 3432 BrUsbMdm - ok

17:38:19.0156 3432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:38:19.0156 3432 BrUsbSer - ok

17:38:19.0171 3432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:38:19.0187 3432 BTHMODEM - ok

17:38:19.0281 3432 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

17:38:19.0281 3432 bthserv - ok

17:38:19.0296 3432 catchme - ok

17:38:19.0327 3432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:38:19.0327 3432 cdfs - ok

17:38:19.0359 3432 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:38:19.0374 3432 cdrom - ok

17:38:19.0390 3432 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

17:38:19.0390 3432 CertPropSvc - ok

17:38:19.0405 3432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:38:19.0421 3432 circlass - ok

17:38:19.0452 3432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:38:19.0468 3432 CLFS - ok

17:38:19.0515 3432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:38:19.0515 3432 clr_optimization_v2.0.50727_32 - ok

17:38:19.0546 3432 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:38:19.0546 3432 clr_optimization_v2.0.50727_64 - ok

17:38:19.0686 3432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:38:19.0686 3432 clr_optimization_v4.0.30319_32 - ok

17:38:19.0733 3432 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:38:19.0733 3432 clr_optimization_v4.0.30319_64 - ok

17:38:19.0780 3432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:38:19.0780 3432 CmBatt - ok

17:38:19.0795 3432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:38:19.0795 3432 cmdide - ok

17:38:19.0873 3432 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

17:38:19.0889 3432 CNG - ok

17:38:19.0998 3432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:38:19.0998 3432 Compbatt - ok

17:38:20.0029 3432 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:38:20.0045 3432 CompositeBus - ok

17:38:20.0061 3432 COMSysApp - ok

17:38:20.0092 3432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:38:20.0092 3432 crcdisk - ok

17:38:20.0139 3432 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

17:38:20.0139 3432 CryptSvc - ok

17:38:20.0201 3432 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

17:38:20.0217 3432 DcomLaunch - ok

17:38:20.0263 3432 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

17:38:20.0279 3432 defragsvc - ok

17:38:20.0326 3432 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

17:38:20.0341 3432 DfsC - ok

17:38:20.0388 3432 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

17:38:20.0419 3432 Dhcp - ok

17:38:20.0435 3432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:38:20.0435 3432 discache - ok

17:38:20.0482 3432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:38:20.0482 3432 Disk - ok

17:38:20.0529 3432 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

17:38:20.0544 3432 Dnscache - ok

17:38:20.0607 3432 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

17:38:20.0607 3432 dot3svc - ok

17:38:20.0638 3432 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

17:38:20.0653 3432 DPS - ok

17:38:20.0700 3432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:38:20.0700 3432 drmkaud - ok

17:38:20.0763 3432 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:38:20.0778 3432 dtsoftbus01 - ok

17:38:20.0887 3432 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

17:38:20.0903 3432 DXGKrnl - ok

17:38:20.0919 3432 EagleX64 - ok

17:38:20.0950 3432 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

17:38:20.0965 3432 EapHost - ok

17:38:21.0262 3432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:38:21.0355 3432 ebdrv - ok

17:38:21.0496 3432 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

17:38:21.0496 3432 EFS - ok

17:38:21.0621 3432 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

17:38:21.0636 3432 ehRecvr - ok

17:38:21.0683 3432 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

17:38:21.0683 3432 ehSched - ok

17:38:21.0777 3432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:38:21.0792 3432 elxstor - ok

17:38:21.0808 3432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:38:21.0823 3432 ErrDev - ok

17:38:21.0886 3432 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

17:38:21.0901 3432 EventSystem - ok

17:38:21.0917 3432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:38:21.0933 3432 exfat - ok

17:38:21.0979 3432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:38:21.0995 3432 fastfat - ok

17:38:22.0073 3432 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

17:38:22.0089 3432 Fax - ok

17:38:22.0120 3432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:38:22.0120 3432 fdc - ok

17:38:22.0135 3432 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

17:38:22.0151 3432 fdPHost - ok

17:38:22.0167 3432 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

17:38:22.0167 3432 FDResPub - ok

17:38:22.0182 3432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:38:22.0198 3432 FileInfo - ok

17:38:22.0213 3432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:38:22.0213 3432 Filetrace - ok

17:38:22.0229 3432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:38:22.0245 3432 flpydisk - ok

17:38:22.0307 3432 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:38:22.0323 3432 FltMgr - ok

17:38:22.0447 3432 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

17:38:22.0494 3432 FontCache - ok

17:38:22.0557 3432 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:38:22.0557 3432 FontCache3.0.0.0 - ok

17:38:22.0666 3432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:38:22.0666 3432 FsDepends - ok

17:38:22.0853 3432 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

17:38:22.0853 3432 Fs_Rec - ok

17:38:22.0978 3432 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:38:22.0993 3432 fvevol - ok

17:38:23.0025 3432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:38:23.0040 3432 gagp30kx - ok

17:38:23.0071 3432 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:38:23.0071 3432 GEARAspiWDM - ok

17:38:23.0149 3432 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

17:38:23.0181 3432 gpsvc - ok

17:38:23.0196 3432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:38:23.0212 3432 hcw85cir - ok

17:38:23.0243 3432 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:38:23.0243 3432 HDAudBus - ok

17:38:23.0274 3432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:38:23.0274 3432 HidBatt - ok

17:38:23.0290 3432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:38:23.0305 3432 HidBth - ok

17:38:23.0337 3432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:38:23.0337 3432 HidIr - ok

17:38:23.0368 3432 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

17:38:23.0368 3432 hidserv - ok

17:38:23.0399 3432 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:38:23.0399 3432 HidUsb - ok

17:38:23.0415 3432 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

17:38:23.0430 3432 hkmsvc - ok

17:38:23.0461 3432 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

17:38:23.0477 3432 HomeGroupListener - ok

17:38:23.0524 3432 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

17:38:23.0539 3432 HomeGroupProvider - ok

17:38:23.0586 3432 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:38:23.0602 3432 HpSAMD - ok

17:38:23.0680 3432 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:38:23.0711 3432 HTTP - ok

17:38:23.0727 3432 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:38:23.0727 3432 hwpolicy - ok

17:38:23.0758 3432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:38:23.0758 3432 i8042prt - ok

17:38:23.0805 3432 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

17:38:23.0820 3432 iaStorV - ok

17:38:23.0945 3432 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

17:38:23.0945 3432 IDriverT - ok

17:38:24.0070 3432 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:38:24.0101 3432 idsvc - ok

17:38:24.0195 3432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:38:24.0195 3432 iirsp - ok

17:38:24.0273 3432 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

17:38:24.0319 3432 IKEEXT - ok

17:38:24.0351 3432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:38:24.0351 3432 intelide - ok

17:38:24.0397 3432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:38:24.0397 3432 intelppm - ok

17:38:24.0429 3432 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

17:38:24.0429 3432 IPBusEnum - ok

17:38:24.0460 3432 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:38:24.0460 3432 IpFilterDriver - ok

17:38:24.0522 3432 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

17:38:24.0538 3432 iphlpsvc - ok

17:38:24.0553 3432 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:38:24.0569 3432 IPMIDRV - ok

17:38:24.0585 3432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:38:24.0585 3432 IPNAT - ok

17:38:24.0787 3432 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe

17:38:24.0803 3432 iPod Service - ok

17:38:24.0834 3432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:38:24.0834 3432 IRENUM - ok

17:38:24.0850 3432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:38:24.0865 3432 isapnp - ok

17:38:24.0897 3432 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:38:24.0912 3432 iScsiPrt - ok

17:38:24.0928 3432 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys

17:38:24.0943 3432 itecir - ok

17:38:24.0990 3432 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys

17:38:24.0990 3432 k57nd60a - ok

17:38:25.0006 3432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:38:25.0006 3432 kbdclass - ok

17:38:25.0037 3432 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:38:25.0037 3432 kbdhid - ok

17:38:25.0068 3432 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:38:25.0084 3432 KeyIso - ok

17:38:25.0099 3432 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

17:38:25.0099 3432 KSecDD - ok

17:38:25.0131 3432 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

17:38:25.0146 3432 KSecPkg - ok

17:38:25.0162 3432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:38:25.0162 3432 ksthunk - ok

17:38:25.0224 3432 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

17:38:25.0255 3432 KtmRm - ok

17:38:25.0318 3432 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll

17:38:25.0333 3432 LanmanServer - ok

17:38:25.0365 3432 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

17:38:25.0380 3432 LanmanWorkstation - ok

17:38:25.0614 3432 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

17:38:25.0645 3432 Lavasoft Ad-Aware Service - ok

17:38:25.0708 3432 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

17:38:25.0723 3432 Lavasoft Kernexplorer - ok

17:38:25.0904 3432 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

17:38:25.0904 3432 Lbd - ok

17:38:25.0954 3432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:38:25.0954 3432 lltdio - ok

17:38:26.0004 3432 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

17:38:26.0024 3432 lltdsvc - ok

17:38:26.0064 3432 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

17:38:26.0074 3432 lmhosts - ok

17:38:26.0114 3432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:38:26.0124 3432 LSI_FC - ok

17:38:26.0144 3432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:38:26.0154 3432 LSI_SAS - ok

17:38:26.0174 3432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:38:26.0184 3432 LSI_SAS2 - ok

17:38:26.0204 3432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:38:26.0214 3432 LSI_SCSI - ok

17:38:26.0254 3432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:38:26.0264 3432 luafv - ok

17:38:26.0324 3432 massfilter (36efc8c32829a27baf0e63bfdbd5ee90) C:\Windows\system32\drivers\massfilter.sys

17:38:26.0334 3432 massfilter - ok

17:38:26.0364 3432 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

17:38:26.0364 3432 Mcx2Svc - ok

17:38:26.0384 3432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:38:26.0384 3432 megasas - ok

17:38:26.0424 3432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:38:26.0434 3432 MegaSR - ok

17:38:26.0474 3432 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:38:26.0474 3432 MMCSS - ok

17:38:26.0504 3432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:38:26.0504 3432 Modem - ok

17:38:26.0544 3432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:38:26.0544 3432 monitor - ok

17:38:26.0584 3432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:38:26.0584 3432 mouclass - ok

17:38:26.0624 3432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:38:26.0634 3432 mouhid - ok

17:38:26.0654 3432 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:38:26.0654 3432 mountmgr - ok

17:38:26.0684 3432 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:38:26.0694 3432 mpio - ok

17:38:26.0724 3432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:38:26.0724 3432 mpsdrv - ok

17:38:26.0937 3432 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

17:38:26.0968 3432 MpsSvc - ok

17:38:26.0984 3432 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:38:26.0999 3432 MRxDAV - ok

17:38:27.0031 3432 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:38:27.0031 3432 mrxsmb - ok

17:38:27.0109 3432 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:38:27.0124 3432 mrxsmb10 - ok

17:38:27.0280 3432 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:38:27.0280 3432 mrxsmb20 - ok

17:38:27.0321 3432 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

17:38:27.0321 3432 msahci - ok

17:38:27.0341 3432 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:38:27.0351 3432 msdsm - ok

17:38:27.0381 3432 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

17:38:27.0391 3432 MSDTC - ok

17:38:27.0431 3432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:38:27.0431 3432 Msfs - ok

17:38:27.0441 3432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:38:27.0441 3432 mshidkmdf - ok

17:38:27.0461 3432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:38:27.0461 3432 msisadrv - ok

17:38:27.0511 3432 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

17:38:27.0521 3432 MSiSCSI - ok

17:38:27.0531 3432 msiserver - ok

17:38:27.0571 3432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:38:27.0571 3432 MSKSSRV - ok

17:38:27.0591 3432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:38:27.0591 3432 MSPCLOCK - ok

17:38:27.0611 3432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:38:27.0611 3432 MSPQM - ok

17:38:27.0651 3432 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:38:27.0671 3432 MsRPC - ok

17:38:27.0701 3432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:38:27.0701 3432 mssmbios - ok

17:38:27.0721 3432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:38:27.0721 3432 MSTEE - ok

17:38:27.0731 3432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:38:27.0741 3432 MTConfig - ok

17:38:27.0761 3432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:38:27.0761 3432 Mup - ok

17:38:27.0831 3432 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

17:38:27.0851 3432 napagent - ok

17:38:27.0901 3432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:38:27.0974 3432 NativeWifiP - ok

17:38:28.0052 3432 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:38:28.0052 3432 NDIS - ok

17:38:28.0083 3432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:38:28.0083 3432 NdisCap - ok

17:38:28.0130 3432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:38:28.0130 3432 NdisTapi - ok

17:38:28.0145 3432 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:38:28.0145 3432 Ndisuio - ok

17:38:28.0177 3432 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:38:28.0192 3432 NdisWan - ok

17:38:28.0255 3432 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:38:28.0255 3432 NDProxy - ok

17:38:28.0286 3432 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys

17:38:28.0286 3432 Netaapl - ok

17:38:28.0301 3432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:38:28.0317 3432 NetBIOS - ok

17:38:28.0333 3432 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:38:28.0333 3432 NetBT - ok

17:38:28.0379 3432 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:38:28.0379 3432 Netlogon - ok

17:38:28.0426 3432 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

17:38:28.0426 3432 Netman - ok

17:38:28.0535 3432 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:38:28.0551 3432 NetMsmqActivator - ok

17:38:28.0551 3432 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:38:28.0551 3432 NetPipeActivator - ok

17:38:28.0582 3432 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

17:38:28.0598 3432 netprofm - ok

17:38:28.0598 3432 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:38:28.0598 3432 NetTcpActivator - ok

17:38:28.0598 3432 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:38:28.0598 3432 NetTcpPortSharing - ok

17:38:28.0660 3432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:38:28.0660 3432 nfrd960 - ok

17:38:28.0691 3432 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

17:38:28.0707 3432 NlaSvc - ok

17:38:28.0723 3432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:38:28.0723 3432 Npfs - ok

17:38:28.0738 3432 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

17:38:28.0738 3432 nsi - ok

17:38:28.0754 3432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:38:28.0754 3432 nsiproxy - ok

17:38:28.0925 3432 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

17:38:28.0925 3432 Ntfs - ok

17:38:29.0003 3432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:38:29.0003 3432 Null - ok

17:38:29.0066 3432 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

17:38:29.0066 3432 nvraid - ok

17:38:29.0113 3432 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

17:38:29.0113 3432 nvstor - ok

17:38:29.0144 3432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:38:29.0144 3432 nv_agp - ok

17:38:29.0159 3432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:38:29.0159 3432 ohci1394 - ok

17:38:29.0269 3432 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:38:29.0269 3432 ose - ok

17:38:29.0300 3432 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:38:29.0315 3432 p2pimsvc - ok

17:38:29.0331 3432 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

17:38:29.0347 3432 p2psvc - ok

17:38:29.0378 3432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:38:29.0378 3432 Parport - ok

17:38:29.0409 3432 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

17:38:29.0409 3432 partmgr - ok

17:38:29.0425 3432 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

17:38:29.0425 3432 PcaSvc - ok

17:38:29.0456 3432 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:38:29.0456 3432 pci - ok

17:38:29.0471 3432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:38:29.0471 3432 pciide - ok

17:38:29.0503 3432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:38:29.0503 3432 pcmcia - ok

17:38:29.0518 3432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:38:29.0518 3432 pcw - ok

17:38:29.0549 3432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:38:29.0565 3432 PEAUTH - ok

17:38:29.0627 3432 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

17:38:29.0643 3432 PerfHost - ok

17:38:29.0721 3432 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

17:38:29.0768 3432 pla - ok

17:38:29.0830 3432 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

17:38:29.0846 3432 PlugPlay - ok

17:38:29.0877 3432 PnkBstrA - ok

17:38:29.0908 3432 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

17:38:29.0908 3432 PNRPAutoReg - ok

17:38:29.0939 3432 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:38:29.0939 3432 PNRPsvc - ok

17:38:29.0986 3432 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys

17:38:29.0986 3432 Point64 - ok

17:38:30.0017 3432 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

17:38:30.0033 3432 PolicyAgent - ok

17:38:30.0064 3432 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

17:38:30.0064 3432 Power - ok

17:38:30.0111 3432 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:38:30.0111 3432 PptpMiniport - ok

17:38:30.0142 3432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:38:30.0142 3432 Processor - ok

17:38:30.0173 3432 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

17:38:30.0173 3432 ProfSvc - ok

17:38:30.0205 3432 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:38:30.0205 3432 ProtectedStorage - ok

17:38:30.0220 3432 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:38:30.0236 3432 Psched - ok

17:38:30.0439 3432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:38:30.0470 3432 ql2300 - ok

17:38:30.0735 3432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:38:30.0735 3432 ql40xx - ok

17:38:30.0782 3432 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

17:38:30.0797 3432 QWAVE - ok

17:38:30.0829 3432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:38:30.0829 3432 QWAVEdrv - ok

17:38:30.0860 3432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:38:30.0860 3432 RasAcd - ok

17:38:30.0907 3432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:38:30.0922 3432 RasAgileVpn - ok

17:38:30.0938 3432 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

17:38:30.0953 3432 RasAuto - ok

17:38:30.0985 3432 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:38:31.0000 3432 Rasl2tp - ok

17:38:31.0063 3432 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

17:38:31.0094 3432 RasMan - ok

17:38:31.0125 3432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:38:31.0141 3432 RasPppoe - ok

17:38:31.0172 3432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:38:31.0172 3432 RasSstp - ok

17:38:31.0219 3432 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:38:31.0234 3432 rdbss - ok

17:38:31.0250 3432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:38:31.0250 3432 rdpbus - ok

17:38:31.0281 3432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:38:31.0281 3432 RDPCDD - ok

17:38:31.0312 3432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:38:31.0312 3432 RDPENCDD - ok

17:38:31.0343 3432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:38:31.0343 3432 RDPREFMP - ok

17:38:31.0406 3432 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

17:38:31.0421 3432 RDPWD - ok

17:38:31.0484 3432 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

17:38:31.0499 3432 rdyboost - ok

17:38:31.0531 3432 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

17:38:31.0546 3432 RemoteAccess - ok

17:38:31.0593 3432 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

17:38:31.0593 3432 RemoteRegistry - ok

17:38:31.0624 3432 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys

17:38:31.0640 3432 rimmptsk - ok

17:38:31.0655 3432 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys

17:38:31.0655 3432 rimsptsk - ok

17:38:31.0702 3432 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys

17:38:31.0702 3432 rismxdp - ok

17:38:31.0718 3432 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

17:38:31.0733 3432 RpcEptMapper - ok

17:38:31.0749 3432 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

17:38:31.0749 3432 RpcLocator - ok

17:38:31.0811 3432 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

17:38:31.0811 3432 RpcSs - ok

17:38:31.0874 3432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:38:31.0889 3432 rspndr - ok

17:38:31.0921 3432 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:38:31.0936 3432 SamSs - ok

17:38:31.0952 3432 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:38:31.0967 3432 sbp2port - ok

17:38:31.0999 3432 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

17:38:32.0014 3432 SCardSvr - ok

17:38:32.0045 3432 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:38:32.0045 3432 scfilter - ok

17:38:32.0155 3432 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

17:38:32.0170 3432 Schedule - ok

17:38:32.0201 3432 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

17:38:32.0201 3432 SCPolicySvc - ok

17:38:32.0264 3432 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\DRIVERS\sdbus.sys

17:38:32.0264 3432 sdbus - ok

17:38:32.0311 3432 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

17:38:32.0311 3432 SDRSVC - ok

17:38:32.0404 3432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:38:32.0404 3432 secdrv - ok

17:38:32.0404 3432 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

17:38:32.0420 3432 seclogon - ok

17:38:32.0467 3432 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

17:38:32.0482 3432 SENS - ok

17:38:32.0498 3432 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

17:38:32.0498 3432 SensrSvc - ok

17:38:32.0513 3432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:38:32.0513 3432 Serenum - ok

17:38:32.0560 3432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:38:32.0576 3432 Serial - ok

17:38:32.0623 3432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:38:32.0623 3432 sermouse - ok

17:38:32.0669 3432 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

17:38:32.0669 3432 SessionEnv - ok

17:38:32.0685 3432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:38:32.0685 3432 sffdisk - ok

17:38:32.0701 3432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:38:32.0716 3432 sffp_mmc - ok

17:38:32.0732 3432 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:38:32.0732 3432 sffp_sd - ok

17:38:32.0747 3432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:38:32.0747 3432 sfloppy - ok

17:38:32.0794 3432 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

17:38:32.0810 3432 SharedAccess - ok

17:38:32.0857 3432 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

17:38:32.0872 3432 ShellHWDetection - ok

17:38:32.0903 3432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:38:32.0903 3432 SiSRaid2 - ok

17:38:32.0919 3432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:38:32.0935 3432 SiSRaid4 - ok

17:38:33.0449 3432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:38:33.0449 3432 Smb - ok

17:38:33.0512 3432 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

17:38:33.0512 3432 SNMPTRAP - ok

17:38:33.0527 3432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:38:33.0527 3432 spldr - ok

17:38:33.0590 3432 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

17:38:33.0605 3432 Spooler - ok

17:38:34.0417 3432 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

17:38:34.0448 3432 sppsvc - ok

17:38:34.0588 3432 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

17:38:34.0588 3432 sppuinotify - ok

17:38:34.0682 3432 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

17:38:34.0729 3432 srv - ok

17:38:34.0791 3432 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

17:38:34.0853 3432 srv2 - ok

17:38:34.0916 3432 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

17:38:34.0931 3432 srvnet - ok

17:38:34.0978 3432 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

17:38:34.0994 3432 SSDPSRV - ok

17:38:35.0009 3432 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

17:38:35.0009 3432 SstpSvc - ok

17:38:35.0134 3432 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

17:38:35.0150 3432 STacSV - ok

17:38:35.0212 3432 Steam Client Service - ok

17:38:35.0243 3432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:38:35.0243 3432 stexstor - ok

17:38:35.0306 3432 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys

17:38:35.0321 3432 STHDA - ok

17:38:35.0399 3432 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

17:38:35.0431 3432 stisvc - ok

17:38:35.0446 3432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:38:35.0446 3432 swenum - ok

17:38:35.0524 3432 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

17:38:35.0540 3432 swprv - ok

17:38:35.0665 3432 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys

17:38:35.0665 3432 SynTP - ok

17:38:35.0805 3432 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

17:38:35.0867 3432 SysMain - ok

17:38:36.0023 3432 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

17:38:36.0039 3432 TabletInputService - ok

17:38:36.0070 3432 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

17:38:36.0070 3432 TapiSrv - ok

17:38:36.0101 3432 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

17:38:36.0117 3432 TBS - ok

17:38:36.0320 3432 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

17:38:36.0335 3432 Tcpip - ok

17:38:36.0616 3432 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

17:38:36.0647 3432 TCPIP6 - ok

17:38:36.0741 3432 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:38:36.0757 3432 tcpipreg - ok

17:38:36.0788 3432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:38:36.0788 3432 TDPIPE - ok

17:38:36.0835 3432 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

17:38:36.0835 3432 TDTCP - ok

17:38:36.0866 3432 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:38:36.0866 3432 tdx - ok

17:38:36.0897 3432 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:38:36.0897 3432 TermDD - ok

17:38:36.0991 3432 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

17:38:37.0006 3432 TermService - ok

17:38:37.0022 3432 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

17:38:37.0022 3432 Themes - ok

17:38:37.0069 3432 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:38:37.0069 3432 THREADORDER - ok

17:38:37.0084 3432 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

17:38:37.0100 3432 TrkWks - ok

17:38:37.0162 3432 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

17:38:37.0162 3432 TrustedInstaller - ok

17:38:37.0193 3432 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:38:37.0193 3432 tssecsrv - ok

17:38:37.0240 3432 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:38:37.0240 3432 tunnel - ok

17:38:37.0271 3432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:38:37.0271 3432 uagp35 - ok

17:38:37.0318 3432 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

17:38:37.0334 3432 udfs - ok

17:38:37.0365 3432 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

17:38:37.0365 3432 UI0Detect - ok

17:38:37.0381 3432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:38:37.0396 3432 uliagpkx - ok

17:38:37.0412 3432 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:38:37.0427 3432 umbus - ok

17:38:37.0443 3432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:38:37.0443 3432 UmPass - ok

17:38:37.0490 3432 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

17:38:37.0521 3432 upnphost - ok

17:38:37.0568 3432 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

17:38:37.0568 3432 USBAAPL64 - ok

17:38:37.0615 3432 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

17:38:37.0630 3432 usbccgp - ok

17:38:37.0646 3432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:38:37.0661 3432 usbcir - ok

17:38:37.0708 3432 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

17:38:37.0708 3432 usbehci - ok

17:38:37.0739 3432 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

17:38:37.0755 3432 usbhub - ok

17:38:37.0786 3432 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

17:38:37.0786 3432 usbohci - ok

17:38:37.0802 3432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:38:37.0802 3432 usbprint - ok

17:38:37.0864 3432 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:38:37.0880 3432 USBSTOR - ok

17:38:37.0895 3432 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys

17:38:37.0895 3432 usbuhci - ok

17:38:37.0958 3432 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys

17:38:37.0973 3432 usbvideo - ok

17:38:38.0005 3432 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

17:38:38.0005 3432 UxSms - ok

17:38:38.0051 3432 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

17:38:38.0051 3432 VaultSvc - ok

17:38:38.0083 3432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:38:38.0083 3432 vdrvroot - ok

17:38:38.0145 3432 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

17:38:38.0176 3432 vds - ok

17:38:38.0207 3432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:38:38.0207 3432 vga - ok

17:38:38.0223 3432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:38:38.0239 3432 VgaSave - ok

17:38:38.0270 3432 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:38:38.0285 3432 vhdmp - ok

17:38:38.0332 3432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:38:38.0332 3432 viaide - ok

17:38:38.0363 3432 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:38:38.0379 3432 volmgr - ok

17:38:38.0410 3432 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:38:38.0441 3432 volmgrx - ok

17:38:38.0769 3432 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:38:38.0769 3432 volsnap - ok

17:38:38.0816 3432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:38:38.0831 3432 vsmraid - ok

17:38:39.0019 3432 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

17:38:39.0065 3432 VSS - ok

17:38:39.0206 3432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:38:39.0206 3432 vwifibus - ok

17:38:39.0237 3432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:38:39.0237 3432 vwififlt - ok

17:38:39.0284 3432 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

17:38:39.0299 3432 W32Time - ok

17:38:39.0331 3432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:38:39.0331 3432 WacomPen - ok

17:38:39.0362 3432 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:38:39.0377 3432 WANARP - ok

17:38:39.0393 3432 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:38:39.0393 3432 Wanarpv6 - ok

17:38:39.0533 3432 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

17:38:39.0565 3432 WatAdminSvc - ok

17:38:39.0721 3432 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

17:38:39.0767 3432 wbengine - ok

17:38:39.0923 3432 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

17:38:39.0939 3432 WbioSrvc - ok

17:38:40.0001 3432 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

17:38:40.0033 3432 wcncsvc - ok

17:38:40.0048 3432 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

17:38:40.0064 3432 WcsPlugInService - ok

17:38:40.0095 3432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:38:40.0095 3432 Wd - ok

17:38:40.0157 3432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:38:40.0189 3432 Wdf01000 - ok

17:38:40.0204 3432 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:38:40.0220 3432 WdiServiceHost - ok

17:38:40.0235 3432 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:38:40.0235 3432 WdiSystemHost - ok

17:38:40.0298 3432 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

17:38:40.0329 3432 WebClient - ok

17:38:40.0376 3432 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

17:38:40.0391 3432 Wecsvc - ok

17:38:40.0407 3432 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

17:38:40.0423 3432 wercplsupport - ok

17:38:40.0454 3432 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

17:38:40.0469 3432 WerSvc - ok

17:38:40.0501 3432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:38:40.0516 3432 WfpLwf - ok

17:38:40.0532 3432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:38:40.0532 3432 WIMMount - ok

17:38:40.0579 3432 WinDefend - ok

17:38:40.0594 3432 WinHttpAutoProxySvc - ok

17:38:40.0672 3432 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

17:38:40.0688 3432 Winmgmt - ok

17:38:40.0875 3432 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

17:38:40.0937 3432 WinRM - ok

17:38:41.0140 3432 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

17:38:41.0140 3432 WinUsb - ok

17:38:41.0234 3432 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

17:38:41.0265 3432 Wlansvc - ok

17:38:41.0530 3432 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:38:41.0561 3432 wlidsvc - ok

17:38:41.0593 3432 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

17:38:41.0593 3432 wltrysvc - ok

17:38:41.0764 3432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:38:41.0764 3432 WmiAcpi - ok

17:38:41.0827 3432 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

17:38:41.0858 3432 wmiApSrv - ok

17:38:41.0905 3432 WMPNetworkSvc - ok

17:38:41.0936 3432 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

17:38:41.0936 3432 WPCSvc - ok

17:38:41.0967 3432 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

17:38:41.0983 3432 WPDBusEnum - ok

17:38:41.0998 3432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:38:41.0998 3432 ws2ifsl - ok

17:38:42.0045 3432 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll

17:38:42.0061 3432 wscsvc - ok

17:38:42.0061 3432 WSearch - ok

17:38:42.0731 3432 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

17:38:42.0794 3432 wuauserv - ok

17:38:42.0997 3432 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

17:38:42.0997 3432 WudfPf - ok

17:38:43.0059 3432 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:38:43.0075 3432 WUDFRd - ok

17:38:43.0090 3432 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll

17:38:43.0106 3432 wudfsvc - ok

17:38:43.0153 3432 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

17:38:43.0168 3432 WwanSvc - ok

17:38:43.0246 3432 ZTEusbgps (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbgps.sys

17:38:43.0246 3432 ZTEusbgps - ok

17:38:43.0277 3432 ZTEusbmdm6k (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

17:38:43.0277 3432 ZTEusbmdm6k - ok

17:38:43.0324 3432 ZTEusbnmea (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

17:38:43.0324 3432 ZTEusbnmea - ok

17:38:43.0355 3432 ZTEusbnmeaext (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys

17:38:43.0371 3432 ZTEusbnmeaext - ok

17:38:43.0387 3432 ZTEusbser6k (d6959a4fc3b56afd9e31b0e71377c05f) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

17:38:43.0402 3432 ZTEusbser6k - ok

17:38:43.0433 3432 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:38:43.0730 3432 \Device\Harddisk0\DR0 - ok

17:38:43.0745 3432 Boot (0x1200) (9f1b076fc25b07558f060cc73757c819) \Device\Harddisk0\DR0\Partition0

17:38:43.0761 3432 \Device\Harddisk0\DR0\Partition0 - ok

17:38:43.0777 3432 Boot (0x1200) (0454a369519dfd900929c4199f88e8d0) \Device\Harddisk0\DR0\Partition1

17:38:43.0777 3432 \Device\Harddisk0\DR0\Partition1 - ok

17:38:43.0777 3432 ============================================================

17:38:43.0777 3432 Scan finished

17:38:43.0777 3432 ============================================================

17:38:43.0808 2296 Detected object count: 0

17:38:43.0808 2296 Actual detected object count: 0

Share this post


Link to post
Share on other sites

ComboFix 12-05-29.01 - Jay Lee 05/29/2012 17:11:32.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2681 [GMT -4:00]

Running from: c:\users\Jay Lee\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Jay Lee\AppData\Local\Temp\kmsap.dll

c:\users\Jay Lee\Documents\~WRL0790.tmp

c:\users\Jay Lee\Documents\~WRL1733.tmp

c:\users\Jay Lee\Documents\~WRL1962.tmp

c:\users\Jay Lee\Documents\~WRL2625.tmp

c:\users\Jay Lee\Documents\~WRL3065.tmp

c:\users\Jay Lee\Documents\~WRL3305.tmp

c:\users\Jay Lee\Documents\~WRL3476.tmp

c:\users\JAYLEE~1\AppData\Local\Temp\kmsap.dll

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))

.

.

2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2012-05-29 21:21 . 2012-05-29 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-29 21:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8F2C012-54D2-4582-85DE-F137BE6C34EE}\mpengine.dll

2012-05-24 23:51 . 2012-05-24 23:51 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Malwarebytes

2012-05-24 23:47 . 2012-05-24 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-24 23:47 . 2012-05-24 23:47 -------- d-----w- c:\programdata\Malwarebytes

2012-05-24 23:47 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}

2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}

2012-05-16 04:44 . 2012-05-16 07:33 -------- d-----w- c:\program files (x86)\Diablo III

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\programdata\AMD

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD AVT

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD APP

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-05-16 03:50 . 2012-05-16 03:51 -------- d-----w- c:\programdata\DriverGenius

2012-05-16 00:49 . 2012-05-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2012-05-16 00:36 . 2012-05-16 00:37 -------- d-----w- c:\programdata\Battle.net

2012-05-14 07:18 . 2012-05-14 07:18 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Trine2

2012-05-10 06:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 06:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-10 06:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-10 06:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-10 06:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-05-10 06:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 06:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-05-10 06:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-05-10 06:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-05-10 06:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-05-10 06:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-10 06:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 06:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 06:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 06:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 06:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-10 06:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 06:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 06:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 06:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 06:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll

2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll

2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll

2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-04-05 19:13 . 2012-04-05 19:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-05 19:13 . 2011-06-25 08:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2012-03-07 09:04 . 2012-03-07 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-07 09:04 . 2012-03-07 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-07 09:04 . 2012-03-07 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-07 09:04 . 2012-03-07 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-07 09:04 . 2012-03-07 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-07 09:04 . 2012-03-07 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-07 09:04 . 2012-03-07 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-07 09:04 . 2012-03-07 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-07 09:04 . 2012-03-07 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-07 09:04 . 2012-03-07 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-07 09:04 . 2012-03-07 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-07 09:04 . 2012-03-07 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-07 09:04 . 2012-03-07 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-07 09:04 . 2012-03-07 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-07 09:04 . 2012-03-07 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-07 09:04 . 2012-03-07 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-07 09:04 . 2012-03-07 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-07 09:04 . 2012-03-07 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-07 09:04 . 2012-03-07 09:04 448512 ----a-w- c:\windows\system32\html.iec

2012-03-07 09:04 . 2012-03-07 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-07 09:04 . 2012-03-07 09:04 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-07 09:04 . 2012-03-07 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-07 09:04 . 2012-03-07 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-07 09:04 . 2012-03-07 09:04 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-07 09:04 . 2012-03-07 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-07 09:04 . 2012-03-07 09:04 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-07 09:04 . 2012-03-07 09:04 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-07 09:04 . 2012-03-07 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-01 06:54 . 2012-04-12 08:00 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:45 . 2012-04-12 08:00 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:40 . 2012-04-12 08:00 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:35 . 2012-04-12 08:00 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:49 . 2012-04-12 08:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:45 . 2012-04-12 08:00 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:40 . 2012-04-12 08:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-09 17152]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]

R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]

.

2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:13]

.

2012-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job

- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]

.

2012-05-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job

- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]

.

2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job

- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job

- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF9413.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = my.daemon-search.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{D50D39E0-253B-4CF2-8E66-59204F2EE0B8}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Jay Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ibc9ucvw.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Reason5_is1 - c:\program files (x86)\Propellerhead\Reason\Uninstall Reason\unins000.exe

AddRemove-{3AEFE723-F44B-4CD0-B8BE-7A4FAC5E5CCB}_is1 - c:\program files (x86)\Anomaly Warzone Earth\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2012-05-29 17:31:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-29 21:31

.

Pre-Run: 18,580,242,432 bytes free

Post-Run: 19,280,613,376 bytes free

.

- - End Of File - - 08F1B3BA12000585D9F6C3E9CEBD5809

Share this post


Link to post
Share on other sites

Please post the Security Check log as well :). How are things running now?

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.41

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Lavasoft Ad-Watch Live! Anti-Virus

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 30

Java version out of date!

Adobe Flash Player 10 Flash Player out of date!

Adobe Reader X 10.0.1 Adobe Reader out of Date!

Mozilla Firefox 11.0 Firefox out of Date!

Google Chrome 19.0.1084.46

Google Chrome 19.0.1084.52

````````Process Check: objlist.exe by Laurent````````

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Things are running great! Thanks so much for your help.

Everything look alright?

Share this post


Link to post
Share on other sites

Thought everything was ok... but one of my google results just got redirected to a spam site again...

I think this goes beyond security shield now.

Share this post


Link to post
Share on other sites

Those are legitimate files. ;)

Let's see if we can take care of those redirects. Are they occurring in one particular browser, or all of them? Does it happen every time, or just on occasion? Please let me know. :)

Please Launch Malwarebytes' Anti-Malware.

  • Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Share this post


Link to post
Share on other sites

On occasion and I only use firefox. My chrome got buggy so I switched back to firefox until I redownload chrome. I'll check IE results while my MBAM runs.

Share this post


Link to post
Share on other sites

It might just be a plugin issue, but carry on with the Malwarebytes scan. Let me know how it goes.

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.29.07

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Jay Lee :: THEALLSPARK [administrator]

5/29/2012 10:23:43 PM

mbam-log-2012-05-30 (17-13-24).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 512560

Time elapsed: 2 hour(s), 4 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

Go ahead and run ComboFix.exe again. If an update is found, please allow it to update to the newest version. Please post the newly-created C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-05-30.04 - Jay Lee 05/30/2012 21:47:04.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2724 [GMT -4:00]

Running from: c:\users\Jay Lee\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))

.

.

2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2012-05-31 01:54 . 2012-05-31 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-24 23:51 . 2012-05-24 23:51 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Malwarebytes

2012-05-24 23:47 . 2012-05-24 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-24 23:47 . 2012-05-24 23:47 -------- d-----w- c:\programdata\Malwarebytes

2012-05-24 23:47 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}

2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}

2012-05-16 04:44 . 2012-05-29 23:16 -------- d-----w- c:\program files (x86)\Diablo III

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\programdata\AMD

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD AVT

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD APP

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-05-16 03:50 . 2012-05-16 03:51 -------- d-----w- c:\programdata\DriverGenius

2012-05-16 00:49 . 2012-05-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2012-05-16 00:36 . 2012-05-16 00:37 -------- d-----w- c:\programdata\Battle.net

2012-05-14 07:18 . 2012-05-14 07:18 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Trine2

2012-05-10 06:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 06:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-10 06:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-10 06:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-10 06:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-05-10 06:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 06:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-05-10 06:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-05-10 06:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-05-10 06:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-05-10 06:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-10 06:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 06:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 06:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 06:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 06:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-10 06:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 06:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 06:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 06:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 06:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll

2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll

2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll

2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-04-05 19:13 . 2012-04-05 19:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-05 19:13 . 2011-06-25 08:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2012-03-07 09:04 . 2012-03-07 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-07 09:04 . 2012-03-07 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-07 09:04 . 2012-03-07 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-07 09:04 . 2012-03-07 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-07 09:04 . 2012-03-07 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-07 09:04 . 2012-03-07 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-07 09:04 . 2012-03-07 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-07 09:04 . 2012-03-07 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-07 09:04 . 2012-03-07 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-07 09:04 . 2012-03-07 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-07 09:04 . 2012-03-07 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-07 09:04 . 2012-03-07 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-07 09:04 . 2012-03-07 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-07 09:04 . 2012-03-07 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-07 09:04 . 2012-03-07 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-07 09:04 . 2012-03-07 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-07 09:04 . 2012-03-07 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-07 09:04 . 2012-03-07 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-07 09:04 . 2012-03-07 09:04 448512 ----a-w- c:\windows\system32\html.iec

2012-03-07 09:04 . 2012-03-07 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-07 09:04 . 2012-03-07 09:04 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-07 09:04 . 2012-03-07 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-07 09:04 . 2012-03-07 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-07 09:04 . 2012-03-07 09:04 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-07 09:04 . 2012-03-07 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-07 09:04 . 2012-03-07 09:04 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-07 09:04 . 2012-03-07 09:04 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-07 09:04 . 2012-03-07 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-29_21.26.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-05-30 21:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-05-30 21:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-29 21:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-30 21:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-05-31 01:58 38238 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-01-07 21:17 . 2012-05-31 01:58 15964 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2937579301-1935991548-1390105095-1000_UserData.bin

+ 2011-01-06 20:25 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-06 20:25 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-06 20:25 . 2012-05-17 04:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-01-06 20:25 . 2012-05-29 22:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-05-31 01:56 . 2012-05-31 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-31 01:56 . 2012-05-31 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-01-07 14:22 . 2012-05-30 21:18 309788 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-01-07 02:58 . 2012-05-30 08:50 321834 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-05-29 21:07 660530 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-29 21:30 660530 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-29 21:30 121426 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-29 21:07 121426 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-05-29 21:23 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-31 01:54 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-01-11 00:32 . 2012-05-31 01:54 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat

- 2011-01-11 00:32 . 2012-05-29 21:23 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat

- 2009-07-14 02:34 . 2012-05-29 21:23 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2012-05-30 21:40 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]

R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:13]

.

2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job

- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]

.

2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job

- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job

- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job

- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = my.daemon-search.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{D50D39E0-253B-4CF2-8E66-59204F2EE0B8}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Jay Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ibc9ucvw.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-05-30 22:03:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-31 02:03

ComboFix2.txt 2012-05-29 21:31

.

Pre-Run: 21,686,472,704 bytes free

Post-Run: 21,366,943,744 bytes free

.

- - End Of File - - 00F2481E506D3336D2FB2ED033387078

Share this post


Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::

C:\Users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Share this post


Link to post
Share on other sites

ComboFix 12-05-31.02 - Jay Lee 05/31/2012 20:24:43.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2898 [GMT -4:00]

Running from: c:\users\Jay Lee\Desktop\ComboFix.exe

Command switches used :: c:\users\Jay Lee\Desktop\CFScript.txt

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\@

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\L\00000004.@

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\L\1afb2d56

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\L\80000032.@

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\n

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\00000004.@

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\000000cb.@

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\80000000.@

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\80000032.@

c:\users\Jay Lee\AppData\Local\{ed0e3dda-1775-e79c-92fd-e5d985e91c9a}\U\80000064.@

.

.

((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))

.

.

2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2012-06-01 00:34 . 2012-06-01 00:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-31 22:27 . 2012-05-31 22:27 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\LolClient2

2012-05-29 21:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8F2C012-54D2-4582-85DE-F137BE6C34EE}\mpengine.dll

2012-05-24 23:51 . 2012-05-24 23:51 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Malwarebytes

2012-05-24 23:47 . 2012-05-24 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-24 23:47 . 2012-05-24 23:47 -------- d-----w- c:\programdata\Malwarebytes

2012-05-24 23:47 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}

2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}

2012-05-16 04:44 . 2012-05-31 21:56 -------- d-----w- c:\program files (x86)\Diablo III

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\programdata\AMD

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD AVT

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD APP

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-05-16 03:50 . 2012-05-16 03:51 -------- d-----w- c:\programdata\DriverGenius

2012-05-16 00:49 . 2012-05-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2012-05-16 00:36 . 2012-05-16 00:37 -------- d-----w- c:\programdata\Battle.net

2012-05-14 07:18 . 2012-05-14 07:18 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Trine2

2012-05-10 06:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 06:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-10 06:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-10 06:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-10 06:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-05-10 06:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 06:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-05-10 06:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-05-10 06:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-05-10 06:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-05-10 06:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-10 06:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 06:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 06:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 06:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 06:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-10 06:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 06:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 06:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 06:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 06:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll

2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll

2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll

2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-04-05 19:13 . 2012-04-05 19:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-05 19:13 . 2011-06-25 08:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2012-03-07 09:04 . 2012-03-07 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-07 09:04 . 2012-03-07 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-07 09:04 . 2012-03-07 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-07 09:04 . 2012-03-07 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-07 09:04 . 2012-03-07 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-07 09:04 . 2012-03-07 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-07 09:04 . 2012-03-07 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-07 09:04 . 2012-03-07 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-07 09:04 . 2012-03-07 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-07 09:04 . 2012-03-07 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-07 09:04 . 2012-03-07 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-07 09:04 . 2012-03-07 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-07 09:04 . 2012-03-07 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-07 09:04 . 2012-03-07 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-07 09:04 . 2012-03-07 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-07 09:04 . 2012-03-07 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-07 09:04 . 2012-03-07 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-07 09:04 . 2012-03-07 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-07 09:04 . 2012-03-07 09:04 448512 ----a-w- c:\windows\system32\html.iec

2012-03-07 09:04 . 2012-03-07 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-07 09:04 . 2012-03-07 09:04 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-07 09:04 . 2012-03-07 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-07 09:04 . 2012-03-07 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-07 09:04 . 2012-03-07 09:04 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-07 09:04 . 2012-03-07 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-07 09:04 . 2012-03-07 09:04 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-07 09:04 . 2012-03-07 09:04 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-07 09:04 . 2012-03-07 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-29_21.26.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-06-01 00:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-01 00:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-29 21:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-01 00:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-05-31 01:58 38238 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-01-07 21:17 . 2012-05-31 01:58 15964 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2937579301-1935991548-1390105095-1000_UserData.bin

+ 2011-01-06 20:25 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-06 20:25 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-06 20:25 . 2012-05-17 04:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-01-06 20:25 . 2012-05-29 22:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-06-01 00:35 . 2012-06-01 00:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-01 00:35 . 2012-06-01 00:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-01-07 14:22 . 2012-06-01 00:16 310262 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-01-07 02:58 . 2012-05-31 06:36 322116 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-05-29 21:07 660530 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-31 21:58 660530 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-05-31 21:58 121426 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-05-29 21:07 121426 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-05-29 21:23 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-01 00:34 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-01-11 00:32 . 2012-06-01 00:34 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat

- 2011-01-11 00:32 . 2012-05-29 21:23 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat

- 2009-07-14 02:34 . 2012-05-29 21:23 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2012-05-31 23:46 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-09 17152]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]

R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]

.

2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:13]

.

2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job

- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]

.

2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job

- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job

- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]

.

2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job

- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = my.daemon-search.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{D50D39E0-253B-4CF2-8E66-59204F2EE0B8}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Jay Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ibc9ucvw.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2012-05-31 20:44:36 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-01 00:44

ComboFix2.txt 2012-05-31 02:03

ComboFix3.txt 2012-05-29 21:31

.

Pre-Run: 21,533,388,800 bytes free

Post-Run: 21,349,294,080 bytes free

.

- - End Of File - - FE77BCA34A9A9233DA402C8898807046

Share this post


Link to post
Share on other sites

Please reboot the computer. After that, do you still experience any issues? We're not quite finished yet, but I need to verify that the virus doesn't re-appear after we've cleaned it.

Share this post


Link to post
Share on other sites

The virus is still on my computer. When I google search my results are sometimes again redirected to spam sites.

Sorry I was away from my computer again for a couple days.

Thanks for your help.

Share this post


Link to post
Share on other sites

Go ahead and run ComboFix once again. If asked to update to the newest version, please allow it to do so. Please include the new C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.