Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Infected


  • This topic is locked This topic is locked
26 replies to this topic

#1 Savo.

Savo.

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 08 April 2012 - 01:41 PM

Hello,

My internet explorer(IE9) has got infected. When I type in a search for a site and click on it, I am being redirected to a different site. I ran Ad-Aware pro and Malwarebytes, and they detected nothing, but I have still have the infection on internet explorer. I used Hijackthis, so here's the log.



ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:26:40, on 08/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
G:\AD-AWA~1\AdAware.exe
G:\Downloads G\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Adobe PDF Link Helper - {72E3328C-6531-7DA4-415C-500F22C54648} - C:\Windows\SysWOW64\nshwfpp.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "G:\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Savage\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - G:\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - G:\Ad-Aware Antivirus\Engine\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10168 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 09 April 2012 - 12:18 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Savo.

Savo.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 09 April 2012 - 03:59 AM

Hello Gringo,

Thanks for replying.

The Internet Explorer is running very slow, and no matter what I type into google and click search, a blank screen comes up with please click here if you are not redirected in a few seconds ( I don't click it because it's probably a virus or something ).

Here's the DDS logs you asked for


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Savage at 9:35:20 on 2012-04-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4437 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
G:\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\Savage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Savage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Savage\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Adobe PDF Link Helper: {72e3328c-6531-7da4-415c-500f22c54648} - C:\Windows\SysWOW64\nshwfpp.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Savage\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: northernbank.co.uk\www
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3FBAA943-FA99-42D4-A396-E4767A8BEA67} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Adobe PDF Link Helper: {72E3328C-6531-7DA4-415C-500F22C54648} - C:\Windows\SysWOW64\nshwfpp.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-3-11 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-3-11 61712]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;G:\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-27 2348352]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiH8000;SaiH8000;C:\Windows\system32\DRIVERS\SaiH8000.sys --> C:\Windows\system32\DRIVERS\SaiH8000.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBAMSvc;Ad-Aware;G:\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\system32\DRIVERS\zghsmdm.sys --> C:\Windows\system32\DRIVERS\zghsmdm.sys [?]
.
=============== Created Last 30 ================
.
2012-04-08 17:43:05 -------- d-----w- C:\Users\Savage\AppData\Local\{C4FC0962-D85A-4094-96ED-9AE3BACECEF2}
2012-04-08 16:19:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-08 16:14:28 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2012-04-08 16:14:28 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-04-08 15:50:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-08 11:07:34 -------- d-----w- C:\Users\Savage\AppData\Local\{0B15D480-C583-488E-AF55-7A21BBF8BA7E}
2012-04-07 07:49:51 -------- d-----w- C:\Users\Savage\AppData\Local\adaware
2012-04-07 07:49:50 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-07 07:49:49 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-07 07:49:49 45904 ----a-w- C:\Windows\System32\sbbd.exe
2012-04-07 07:49:46 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-07 07:49:46 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-07 07:49:43 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-07 07:49:43 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-07 07:49:09 -------- d-----w- C:\Users\Savage\AppData\Roaming\Ad-Aware Antivirus
2012-04-07 07:36:33 -------- d-----w- C:\sh4ldr
2012-04-07 07:36:33 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-07 07:36:11 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-07 07:10:00 -------- d-----w- C:\Users\Savage\AppData\Local\Google
2012-04-07 07:09:52 -------- d-----w- C:\Users\Savage\AppData\Local\Deployment
2012-04-07 07:09:52 -------- d-----w- C:\Users\Savage\AppData\Local\Apps
2012-04-06 07:18:42 -------- d-----w- C:\Users\Savage\AppData\Local\{B945B5C8-8DCE-4EEB-8C2E-FA6B81FD5BC7}
2012-04-06 06:25:06 -------- d-----w- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2012-04-05 17:40:15 -------- d-----w- C:\Users\Savage\AppData\Local\{9A3BE893-4783-4032-8947-242861FCE17B}
2012-04-05 07:23:55 -------- d-----w- C:\ProgramData\rokapublish
2012-04-05 07:20:54 -------- d-----w- C:\Windows\SysWow64\2058
2012-04-05 06:34:57 -------- d-----w- C:\ProgramData\PopCap Games
2012-04-05 06:02:03 -------- d-----w- C:\ProgramData\SpinTop Games
2012-04-03 08:49:49 809496 ----a-r- C:\Windows\SysWow64\tmp9465.tmp
2012-04-03 08:49:48 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-03 07:44:41 -------- d-----w- C:\Users\Savage\AppData\Roaming\iWin
2012-04-03 07:37:11 -------- d-----w- C:\ProgramData\cerasus.media
2012-04-03 07:37:10 -------- d-----w- C:\Users\Savage\AppData\Roaming\cerasus.media
2012-04-03 07:18:54 -------- d-----w- C:\Users\Savage\AppData\Local\{6B07E7AF-32FE-424F-B51A-33D95AF7939B}
2012-04-02 11:05:13 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 08:47:57 -------- d-----w- C:\Users\Savage\AppData\Local\{1B81ACAE-7D14-4ED0-A007-9F9F96C25063}
2012-03-28 16:26:40 -------- d-----w- C:\Users\Savage\AppData\Local\{F7FECA38-2209-4799-AD71-E2660CE11A1F}
2012-03-28 16:26:29 -------- d-----w- C:\Users\Savage\AppData\Local\{BF172CB1-D39B-4DBD-A768-E6032184B47F}
2012-03-24 07:40:49 -------- d-----w- C:\Users\Savage\AppData\Local\{D3F3F98C-8D79-4B1C-8934-BC59E15D1A3E}
2012-03-24 07:40:38 -------- d-----w- C:\Users\Savage\AppData\Local\{F2EBD9A8-389E-42ED-B159-E4BDD1E41210}
2012-03-22 20:27:23 -------- d-----w- C:\Users\Savage\AppData\Local\{03335C97-2A80-4FA3-B8C5-8782E2C2A09B}
2012-03-22 20:27:12 -------- d-----w- C:\Users\Savage\AppData\Local\{DFB69BAF-3D79-41B1-A946-2A949C79694E}
2012-03-20 08:41:58 -------- d-----w- C:\Users\Savage\AppData\Local\{F2A77725-874B-4F5E-9977-D41E8EF51FEE}
2012-03-20 08:41:47 -------- d-----w- C:\Users\Savage\AppData\Local\{4D6ACA75-4329-47FF-93D0-7EA17939DEFE}
2012-03-18 10:35:33 -------- d-----w- C:\Users\Savage\AppData\Local\{9782D1D2-2BE4-49BE-8162-421A7071D500}
2012-03-18 10:35:22 -------- d-----w- C:\Users\Savage\AppData\Local\{8E229553-DE0F-4E2C-BEA9-49FC99D05652}
2012-03-15 20:20:13 -------- d-----w- C:\Users\Savage\AppData\Local\{00F6A2D3-6593-4F98-97F9-25452790595E}
2012-03-15 20:20:03 -------- d-----w- C:\Users\Savage\AppData\Local\{F17D0A77-00D7-467A-A2C9-56281A014168}
2012-03-14 09:26:45 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 09:26:45 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:26:45 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 06:55:32 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 06:55:31 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 06:55:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 06:54:57 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 06:54:57 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 06:54:57 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 06:54:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 06:54:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 06:54:57 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 06:54:57 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 12:25:10 -------- d-----w- C:\Users\Savage\AppData\Local\{3977358D-88E7-4839-A348-287189502A96}
2012-03-13 12:24:59 -------- d-----w- C:\Users\Savage\AppData\Local\{85886D16-2547-432E-95DE-03A4F2165C70}
2012-03-12 08:39:51 -------- d-----w- C:\Users\Savage\AppData\Local\{D032EFCF-674F-4224-A4AF-074B4E4060AC}
2012-03-12 08:39:41 -------- d-----w- C:\Users\Savage\AppData\Local\{F98F2642-778E-4B19-8794-EE5A157F67A5}
2012-03-11 10:24:17 -------- d-----w- C:\Program Files\iTunes
2012-03-11 10:24:17 -------- d-----w- C:\Program Files\iPod
2012-03-11 10:24:17 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-11 10:23:27 -------- d-----w- C:\Program Files\Bonjour
2012-03-11 10:23:27 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2012-04-03 08:49:49 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-04-03 08:49:49 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-04-03 08:49:49 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-04-03 08:49:49 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-04-02 11:05:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 15:21:24 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-29 15:21:24 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-29 15:21:11 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-11 12:48:52 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-03-03 16:13:12 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-03 06:52:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-10 03:14:04 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-10 03:14:01 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-10 03:07:03 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-10 03:07:00 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-10 03:07:00 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-10 03:07:00 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-10 03:05:59 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-09 20:05:44 45056 ----a-w- C:\Windows\SysWow64\nvStreaminng.exe
2012-02-09 20:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 9:35:43.17 ===============









Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 01/12/2010 15:51:01
System Uptime: 09/04/2012 09:02:04 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | X58-USB3
Processor: Intel® Core™ i7 CPU 950 @ 3.07GHz | Socket 1366 | 3103/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 4.999 GiB free.
D: is FIXED (NTFS) - 190 GiB total, 150.624 GiB free.
E: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 534.886 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {85b5ddd0-e090-4b15-bdf2-a443a3ca0b66}
Description: ATITool Driver
Device ID: ROOT\*ATITOOLDEVICE\0000
Manufacturer: W1zzard
Name: ATITool Driver
PNP Device ID: ROOT\*ATITOOLDEVICE\0000
Service: ATITool
.
==== System Restore Points ===================
.
RP272: 08/04/2012 19:56:49 - Windows Modules Installer
.
==== Installed Programs ======================
.
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Angry Birds Rio
Apple Application Support
Apple Software Update
ArcSoft Software Suite
Assassin's Creed Revelations 1.02
Battlefield 3™
Battlelog Web Plugins
Browser Configuration Utility
ConvertXtoDVD 4.1.19.365
Crysis® 2
D3DX10
ESN Sonar
ExtraMAME 11.04
Free RAR Extract Frog
GIGABYTE OC_GURU
Google Chrome
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Metro 2033
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
MSI Afterburner 2.1.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA 3D Vision Controller Driver
NVIDIA Performance
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
ON_OFF Charge B10.0422.2
OpenAL
OpenOffice.org 3.2
Origin
PHOTOfunSTUDIO -viewer-
Pod to PC 4.004
Prism Video File Converter
PunkBuster Services
QuickTime
Rapport
Rayman Origins
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Shank
Shank 2
Spelling Dictionaries Support For Adobe Reader 9
Steam
STREET FIGHTER IV
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
Ubisoft Game Launcher
UE3Redist
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge!
.
==== Event Viewer Messages From Past Week ========
.
08/04/2012 17:01:39, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
07/04/2012 19:36:49, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/04/2012 19:52:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 09 April 2012 - 07:31 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Savo.

Savo.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 09 April 2012 - 10:36 AM

Hello,

I ran Combofix and it deleted a few files, but internet explorer is still redirecting me when clicking on a link.

Here's the combofix log


ComboFix 12-04-09.04 - Savage 09/04/2012 16:07:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4537 [GMT 1:00]
Running from: c:\users\Savage\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\tmp9416.tmp
c:\windows\SysWow64\tmp9465.tmp
G:\AUTORUN.INF
G:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 15:14 . 2012-04-09 15:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-09 15:14 . 2012-04-09 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 13:54 . 2012-04-09 13:54 205698 ----a-w- c:\programdata\1333979474.bdinstall.bin
2012-04-09 13:54 . 2012-04-09 13:54 -------- d-----w- c:\programdata\BDLogging
2012-04-09 13:53 . 2012-04-09 13:53 -------- d-----w- c:\users\Savage\AppData\Roaming\Bitdefender
2012-04-09 13:53 . 2012-04-09 13:54 -------- d-----w- c:\programdata\Bitdefender
2012-04-09 13:51 . 2012-04-09 13:51 -------- d-----w- c:\users\Savage\AppData\Roaming\QuickScan
2012-04-09 13:51 . 2012-04-09 13:51 -------- d-----w- c:\program files\Bitdefender
2012-04-09 13:51 . 2011-08-16 13:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-04-09 13:51 . 2011-10-27 14:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-04-09 13:50 . 2012-04-09 13:51 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-04-09 12:36 . 2012-04-09 12:36 -------- d-----w- c:\program files (x86)\MSSOAP
2012-04-09 12:16 . 2012-04-09 12:16 -------- d-----w- c:\users\Savage\AppData\Roaming\GetRightToGo
2012-04-09 10:25 . 2012-04-09 10:25 -------- d-----w- c:\users\Savage\AppData\Local\Threat Expert
2012-04-09 09:59 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-09 09:59 . 2012-04-09 10:26 -------- d-----w- c:\programdata\AVAST Software
2012-04-09 09:59 . 2012-04-09 09:59 -------- d-----w- c:\program files\AVAST Software
2012-04-09 09:35 . 2012-02-17 14:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-04-09 09:32 . 2012-02-24 09:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-09 09:32 . 2012-04-09 09:35 -------- d-----w- c:\programdata\PC Tools
2012-04-09 09:32 . 2012-04-09 09:32 -------- d-----w- c:\users\Savage\AppData\Roaming\TestApp
2012-04-08 16:19 . 2012-04-08 16:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-08 16:14 . 2010-01-10 17:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-04-08 16:14 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-04-08 15:50 . 2012-04-08 16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-07 07:49 . 2012-04-07 07:49 -------- d-----w- c:\users\Savage\AppData\Local\adaware
2012-04-07 07:49 . 2012-04-07 07:49 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-07 07:49 . 2011-04-05 16:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-07 07:49 . 2011-04-05 16:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-07 07:49 . 2011-04-05 16:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-07 07:49 . 2011-02-08 08:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-07 07:36 . 2012-04-09 09:55 -------- d-----w- C:\sh4ldr
2012-04-07 07:36 . 2012-04-07 07:36 -------- d-----w- c:\program files\Enigma Software Group
2012-04-07 07:36 . 2012-04-09 09:55 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-07 07:10 . 2012-04-07 07:10 -------- d-----w- c:\users\Savage\AppData\Local\Google
2012-04-07 07:09 . 2012-04-07 07:09 -------- d-----w- c:\users\Savage\AppData\Local\Deployment
2012-04-07 07:09 . 2012-04-07 07:09 -------- d-----w- c:\users\Savage\AppData\Local\Apps
2012-04-06 06:25 . 2012-04-06 06:25 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2012-04-05 07:23 . 2012-04-05 07:23 -------- d-----w- c:\programdata\rokapublish
2012-04-05 07:20 . 2012-04-05 07:20 -------- d-----w- c:\windows\SysWow64\2058
2012-04-05 06:34 . 2012-04-06 07:45 -------- d-----w- c:\programdata\PopCap Games
2012-04-05 06:02 . 2012-04-05 06:02 -------- d-----w- c:\programdata\SpinTop Games
2012-04-03 08:49 . 2012-04-03 08:49 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-03 07:44 . 2012-04-03 07:44 -------- d-----w- c:\users\Savage\AppData\Roaming\iWin
2012-04-03 07:37 . 2012-04-03 07:37 -------- d-----w- c:\programdata\cerasus.media
2012-04-03 07:37 . 2012-04-03 07:37 -------- d-----w- c:\users\Savage\AppData\Roaming\cerasus.media
2012-04-02 11:05 . 2012-04-02 11:05 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-24 19:08 . 2012-04-05 08:03 -------- d-----w- c:\users\Savage\AppData\Roaming\dvdcss
2012-03-20 19:22 . 2012-03-20 19:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-14 09:26 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:26 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:26 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:55 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:55 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:55 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 06:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 06:54 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 06:54 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:54 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:54 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 10:24 . 2012-03-11 10:24 -------- d-----w- c:\program files\iTunes
2012-03-11 10:24 . 2012-03-11 10:24 -------- d-----w- c:\program files (x86)\iTunes
2012-03-11 10:24 . 2012-03-11 10:24 -------- d-----w- c:\program files\iPod
2012-03-11 10:23 . 2012-03-11 10:23 -------- d-----w- c:\program files\Bonjour
2012-03-11 10:23 . 2012-03-11 10:23 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:49 . 2012-01-01 19:13 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-03 08:49 . 2012-01-01 19:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-03 08:49 . 2012-01-01 19:13 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-03 08:49 . 2012-01-01 19:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-02 11:05 . 2011-06-07 16:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 15:21 . 2011-04-16 08:18 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-29 15:21 . 2011-04-14 16:09 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-29 15:21 . 2011-04-14 16:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-11 12:48 . 2011-06-07 10:48 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-09 08:11 . 2012-03-09 08:11 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-03 17:44 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-03 16:13 . 2011-04-14 16:09 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-03 06:52 . 2010-12-01 16:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 15:45 . 2012-02-17 15:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-02-10 04:13 . 2012-02-27 11:57 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 04:13 . 2012-02-27 11:57 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 04:13 . 2012-02-27 11:57 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-27 11:57 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-27 11:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-27 11:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 04:13 . 2012-02-27 11:57 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-02-10 04:13 . 2012-02-27 11:57 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-27 11:57 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-27 11:57 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-27 11:57 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-27 11:57 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 04:13 . 2012-02-27 11:57 25541952 ----a-w- c:\windows\system32\nvoglv64.dll
2012-02-10 04:13 . 2012-02-27 11:57 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-27 11:57 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-02-10 04:13 . 2012-02-27 11:57 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-27 11:57 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 04:13 . 2012-02-27 11:57 19443520 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-02-10 04:13 . 2012-02-27 11:57 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-02-27 11:57 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-10 04:13 . 2012-02-27 11:57 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-02-27 11:57 13624128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-26 07:04 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2011-08-26 07:04 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2011-04-19 17:32 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-10 04:13 . 2010-12-01 17:09 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 04:13 . 2010-12-01 17:09 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 03:14 . 2011-04-07 22:19 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2011-04-07 22:18 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2011-04-07 22:19 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-10 03:07 . 2011-04-07 22:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:07 . 2011-04-07 22:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:07 . 2010-10-16 12:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:05 . 2012-02-27 11:57 2497985 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-09 20:05 . 2012-02-09 20:05 45056 ----a-w- c:\windows\SysWow64\nvStreaminng.exe
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-01-31 12:44 . 2010-12-01 16:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 09:22 . 2012-01-19 09:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
2012-01-17 12:46 . 2012-02-27 11:57 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-17 12:45 . 2012-02-27 11:57 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-17 12:45 . 2012-02-27 11:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{72E3328C-6531-7DA4-415C-500F22C54648}]
2010-11-20 12:20 73728 ----a-w- c:\windows\SysWOW64\nshwfpp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-02-24 402336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-11 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-11 61712]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-02-17 550864]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RTCore64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:05]
.
2012-04-05 c:\windows\Tasks\At1.job
- c:\windows\SysWOW64\nvStreaminng.exe [2012-02-09 20:05]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000Core.job
- c:\users\Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 07:10]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000UA.job
- c:\users\Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 07:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: northernbank.co.uk\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{FBB3A773-7433-4893-AE29-586249467F8D}_is1 - f:\extramame\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,6d,f9,9b,70,f5,50,96,c1,11,a0,c8,73,f6,0a,7e,a8,a2,19,49,e7,
e9,a1,1e,3a,ed,c6,75,5d,58,6d,2d,ef,82,c4,2e,8a,93,8c,4e,f5,91,85,f5,2f,54,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-09 16:17:05
ComboFix-quarantined-files.txt 2012-04-09 15:17
.
Pre-Run: 4,617,019,392 bytes free
Post-Run: 5,379,526,656 bytes free
.
- - End Of File - - 2D015638F8A6615BDF1BC6A5253C5C7C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 09 April 2012 - 01:10 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Savo.

Savo.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 09 April 2012 - 03:56 PM

Hi There,

I ran the two programs you asked me to , but unfortunately they did'nt find anything.

Here's the log files for them


21:39:10.0583 6068 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
21:39:10.0740 6068 ============================================================
21:39:10.0740 6068 Current date / time: 2012/04/09 21:39:10.0740
21:39:10.0740 6068 SystemInfo:
21:39:10.0740 6068
21:39:10.0741 6068 OS Version: 6.1.7601 ServicePack: 1.0
21:39:10.0741 6068 Product type: Workstation
21:39:10.0741 6068 ComputerName: SAVAGE-PC
21:39:10.0741 6068 UserName: Savage
21:39:10.0741 6068 Windows directory: C:\Windows
21:39:10.0741 6068 System windows directory: C:\Windows
21:39:10.0741 6068 Running under WOW64
21:39:10.0741 6068 Processor architecture: Intel x64
21:39:10.0741 6068 Number of processors: 4
21:39:10.0741 6068 Page size: 0x1000
21:39:10.0741 6068 Boot type: Normal boot
21:39:10.0741 6068 ============================================================
21:39:10.0948 6068 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0xE584, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
21:39:10.0948 6068 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:39:10.0948 6068 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:39:10.0958 6068 \Device\Harddisk0\DR0:
21:39:10.0958 6068 MBR used
21:39:10.0958 6068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:39:10.0958 6068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
21:39:10.0958 6068 \Device\Harddisk1\DR1:
21:39:10.0958 6068 MBR used
21:39:10.0958 6068 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8
21:39:10.0958 6068 \Device\Harddisk2\DR2:
21:39:10.0958 6068 MBR used
21:39:10.0958 6068 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
21:39:10.0958 6068 Initialize success
21:39:10.0958 6068 ============================================================
21:39:16.0332 6048 ============================================================
21:39:16.0332 6048 Scan started
21:39:16.0332 6048 Mode: Manual;
21:39:16.0332 6048 ============================================================
21:39:16.0419 6048 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:39:16.0420 6048 1394ohci - ok
21:39:16.0424 6048 ACDaemon (1c67b44907b90dc43e2cf540dbb6e320) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:39:16.0425 6048 ACDaemon - ok
21:39:16.0433 6048 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:39:16.0435 6048 ACPI - ok
21:39:16.0441 6048 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:39:16.0442 6048 AcpiPmi - ok
21:39:16.0451 6048 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:39:16.0452 6048 AdobeFlashPlayerUpdateSvc - ok
21:39:16.0462 6048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:39:16.0464 6048 adp94xx - ok
21:39:16.0474 6048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:39:16.0475 6048 adpahci - ok
21:39:16.0483 6048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:39:16.0484 6048 adpu320 - ok
21:39:16.0491 6048 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:39:16.0492 6048 AeLookupSvc - ok
21:39:16.0498 6048 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
21:39:16.0498 6048 Afc - ok
21:39:16.0510 6048 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:39:16.0512 6048 AFD - ok
21:39:16.0519 6048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:39:16.0519 6048 agp440 - ok
21:39:16.0525 6048 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:39:16.0526 6048 ALG - ok
21:39:16.0534 6048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:39:16.0535 6048 aliide - ok
21:39:16.0541 6048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:39:16.0542 6048 amdide - ok
21:39:16.0550 6048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:39:16.0550 6048 AmdK8 - ok
21:39:16.0557 6048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:39:16.0558 6048 AmdPPM - ok
21:39:16.0565 6048 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:39:16.0566 6048 amdsata - ok
21:39:16.0574 6048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:39:16.0575 6048 amdsbs - ok
21:39:16.0581 6048 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:39:16.0582 6048 amdxata - ok
21:39:16.0588 6048 androidusb (fad35699987baa96e22e13b24ff44769) C:\Windows\system32\Drivers\androidusb.sys
21:39:16.0589 6048 androidusb - ok
21:39:16.0596 6048 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:39:16.0597 6048 AppID - ok
21:39:16.0603 6048 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:39:16.0603 6048 AppIDSvc - ok
21:39:16.0609 6048 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:39:16.0610 6048 Appinfo - ok
21:39:16.0614 6048 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:39:16.0615 6048 Apple Mobile Device - ok
21:39:16.0621 6048 AppleCharger (a632d9ea15f37d2605a7fcaf3892ec96) C:\Windows\system32\DRIVERS\AppleCharger.sys
21:39:16.0622 6048 AppleCharger - ok
21:39:16.0628 6048 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
21:39:16.0628 6048 AppleChargerSrv - ok
21:39:16.0637 6048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:39:16.0637 6048 arc - ok
21:39:16.0645 6048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:39:16.0645 6048 arcsas - ok
21:39:16.0653 6048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:16.0654 6048 AsyncMac - ok
21:39:16.0661 6048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:39:16.0661 6048 atapi - ok
21:39:16.0668 6048 ATITool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\ATITool64.sys
21:39:16.0669 6048 ATITool - ok
21:39:16.0680 6048 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:39:16.0683 6048 AudioEndpointBuilder - ok
21:39:16.0690 6048 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:39:16.0692 6048 AudioSrv - ok
21:39:16.0705 6048 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
21:39:16.0707 6048 avc3 - ok
21:39:16.0717 6048 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
21:39:16.0718 6048 avchv - ok
21:39:16.0731 6048 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
21:39:16.0733 6048 avckf - ok
21:39:16.0742 6048 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:39:16.0743 6048 AxInstSV - ok
21:39:16.0754 6048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:39:16.0756 6048 b06bdrv - ok
21:39:16.0765 6048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:39:16.0766 6048 b57nd60a - ok
21:39:16.0771 6048 BCUService (382b151daffe4a9ce9da9f564b66761e) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
21:39:16.0772 6048 BCUService - ok
21:39:16.0778 6048 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:39:16.0779 6048 BDESVC - ok
21:39:16.0790 6048 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
21:39:16.0791 6048 bdfsfltr - ok
21:39:16.0796 6048 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
21:39:16.0797 6048 bdfwfpf - ok
21:39:16.0804 6048 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
21:39:16.0805 6048 bdsandbox - ok
21:39:16.0814 6048 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
21:39:16.0814 6048 BDVEDISK - ok
21:39:16.0822 6048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:39:16.0822 6048 Beep - ok
21:39:16.0834 6048 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:39:16.0837 6048 BFE - ok
21:39:16.0849 6048 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:39:16.0853 6048 BITS - ok
21:39:16.0860 6048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:39:16.0861 6048 blbdrive - ok
21:39:16.0867 6048 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:39:16.0869 6048 Bonjour Service - ok
21:39:16.0876 6048 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:39:16.0877 6048 bowser - ok
21:39:16.0884 6048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:39:16.0884 6048 BrFiltLo - ok
21:39:16.0891 6048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:39:16.0891 6048 BrFiltUp - ok
21:39:16.0899 6048 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:39:16.0900 6048 BridgeMP - ok
21:39:16.0906 6048 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:39:16.0907 6048 Browser - ok
21:39:16.0916 6048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:39:16.0917 6048 Brserid - ok
21:39:16.0917 6048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:39:16.0917 6048 BrSerWdm - ok
21:39:16.0927 6048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:39:16.0927 6048 BrUsbMdm - ok
21:39:16.0937 6048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:39:16.0937 6048 BrUsbSer - ok
21:39:16.0937 6048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:39:16.0937 6048 BTHMODEM - ok
21:39:16.0947 6048 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:39:16.0947 6048 bthserv - ok
21:39:16.0947 6048 catchme - ok
21:39:16.0957 6048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:39:16.0957 6048 cdfs - ok
21:39:16.0967 6048 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:39:16.0967 6048 cdrom - ok
21:39:16.0977 6048 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:39:16.0977 6048 CertPropSvc - ok
21:39:16.0987 6048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:39:16.0987 6048 circlass - ok
21:39:16.0997 6048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:39:16.0997 6048 CLFS - ok
21:39:16.0997 6048 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:16.0997 6048 clr_optimization_v2.0.50727_32 - ok
21:39:17.0007 6048 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:39:17.0007 6048 clr_optimization_v2.0.50727_64 - ok
21:39:17.0007 6048 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:39:17.0007 6048 clr_optimization_v4.0.30319_32 - ok
21:39:17.0017 6048 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:39:17.0017 6048 clr_optimization_v4.0.30319_64 - ok
21:39:17.0017 6048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:39:17.0017 6048 CmBatt - ok
21:39:17.0027 6048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:39:17.0027 6048 cmdide - ok
21:39:17.0037 6048 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:39:17.0037 6048 CNG - ok
21:39:17.0047 6048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:39:17.0047 6048 Compbatt - ok
21:39:17.0057 6048 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:39:17.0057 6048 CompositeBus - ok
21:39:17.0057 6048 COMSysApp - ok
21:39:17.0067 6048 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
21:39:17.0067 6048 cpuz134 - ok
21:39:17.0077 6048 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:39:17.0077 6048 cpuz135 - ok
21:39:17.0087 6048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:39:17.0087 6048 crcdisk - ok
21:39:17.0097 6048 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:39:17.0097 6048 CryptSvc - ok
21:39:17.0097 6048 dc3d (15c2afd86d8a58354fc100434c78b621) C:\Windows\system32\DRIVERS\dc3d.sys
21:39:17.0097 6048 dc3d - ok
21:39:17.0107 6048 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:39:17.0117 6048 DcomLaunch - ok
21:39:17.0127 6048 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:39:17.0127 6048 defragsvc - ok
21:39:17.0127 6048 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:39:17.0137 6048 DfsC - ok
21:39:17.0137 6048 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:39:17.0147 6048 Dhcp - ok
21:39:17.0147 6048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:39:17.0147 6048 discache - ok
21:39:17.0157 6048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:39:17.0157 6048 Disk - ok
21:39:17.0167 6048 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:39:17.0167 6048 Dnscache - ok
21:39:17.0177 6048 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:39:17.0177 6048 dot3svc - ok
21:39:17.0187 6048 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:39:17.0187 6048 DPS - ok
21:39:17.0187 6048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:39:17.0187 6048 drmkaud - ok
21:39:17.0207 6048 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:39:17.0207 6048 DXGKrnl - ok
21:39:17.0217 6048 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:39:17.0217 6048 EapHost - ok
21:39:17.0247 6048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:39:17.0257 6048 ebdrv - ok
21:39:17.0267 6048 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:39:17.0267 6048 EFS - ok
21:39:17.0277 6048 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:39:17.0277 6048 ehRecvr - ok
21:39:17.0287 6048 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:39:17.0287 6048 ehSched - ok
21:39:17.0297 6048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:39:17.0297 6048 elxstor - ok
21:39:17.0307 6048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:39:17.0307 6048 ErrDev - ok
21:39:17.0307 6048 esgiguard - ok
21:39:17.0317 6048 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:39:17.0317 6048 EventSystem - ok
21:39:17.0327 6048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:39:17.0327 6048 exfat - ok
21:39:17.0337 6048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:39:17.0337 6048 fastfat - ok
21:39:17.0347 6048 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:39:17.0357 6048 Fax - ok
21:39:17.0357 6048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:39:17.0357 6048 fdc - ok
21:39:17.0367 6048 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:39:17.0367 6048 fdPHost - ok
21:39:17.0377 6048 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:39:17.0377 6048 FDResPub - ok
21:39:17.0377 6048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:39:17.0377 6048 FileInfo - ok
21:39:17.0387 6048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:39:17.0387 6048 Filetrace - ok
21:39:17.0397 6048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:39:17.0397 6048 flpydisk - ok
21:39:17.0407 6048 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:39:17.0407 6048 FltMgr - ok
21:39:17.0417 6048 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:39:17.0427 6048 FontCache - ok
21:39:17.0427 6048 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:39:17.0427 6048 FontCache3.0.0.0 - ok
21:39:17.0437 6048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:39:17.0437 6048 FsDepends - ok
21:39:17.0449 6048 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:39:17.0450 6048 fssfltr - ok
21:39:17.0457 6048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:39:17.0457 6048 Fs_Rec - ok
21:39:17.0466 6048 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:39:17.0467 6048 fvevol - ok
21:39:17.0474 6048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:39:17.0475 6048 gagp30kx - ok
21:39:17.0477 6048 gdrv - ok
21:39:17.0484 6048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:39:17.0485 6048 GEARAspiWDM - ok
21:39:17.0496 6048 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:39:17.0499 6048 gpsvc - ok
21:39:17.0506 6048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:39:17.0507 6048 hcw85cir - ok
21:39:17.0516 6048 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:39:17.0518 6048 HdAudAddService - ok
21:39:17.0526 6048 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:39:17.0526 6048 HDAudBus - ok
21:39:17.0533 6048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:39:17.0534 6048 HidBatt - ok
21:39:17.0541 6048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:39:17.0542 6048 HidBth - ok
21:39:17.0549 6048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:39:17.0549 6048 HidIr - ok
21:39:17.0555 6048 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:39:17.0556 6048 hidserv - ok
21:39:17.0564 6048 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:39:17.0565 6048 HidUsb - ok
21:39:17.0571 6048 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:39:17.0572 6048 hkmsvc - ok
21:39:17.0580 6048 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:39:17.0581 6048 HomeGroupListener - ok
21:39:17.0589 6048 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:39:17.0590 6048 HomeGroupProvider - ok
21:39:17.0598 6048 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:39:17.0598 6048 HpSAMD - ok
21:39:17.0611 6048 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:39:17.0613 6048 HTTP - ok
21:39:17.0620 6048 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:39:17.0621 6048 hwpolicy - ok
21:39:17.0629 6048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:39:17.0629 6048 i8042prt - ok
21:39:17.0635 6048 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:39:17.0636 6048 IAANTMON - ok
21:39:17.0646 6048 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:39:17.0648 6048 iaStor - ok
21:39:17.0658 6048 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:39:17.0660 6048 iaStorV - ok
21:39:17.0664 6048 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:39:17.0665 6048 IDriverT - ok
21:39:17.0675 6048 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:39:17.0678 6048 idsvc - ok
21:39:17.0685 6048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:39:17.0686 6048 iirsp - ok
21:39:17.0698 6048 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:39:17.0702 6048 IKEEXT - ok
21:39:17.0727 6048 IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
21:39:17.0736 6048 IntcAzAudAddService - ok
21:39:17.0743 6048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:39:17.0743 6048 intelide - ok
21:39:17.0751 6048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:39:17.0751 6048 intelppm - ok
21:39:17.0758 6048 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:39:17.0759 6048 IPBusEnum - ok
21:39:17.0766 6048 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:17.0767 6048 IpFilterDriver - ok
21:39:17.0777 6048 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:39:17.0779 6048 iphlpsvc - ok
21:39:17.0787 6048 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:39:17.0788 6048 IPMIDRV - ok
21:39:17.0795 6048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:39:17.0796 6048 IPNAT - ok
21:39:17.0806 6048 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
21:39:17.0809 6048 iPod Service - ok
21:39:17.0816 6048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:39:17.0817 6048 IRENUM - ok
21:39:17.0828 6048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:39:17.0828 6048 isapnp - ok
21:39:17.0837 6048 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:39:17.0839 6048 iScsiPrt - ok
21:39:17.0846 6048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:39:17.0846 6048 kbdclass - ok
21:39:17.0853 6048 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:39:17.0854 6048 kbdhid - ok
21:39:17.0860 6048 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:17.0861 6048 KeyIso - ok
21:39:17.0868 6048 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:39:17.0868 6048 KSecDD - ok
21:39:17.0876 6048 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:39:17.0877 6048 KSecPkg - ok
21:39:17.0888 6048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:39:17.0888 6048 ksthunk - ok
21:39:17.0896 6048 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:39:17.0899 6048 KtmRm - ok
21:39:17.0907 6048 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:39:17.0909 6048 LanmanServer - ok
21:39:17.0915 6048 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:39:17.0917 6048 LanmanWorkstation - ok
21:39:17.0925 6048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:39:17.0926 6048 lltdio - ok
21:39:17.0934 6048 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:39:17.0936 6048 lltdsvc - ok
21:39:17.0942 6048 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:39:17.0943 6048 lmhosts - ok
21:39:17.0951 6048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:39:17.0952 6048 LSI_FC - ok
21:39:17.0960 6048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:39:17.0960 6048 LSI_SAS - ok
21:39:17.0968 6048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:39:17.0968 6048 LSI_SAS2 - ok
21:39:17.0976 6048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:39:17.0977 6048 LSI_SCSI - ok
21:39:17.0985 6048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:39:17.0985 6048 luafv - ok
21:39:17.0992 6048 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:39:17.0993 6048 Mcx2Svc - ok
21:39:18.0000 6048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:39:18.0000 6048 megasas - ok
21:39:18.0009 6048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:39:18.0010 6048 MegaSR - ok
21:39:18.0017 6048 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:39:18.0018 6048 MMCSS - ok
21:39:18.0025 6048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:39:18.0025 6048 Modem - ok
21:39:18.0032 6048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:39:18.0033 6048 monitor - ok
21:39:18.0040 6048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:39:18.0041 6048 mouclass - ok
21:39:18.0049 6048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:39:18.0049 6048 mouhid - ok
21:39:18.0057 6048 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:39:18.0057 6048 mountmgr - ok
21:39:18.0065 6048 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:39:18.0066 6048 mpio - ok
21:39:18.0073 6048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:39:18.0074 6048 mpsdrv - ok
21:39:18.0086 6048 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:39:18.0090 6048 MpsSvc - ok
21:39:18.0098 6048 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:39:18.0099 6048 MRxDAV - ok
21:39:18.0106 6048 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:18.0107 6048 mrxsmb - ok
21:39:18.0116 6048 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:18.0118 6048 mrxsmb10 - ok
21:39:18.0126 6048 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:18.0126 6048 mrxsmb20 - ok
21:39:18.0133 6048 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:39:18.0134 6048 msahci - ok
21:39:18.0142 6048 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:39:18.0143 6048 msdsm - ok
21:39:18.0149 6048 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:39:18.0151 6048 MSDTC - ok
21:39:18.0160 6048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:39:18.0160 6048 Msfs - ok
21:39:18.0167 6048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:39:18.0168 6048 mshidkmdf - ok
21:39:18.0175 6048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:39:18.0175 6048 msisadrv - ok
21:39:18.0183 6048 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:39:18.0184 6048 MSiSCSI - ok
21:39:18.0189 6048 msiserver - ok
21:39:18.0197 6048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:39:18.0197 6048 MSKSSRV - ok
21:39:18.0205 6048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:18.0205 6048 MSPCLOCK - ok
21:39:18.0212 6048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:39:18.0213 6048 MSPQM - ok
21:39:18.0223 6048 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:39:18.0224 6048 MsRPC - ok
21:39:18.0232 6048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:39:18.0233 6048 mssmbios - ok
21:39:18.0240 6048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:39:18.0240 6048 MSTEE - ok
21:39:18.0247 6048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:39:18.0248 6048 MTConfig - ok
21:39:18.0255 6048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:39:18.0256 6048 Mup - ok
21:39:18.0266 6048 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:39:18.0268 6048 napagent - ok
21:39:18.0278 6048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:39:18.0279 6048 NativeWifiP - ok
21:39:18.0293 6048 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:39:18.0297 6048 NDIS - ok
21:39:18.0305 6048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:18.0305 6048 NdisCap - ok
21:39:18.0312 6048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:18.0313 6048 NdisTapi - ok
21:39:18.0320 6048 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:18.0321 6048 Ndisuio - ok
21:39:18.0329 6048 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:18.0330 6048 NdisWan - ok
21:39:18.0337 6048 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:39:18.0338 6048 NDProxy - ok
21:39:18.0345 6048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:39:18.0346 6048 NetBIOS - ok
21:39:18.0354 6048 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:39:18.0356 6048 NetBT - ok
21:39:18.0362 6048 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:18.0363 6048 Netlogon - ok
21:39:18.0371 6048 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:39:18.0373 6048 Netman - ok
21:39:18.0383 6048 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:39:18.0385 6048 netprofm - ok
21:39:18.0390 6048 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:39:18.0390 6048 NetTcpPortSharing - ok
21:39:18.0398 6048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:39:18.0399 6048 nfrd960 - ok
21:39:18.0407 6048 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:39:18.0409 6048 NlaSvc - ok
21:39:18.0416 6048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:39:18.0417 6048 Npfs - ok
21:39:18.0423 6048 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:39:18.0424 6048 nsi - ok
21:39:18.0431 6048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:39:18.0431 6048 nsiproxy - ok
21:39:18.0444 6048 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:39:18.0454 6048 Ntfs - ok
21:39:18.0454 6048 nTuneService - ok
21:39:18.0464 6048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:39:18.0464 6048 Null - ok
21:39:18.0474 6048 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:39:18.0474 6048 nusb3hub - ok
21:39:18.0484 6048 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:39:18.0484 6048 nusb3xhc - ok
21:39:18.0494 6048 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
21:39:18.0494 6048 NVHDA - ok
21:39:18.0594 6048 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:39:18.0644 6048 nvlddmkm - ok
21:39:18.0654 6048 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
21:39:18.0654 6048 nvoclk64 - ok
21:39:18.0664 6048 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:39:18.0664 6048 nvraid - ok
21:39:18.0674 6048 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:39:18.0674 6048 nvstor - ok
21:39:18.0684 6048 NVSvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
21:39:18.0694 6048 NVSvc - ok
21:39:18.0714 6048 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:39:18.0714 6048 nvUpdatusService - ok
21:39:18.0734 6048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:39:18.0734 6048 nv_agp - ok
21:39:18.0734 6048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:39:18.0734 6048 ohci1394 - ok
21:39:18.0744 6048 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:39:18.0744 6048 p2pimsvc - ok
21:39:18.0754 6048 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:39:18.0764 6048 p2psvc - ok
21:39:18.0764 6048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:39:18.0774 6048 Parport - ok
21:39:18.0774 6048 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:39:18.0774 6048 partmgr - ok
21:39:18.0784 6048 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:39:18.0784 6048 PcaSvc - ok
21:39:18.0794 6048 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:39:18.0794 6048 pci - ok
21:39:18.0804 6048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:39:18.0804 6048 pciide - ok
21:39:18.0814 6048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:39:18.0814 6048 pcmcia - ok
21:39:18.0824 6048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:39:18.0824 6048 pcw - ok
21:39:18.0834 6048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:39:18.0834 6048 PEAUTH - ok
21:39:18.0844 6048 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:39:18.0844 6048 PerfHost - ok
21:39:18.0864 6048 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:39:18.0864 6048 pla - ok
21:39:18.0874 6048 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:39:18.0884 6048 PlugPlay - ok
21:39:18.0884 6048 PnkBstrA - ok
21:39:18.0894 6048 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:39:18.0894 6048 PNRPAutoReg - ok
21:39:18.0904 6048 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:39:18.0904 6048 PNRPsvc - ok
21:39:18.0914 6048 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
21:39:18.0914 6048 Point64 - ok
21:39:18.0924 6048 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:39:18.0924 6048 PolicyAgent - ok
21:39:18.0934 6048 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:39:18.0934 6048 Power - ok
21:39:18.0944 6048 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:39:18.0944 6048 PptpMiniport - ok
21:39:18.0954 6048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:39:18.0954 6048 Processor - ok
21:39:18.0964 6048 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:39:18.0964 6048 ProfSvc - ok
21:39:18.0964 6048 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:18.0964 6048 ProtectedStorage - ok
21:39:18.0981 6048 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:39:18.0982 6048 Psched - ok
21:39:19.0000 6048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:39:19.0006 6048 ql2300 - ok
21:39:19.0014 6048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:39:19.0015 6048 ql40xx - ok
21:39:19.0023 6048 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:39:19.0025 6048 QWAVE - ok
21:39:19.0032 6048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:39:19.0033 6048 QWAVEdrv - ok
21:39:19.0041 6048 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
21:39:19.0043 6048 RapportCerberus_34302 - ok
21:39:19.0046 6048 RapportEI64 (06917b0649e334c43bfd529afcdc6c1c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
21:39:19.0047 6048 RapportEI64 - ok
21:39:19.0054 6048 RapportKE64 (49dec9bb40555db653c4e1ab9a087403) C:\Windows\system32\Drivers\RapportKE64.sys
21:39:19.0055 6048 RapportKE64 - ok
21:39:19.0065 6048 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
21:39:19.0069 6048 RapportMgmtService - ok
21:39:19.0073 6048 RapportPG64 (6a36c7b3dfcf56bc164cb399bc4943a7) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
21:39:19.0073 6048 RapportPG64 - ok
21:39:19.0080 6048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:39:19.0081 6048 RasAcd - ok
21:39:19.0089 6048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:19.0089 6048 RasAgileVpn - ok
21:39:19.0096 6048 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:39:19.0097 6048 RasAuto - ok
21:39:19.0105 6048 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:19.0106 6048 Rasl2tp - ok
21:39:19.0115 6048 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:39:19.0118 6048 RasMan - ok
21:39:19.0125 6048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:19.0126 6048 RasPppoe - ok
21:39:19.0134 6048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:39:19.0134 6048 RasSstp - ok
21:39:19.0144 6048 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:39:19.0145 6048 rdbss - ok
21:39:19.0152 6048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:19.0153 6048 rdpbus - ok
21:39:19.0160 6048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:19.0160 6048 RDPCDD - ok
21:39:19.0169 6048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:39:19.0169 6048 RDPENCDD - ok
21:39:19.0178 6048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:39:19.0178 6048 RDPREFMP - ok
21:39:19.0187 6048 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:39:19.0188 6048 RDPWD - ok
21:39:19.0197 6048 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:39:19.0198 6048 rdyboost - ok
21:39:19.0205 6048 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:39:19.0206 6048 RemoteAccess - ok
21:39:19.0214 6048 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:39:19.0215 6048 RemoteRegistry - ok
21:39:19.0222 6048 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:39:19.0223 6048 RpcEptMapper - ok
21:39:19.0229 6048 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:39:19.0230 6048 RpcLocator - ok
21:39:19.0240 6048 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:39:19.0243 6048 RpcSs - ok
21:39:19.0250 6048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:39:19.0251 6048 rspndr - ok
21:39:19.0254 6048 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
21:39:19.0255 6048 RTCore64 - ok
21:39:19.0265 6048 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:39:19.0267 6048 RTL8167 - ok
21:39:19.0275 6048 s116bus (33e3b5497741e11609f5c19a4babece5) C:\Windows\system32\DRIVERS\s116bus.sys
21:39:19.0275 6048 s116bus - ok
21:39:19.0283 6048 s116mdfl (3bf42a40d618ee70c7a0194655120594) C:\Windows\system32\DRIVERS\s116mdfl.sys
21:39:19.0283 6048 s116mdfl - ok
21:39:19.0291 6048 s116mdm (1337f164c6a833ebc094c7db2e52c095) C:\Windows\system32\DRIVERS\s116mdm.sys
21:39:19.0292 6048 s116mdm - ok
21:39:19.0300 6048 s116mgmt (ae3999ccb1cb4f4c9a545782e6321864) C:\Windows\system32\DRIVERS\s116mgmt.sys
21:39:19.0301 6048 s116mgmt - ok
21:39:19.0308 6048 s116nd5 (0fe400d90ed42b93b43c3c9f0b4fd43d) C:\Windows\system32\DRIVERS\s116nd5.sys
21:39:19.0309 6048 s116nd5 - ok
21:39:19.0317 6048 s116obex (f2dbdaac99b87f73e9f18df505f0601f) C:\Windows\system32\DRIVERS\s116obex.sys
21:39:19.0318 6048 s116obex - ok
21:39:19.0326 6048 s116unic (e587b738bc7cbb094bcd041b345c9bd3) C:\Windows\system32\DRIVERS\s116unic.sys
21:39:19.0327 6048 s116unic - ok
21:39:19.0335 6048 SaiH8000 (cf0e5155a089c7c8d7cfd9d1088afda4) C:\Windows\system32\DRIVERS\SaiH8000.sys
21:39:19.0336 6048 SaiH8000 - ok
21:39:19.0343 6048 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:19.0344 6048 SamSs - ok
21:39:19.0354 6048 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
21:39:19.0355 6048 SbFw - ok
21:39:19.0364 6048 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
21:39:19.0364 6048 SBFWIMCL - ok
21:39:19.0372 6048 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
21:39:19.0373 6048 SBFWIMCLMP - ok
21:39:19.0380 6048 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
21:39:19.0381 6048 sbhips - ok
21:39:19.0389 6048 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:39:19.0390 6048 sbp2port - ok
21:39:19.0396 6048 SBRE - ok
21:39:19.0405 6048 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
21:39:19.0405 6048 SbTis - ok
21:39:19.0413 6048 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:39:19.0415 6048 SCardSvr - ok
21:39:19.0422 6048 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:39:19.0423 6048 scfilter - ok
21:39:19.0437 6048 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:39:19.0442 6048 Schedule - ok
21:39:19.0449 6048 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:39:19.0450 6048 SCPolicySvc - ok
21:39:19.0457 6048 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:39:19.0459 6048 SDRSVC - ok
21:39:19.0466 6048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:39:19.0467 6048 secdrv - ok
21:39:19.0473 6048 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:39:19.0474 6048 seclogon - ok
21:39:19.0481 6048 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:39:19.0482 6048 SENS - ok
21:39:19.0489 6048 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:39:19.0490 6048 SensrSvc - ok
21:39:19.0497 6048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:39:19.0498 6048 Serenum - ok
21:39:19.0505 6048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:39:19.0506 6048 Serial - ok
21:39:19.0513 6048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:39:19.0514 6048 sermouse - ok
21:39:19.0524 6048 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:39:19.0525 6048 SessionEnv - ok
21:39:19.0533 6048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:39:19.0533 6048 sffdisk - ok
21:39:19.0540 6048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:39:19.0541 6048 sffp_mmc - ok
21:39:19.0548 6048 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:39:19.0548 6048 sffp_sd - ok
21:39:19.0556 6048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:19.0556 6048 sfloppy - ok
21:39:19.0565 6048 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:39:19.0567 6048 SharedAccess - ok
21:39:19.0576 6048 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:39:19.0579 6048 ShellHWDetection - ok
21:39:19.0586 6048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:19.0587 6048 SiSRaid2 - ok
21:39:19.0594 6048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:19.0595 6048 SiSRaid4 - ok
21:39:19.0603 6048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:39:19.0604 6048 Smb - ok
21:39:19.0612 6048 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:39:19.0613 6048 SNMPTRAP - ok
21:39:19.0620 6048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:39:19.0621 6048 spldr - ok
21:39:19.0631 6048 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:39:19.0634 6048 Spooler - ok
21:39:19.0669 6048 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:39:19.0682 6048 sppsvc - ok
21:39:19.0688 6048 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:39:19.0690 6048 sppuinotify - ok
21:39:19.0700 6048 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:39:19.0703 6048 srv - ok
21:39:19.0713 6048 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:39:19.0715 6048 srv2 - ok
21:39:19.0723 6048 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:19.0724 6048 srvnet - ok
21:39:19.0732 6048 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:39:19.0734 6048 SSDPSRV - ok
21:39:19.0741 6048 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:39:19.0742 6048 SstpSvc - ok
21:39:19.0745 6048 Steam Client Service - ok
21:39:19.0752 6048 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:39:19.0753 6048 Stereo Service - ok
21:39:19.0760 6048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:39:19.0761 6048 stexstor - ok
21:39:19.0772 6048 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:39:19.0775 6048 stisvc - ok
21:39:19.0783 6048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:39:19.0783 6048 swenum - ok
21:39:19.0793 6048 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:39:19.0796 6048 swprv - ok
21:39:19.0816 6048 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:39:19.0823 6048 SysMain - ok
21:39:19.0830 6048 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:39:19.0831 6048 TabletInputService - ok
21:39:19.0840 6048 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:39:19.0843 6048 TapiSrv - ok
21:39:19.0849 6048 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:39:19.0851 6048 TBS - ok
21:39:19.0873 6048 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:39:19.0880 6048 Tcpip - ok
21:39:19.0902 6048 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:19.0909 6048 TCPIP6 - ok
21:39:19.0918 6048 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:39:19.0919 6048 tcpipreg - ok
21:39:19.0927 6048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:39:19.0927 6048 TDPIPE - ok
21:39:19.0935 6048 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:39:19.0935 6048 TDTCP - ok
21:39:19.0943 6048 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:39:19.0944 6048 tdx - ok
21:39:19.0952 6048 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:39:19.0952 6048 TermDD - ok
21:39:19.0963 6048 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:39:19.0967 6048 TermService - ok
21:39:19.0971 6048 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:39:19.0971 6048 Themes - ok
21:39:19.0981 6048 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:39:19.0981 6048 THREADORDER - ok
21:39:19.0981 6048 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:39:19.0991 6048 TrkWks - ok
21:39:20.0001 6048 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
21:39:20.0001 6048 trufos - ok
21:39:20.0001 6048 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:39:20.0001 6048 TrustedInstaller - ok
21:39:20.0011 6048 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:20.0011 6048 tssecsrv - ok
21:39:20.0021 6048 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:39:20.0021 6048 TsUsbFlt - ok
21:39:20.0031 6048 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:20.0031 6048 tunnel - ok
21:39:20.0041 6048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:39:20.0041 6048 uagp35 - ok
21:39:20.0051 6048 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:39:20.0051 6048 udfs - ok
21:39:20.0061 6048 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:39:20.0061 6048 UI0Detect - ok
21:39:20.0071 6048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:39:20.0071 6048 uliagpkx - ok
21:39:20.0081 6048 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:39:20.0081 6048 umbus - ok
21:39:20.0081 6048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:39:20.0081 6048 UmPass - ok
21:39:20.0091 6048 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
21:39:20.0091 6048 Update Server - ok
21:39:20.0101 6048 UpdateCenterService - ok
21:39:20.0101 6048 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
21:39:20.0101 6048 UPDATESRV - ok
21:39:20.0111 6048 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:39:20.0111 6048 upnphost - ok
21:39:20.0121 6048 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:20.0121 6048 usbccgp - ok
21:39:20.0131 6048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:39:20.0131 6048 usbcir - ok
21:39:20.0141 6048 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:39:20.0141 6048 usbehci - ok
21:39:20.0151 6048 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:20.0151 6048 usbhub - ok
21:39:20.0161 6048 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:39:20.0161 6048 usbohci - ok
21:39:20.0171 6048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:20.0171 6048 usbprint - ok
21:39:20.0181 6048 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:20.0181 6048 USBSTOR - ok
21:39:20.0181 6048 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:39:20.0181 6048 usbuhci - ok
21:39:20.0191 6048 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:39:20.0191 6048 UxSms - ok
21:39:20.0201 6048 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:20.0201 6048 VaultSvc - ok
21:39:20.0211 6048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:39:20.0211 6048 vdrvroot - ok
21:39:20.0221 6048 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:39:20.0221 6048 vds - ok
21:39:20.0231 6048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:20.0231 6048 vga - ok
21:39:20.0241 6048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:39:20.0241 6048 VgaSave - ok
21:39:20.0251 6048 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:39:20.0251 6048 vhdmp - ok
21:39:20.0251 6048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:39:20.0251 6048 viaide - ok
21:39:20.0261 6048 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:39:20.0261 6048 volmgr - ok
21:39:20.0271 6048 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:39:20.0271 6048 volmgrx - ok
21:39:20.0281 6048 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:39:20.0291 6048 volsnap - ok
21:39:20.0291 6048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:20.0301 6048 vsmraid - ok
21:39:20.0311 6048 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:39:20.0321 6048 VSS - ok
21:39:20.0321 6048 VSSERV - ok
21:39:20.0331 6048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:39:20.0331 6048 vwifibus - ok
21:39:20.0341 6048 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:39:20.0351 6048 W32Time - ok
21:39:20.0351 6048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:39:20.0361 6048 WacomPen - ok
21:39:20.0361 6048 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:20.0361 6048 WANARP - ok
21:39:20.0371 6048 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:20.0371 6048 Wanarpv6 - ok
21:39:20.0381 6048 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:39:20.0391 6048 WatAdminSvc - ok
21:39:20.0411 6048 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:39:20.0411 6048 wbengine - ok
21:39:20.0421 6048 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:39:20.0421 6048 WbioSrvc - ok
21:39:20.0431 6048 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:39:20.0431 6048 wcncsvc - ok
21:39:20.0441 6048 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:39:20.0441 6048 WcsPlugInService - ok
21:39:20.0451 6048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:39:20.0451 6048 Wd - ok
21:39:20.0461 6048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:39:20.0461 6048 Wdf01000 - ok
21:39:20.0471 6048 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:39:20.0471 6048 WdiServiceHost - ok
21:39:20.0481 6048 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:39:20.0481 6048 WdiSystemHost - ok
21:39:20.0491 6048 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:39:20.0491 6048 WebClient - ok
21:39:20.0501 6048 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:39:20.0503 6048 Wecsvc - ok
21:39:20.0510 6048 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:39:20.0512 6048 wercplsupport - ok
21:39:20.0519 6048 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:39:20.0520 6048 WerSvc - ok
21:39:20.0528 6048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:20.0528 6048 WfpLwf - ok
21:39:20.0536 6048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:39:20.0536 6048 WIMMount - ok
21:39:20.0539 6048 WinDefend - ok
21:39:20.0542 6048 WinHttpAutoProxySvc - ok
21:39:20.0551 6048 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:39:20.0553 6048 Winmgmt - ok
21:39:20.0574 6048 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:39:20.0583 6048 WinRM - ok
21:39:20.0598 6048 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:39:20.0603 6048 Wlansvc - ok
21:39:20.0624 6048 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:39:20.0632 6048 wlidsvc - ok
21:39:20.0639 6048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:39:20.0640 6048 WmiAcpi - ok
21:39:20.0650 6048 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:39:20.0651 6048 wmiApSrv - ok
21:39:20.0653 6048 WMPNetworkSvc - ok
21:39:20.0661 6048 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:39:20.0662 6048 WPCSvc - ok
21:39:20.0669 6048 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:39:20.0671 6048 WPDBusEnum - ok
21:39:20.0678 6048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:20.0679 6048 ws2ifsl - ok
21:39:20.0685 6048 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:39:20.0687 6048 wscsvc - ok
21:39:20.0693 6048 WSearch - ok
21:39:20.0718 6048 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:39:20.0728 6048 wuauserv - ok
21:39:20.0737 6048 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:39:20.0738 6048 WudfPf - ok
21:39:20.0746 6048 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:20.0748 6048 WUDFRd - ok
21:39:20.0754 6048 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:39:20.0756 6048 wudfsvc - ok
21:39:20.0764 6048 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:39:20.0766 6048 WwanSvc - ok
21:39:20.0776 6048 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
21:39:20.0777 6048 xusb21 - ok
21:39:20.0785 6048 zghsmdm (741d9bbfe2a392031157a39d921ce052) C:\Windows\system32\DRIVERS\zghsmdm.sys
21:39:20.0786 6048 zghsmdm - ok
21:39:20.0791 6048 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:39:20.0794 6048 \Device\Harddisk0\DR0 - ok
21:39:20.0796 6048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:39:20.0831 6048 \Device\Harddisk1\DR1 - ok
21:39:20.0833 6048 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR2
21:39:20.0835 6048 \Device\Harddisk2\DR2 - ok
21:39:20.0837 6048 Boot (0x1200) (8072d321a98a3822e359f4f7ed6612bc) \Device\Harddisk0\DR0\Partition0
21:39:20.0837 6048 \Device\Harddisk0\DR0\Partition0 - ok
21:39:20.0839 6048 Boot (0x1200) (d4996e67f484461b3911e7a5b296a571) \Device\Harddisk0\DR0\Partition1
21:39:20.0839 6048 \Device\Harddisk0\DR0\Partition1 - ok
21:39:20.0845 6048 Boot (0x1200) (44e0253eb8d7076c64a86eb98482b028) \Device\Harddisk1\DR1\Partition0
21:39:20.0846 6048 \Device\Harddisk1\DR1\Partition0 - ok
21:39:20.0848 6048 Boot (0x1200) (027ebd3a546a5866ccec0d583f1ab9ae) \Device\Harddisk2\DR2\Partition0
21:39:20.0849 6048 \Device\Harddisk2\DR2\Partition0 - ok
21:39:20.0849 6048 ============================================================
21:39:20.0849 6048 Scan finished
21:39:20.0849 6048 ============================================================
21:39:20.0854 6080 Detected object count: 0
21:39:20.0854 6080 Actual detected object count: 0
21:40:55.0517 6120 Deinitialize success








aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 21:44:45
-----------------------------
21:44:45.984 OS Version: Windows x64 6.1.7601 Service Pack 1
21:44:45.985 Number of processors: 4 586 0x1A05
21:44:45.985 ComputerName: SAVAGE-PC UserName: Savage
21:44:46.110 Initialize success
21:45:26.883 AVAST engine defs: 12040901
21:45:38.463 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:45:38.463 Disk 0 Vendor: C300-CTF 0002 Size: 122104MB BusType: 3
21:45:38.463 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
21:45:38.463 Disk 1 Vendor: Maxtor_6 BANC Size: 194481MB BusType: 3
21:45:38.463 Disk 0 MBR read successfully
21:45:38.473 Disk 0 MBR scan
21:45:38.523 Disk 0 Windows 7 default MBR code
21:45:38.533 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:45:38.533 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
21:45:38.543 Disk 0 scanning C:\Windows\system32\drivers
21:45:41.384 Service scanning
21:45:48.045 Modules scanning
21:45:48.045 Disk 0 trace - called modules:
21:45:48.365 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:45:48.365 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006356060]
21:45:48.365 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005260050]
21:45:48.555 AVAST engine scan C:\Windows
21:45:49.685 AVAST engine scan C:\Windows\system32
21:46:52.576 AVAST engine scan C:\Windows\system32\drivers
21:46:55.807 AVAST engine scan C:\Users\Savage
21:47:40.307 AVAST engine scan C:\ProgramData
21:47:57.137 Scan finished successfully
21:49:27.926 Disk 0 MBR has been saved successfully to "C:\Users\Savage\Desktop\MBR.dat"
21:49:27.936 The log file has been saved successfully to "C:\Users\Savage\Desktop\aswMBR.txt"

Edited by Savo., 09 April 2012 - 03:58 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 09 April 2012 - 06:27 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
AtJob::
File::
c:\windows\SysWOW64\nshwfpp.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Savo.

Savo.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 10 April 2012 - 04:23 AM

Hello,

I dragged the file into ComboFix, and ran it again. But on internet explorer I am still being redirected when clicking on a link.

Here's the log from ComboFix



ComboFix 12-04-09.04 - Savage 10/04/2012 10:02:29.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4593 [GMT 1:00]
Running from: c:\users\Savage\Desktop\ComboFix.exe
Command switches used :: c:\users\Savage\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWOW64\nshwfpp.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 09:09 . 2012-04-10 09:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-10 09:09 . 2012-04-10 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 08:36 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{342C400F-7F53-46C3-BAE9-B2D8D33BBD42}\mpengine.dll
2012-04-09 16:21 . 2012-04-09 16:21 -------- d-----w- C:\Rbackup
2012-04-09 13:54 . 2012-04-09 13:54 205698 ----a-w- c:\programdata\1333979474.bdinstall.bin
2012-04-09 13:54 . 2012-04-09 13:54 -------- d-----w- c:\programdata\BDLogging
2012-04-09 13:53 . 2012-04-09 13:53 -------- d-----w- c:\users\Savage\AppData\Roaming\Bitdefender
2012-04-09 13:53 . 2012-04-09 13:54 -------- d-----w- c:\programdata\Bitdefender
2012-04-09 13:51 . 2012-04-09 13:51 -------- d-----w- c:\users\Savage\AppData\Roaming\QuickScan
2012-04-09 13:51 . 2012-04-09 13:51 -------- d-----w- c:\program files\Bitdefender
2012-04-09 13:51 . 2011-08-16 13:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-04-09 13:51 . 2011-10-27 14:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-04-09 13:50 . 2012-04-09 13:51 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-04-09 12:36 . 2012-04-09 12:36 -------- d-----w- c:\program files (x86)\MSSOAP
2012-04-09 12:16 . 2012-04-09 12:16 -------- d-----w- c:\users\Savage\AppData\Roaming\GetRightToGo
2012-04-09 10:25 . 2012-04-09 10:25 -------- d-----w- c:\users\Savage\AppData\Local\Threat Expert
2012-04-09 09:59 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-09 09:59 . 2012-04-09 10:26 -------- d-----w- c:\programdata\AVAST Software
2012-04-09 09:32 . 2012-04-09 16:09 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-09 09:32 . 2012-02-24 09:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-09 09:32 . 2012-04-09 16:08 -------- d-----w- c:\programdata\PC Tools
2012-04-09 09:32 . 2012-04-09 09:32 -------- d-----w- c:\users\Savage\AppData\Roaming\TestApp
2012-04-08 16:19 . 2012-04-08 16:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-08 16:14 . 2010-01-10 17:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-04-08 16:14 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-04-08 15:50 . 2012-04-08 16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-07 07:49 . 2011-04-05 16:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-07 07:49 . 2011-04-05 16:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-07 07:49 . 2011-04-05 16:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-07 07:49 . 2011-02-08 08:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-07 07:36 . 2012-04-09 09:55 -------- d-----w- C:\sh4ldr
2012-04-07 07:36 . 2012-04-07 07:36 -------- d-----w- c:\program files\Enigma Software Group
2012-04-07 07:36 . 2012-04-09 09:55 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-07 07:10 . 2012-04-07 07:10 -------- d-----w- c:\users\Savage\AppData\Local\Google
2012-04-07 07:09 . 2012-04-07 07:09 -------- d-----w- c:\users\Savage\AppData\Local\Deployment
2012-04-07 07:09 . 2012-04-07 07:09 -------- d-----w- c:\users\Savage\AppData\Local\Apps
2012-04-06 06:25 . 2012-04-06 06:25 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2012-04-05 07:23 . 2012-04-05 07:23 -------- d-----w- c:\programdata\rokapublish
2012-04-05 07:20 . 2012-04-05 07:20 -------- d-----w- c:\windows\SysWow64\2058
2012-04-05 06:34 . 2012-04-06 07:45 -------- d-----w- c:\programdata\PopCap Games
2012-04-05 06:02 . 2012-04-05 06:02 -------- d-----w- c:\programdata\SpinTop Games
2012-04-03 08:49 . 2012-04-03 08:49 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-03 07:44 . 2012-04-03 07:44 -------- d-----w- c:\users\Savage\AppData\Roaming\iWin
2012-04-03 07:37 . 2012-04-03 07:37 -------- d-----w- c:\programdata\cerasus.media
2012-04-03 07:37 . 2012-04-03 07:37 -------- d-----w- c:\users\Savage\AppData\Roaming\cerasus.media
2012-04-02 11:05 . 2012-04-02 11:05 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-24 19:08 . 2012-04-05 08:03 -------- d-----w- c:\users\Savage\AppData\Roaming\dvdcss
2012-03-20 19:22 . 2012-03-20 19:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-14 09:26 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:26 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:26 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:55 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:55 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:55 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 06:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 06:54 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 06:54 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:54 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:54 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 10:24 . 2012-03-11 10:24 -------- d-----w- c:\program files\iTunes
2012-03-11 10:24 . 2012-03-11 10:24 -------- d-----w- c:\program files (x86)\iTunes
2012-03-11 10:24 . 2012-03-11 10:24 -------- d-----w- c:\program files\iPod
2012-03-11 10:23 . 2012-03-11 10:23 -------- d-----w- c:\program files\Bonjour
2012-03-11 10:23 . 2012-03-11 10:23 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:49 . 2012-01-01 19:13 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-03 08:49 . 2012-01-01 19:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-03 08:49 . 2012-01-01 19:13 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-03 08:49 . 2012-01-01 19:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-02 11:05 . 2011-06-07 16:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 15:21 . 2011-04-16 08:18 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-29 15:21 . 2011-04-14 16:09 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-29 15:21 . 2011-04-14 16:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-11 12:48 . 2011-06-07 10:48 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-09 08:11 . 2012-03-09 08:11 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-03 17:44 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-03 16:13 . 2011-04-14 16:09 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-03 06:52 . 2010-12-01 16:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 09:18 . 2010-12-01 16:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 15:45 . 2012-02-17 15:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-02-10 04:13 . 2012-02-27 11:57 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 04:13 . 2012-02-27 11:57 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 04:13 . 2012-02-27 11:57 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-27 11:57 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-27 11:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-27 11:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 04:13 . 2012-02-27 11:57 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-02-10 04:13 . 2012-02-27 11:57 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-27 11:57 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-27 11:57 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-27 11:57 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-27 11:57 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 04:13 . 2012-02-27 11:57 25541952 ----a-w- c:\windows\system32\nvoglv64.dll
2012-02-10 04:13 . 2012-02-27 11:57 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-27 11:57 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-02-10 04:13 . 2012-02-27 11:57 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-27 11:57 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 04:13 . 2012-02-27 11:57 19443520 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-02-10 04:13 . 2012-02-27 11:57 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-02-27 11:57 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-10 04:13 . 2012-02-27 11:57 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-02-27 11:57 13624128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-26 07:04 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2011-08-26 07:04 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2011-04-19 17:32 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-10 04:13 . 2010-12-01 17:09 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 04:13 . 2010-12-01 17:09 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 03:14 . 2011-04-07 22:19 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2011-04-07 22:18 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2011-04-07 22:19 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-10 03:07 . 2011-04-07 22:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:07 . 2011-04-07 22:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:07 . 2010-10-16 12:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:05 . 2012-02-27 11:57 2497985 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-09 20:05 . 2012-02-09 20:05 45056 ----a-w- c:\windows\SysWow64\nvStreaminng.exe
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-01-19 09:22 . 2012-01-19 09:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
2012-01-17 12:46 . 2012-02-27 11:57 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-17 12:45 . 2012-02-27 11:57 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-17 12:45 . 2012-02-27 11:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_15.14.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-11 00:58 . 2011-06-11 00:58 51024 c:\windows\SysWOW64\vcomp100.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 81744 c:\windows\SysWOW64\mfcm100u.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 81744 c:\windows\SysWOW64\mfcm100.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 81744 c:\windows\SysWOW64\mfcm100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 60752 c:\windows\SysWOW64\mfc100rus.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 60752 c:\windows\SysWOW64\mfc100rus.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 43344 c:\windows\SysWOW64\mfc100kor.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 64336 c:\windows\SysWOW64\mfc100fra.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\SysWOW64\mfc100fra.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 36176 c:\windows\SysWOW64\mfc100chs.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2009-07-14 04:54 . 2012-04-09 14:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 09:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 09:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 14:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-10 09:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 14:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 16:13 . 2012-04-10 08:34 46564 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-10 08:34 36642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-01 15:58 . 2012-04-10 08:34 11476 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2608702294-3157462213-4233021008-1000_UserData.bin
- 2011-02-19 21:51 . 2011-02-19 21:51 57168 c:\windows\system32\vcomp100.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 57168 c:\windows\system32\vcomp100.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 93008 c:\windows\system32\mfcm100u.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 93008 c:\windows\system32\mfcm100u.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 93008 c:\windows\system32\mfcm100.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 93008 c:\windows\system32\mfcm100.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 60752 c:\windows\system32\mfc100rus.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 60752 c:\windows\system32\mfc100rus.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 43344 c:\windows\system32\mfc100kor.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 43856 c:\windows\system32\mfc100jpn.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 64336 c:\windows\system32\mfc100fra.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 63824 c:\windows\system32\mfc100esn.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 63824 c:\windows\system32\mfc100esn.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 64336 c:\windows\system32\mfc100deu.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 36176 c:\windows\system32\mfc100cht.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 36176 c:\windows\system32\mfc100chs.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 36176 c:\windows\system32\mfc100chs.dll
- 2012-04-09 14:50 . 2012-04-09 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-10 09:10 . 2012-04-10 09:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-09 09:35 . 2012-04-09 15:52 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-09 09:35 . 2012-04-09 14:50 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-02-19 22:03 . 2011-02-19 22:03 138056 c:\windows\SysWOW64\atl100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 138056 c:\windows\SysWOW64\atl100.dll
+ 2010-12-06 18:07 . 2012-04-09 17:57 307428 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-09 14:54 637182 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-10 08:37 637182 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-09 14:54 114624 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-10 08:37 114624 c:\windows\system32\perfc009.dat
+ 2011-06-11 00:15 . 2011-06-11 00:15 829264 c:\windows\system32\msvcr100.dll
- 2011-02-18 23:52 . 2011-02-18 23:52 829264 c:\windows\system32\msvcr100.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 608080 c:\windows\system32\msvcp100.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 608080 c:\windows\system32\msvcp100.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 158536 c:\windows\system32\atl100.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 158536 c:\windows\system32\atl100.dll
+ 2009-07-14 05:01 . 2012-04-10 09:09 275576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-09 14:49 275576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-11 00:58 . 2011-06-11 00:58 4422992 c:\windows\SysWOW64\mfc100u.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58 4397384 c:\windows\SysWOW64\mfc100.dll
- 2011-02-19 22:03 . 2011-02-19 22:03 4397384 c:\windows\SysWOW64\mfc100.dll
- 2011-02-19 21:51 . 2011-02-19 21:51 5601616 c:\windows\system32\mfc100u.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 5601616 c:\windows\system32\mfc100u.dll
+ 2011-06-11 00:15 . 2011-06-11 00:15 5574984 c:\windows\system32\mfc100.dll
+ 2010-12-02 14:52 . 2012-04-10 09:09 5429412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-8192.dat
- 2010-12-02 14:52 . 2012-04-09 14:49 5429412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-8192.dat
+ 2011-06-28 20:27 . 2011-06-28 20:27 4028928 c:\windows\Installer\1c7796.msp
+ 2011-06-28 20:21 . 2011-06-28 20:21 4637184 c:\windows\Installer\1c55c6.msp
+ 2011-03-22 12:42 . 2012-04-09 18:23 45804961 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-4096.dat
- 2011-03-22 12:42 . 2012-04-09 14:49 45804961 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-4096.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{72E3328C-6531-7DA4-415C-500F22C54648}]
2010-11-20 12:20 73728 ----a-w- c:\windows\SysWOW64\nshwfpp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-11 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-11 61712]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:05]
.
2012-04-05 c:\windows\Tasks\At1.job
- c:\windows\SysWOW64\nvStreaminng.exe [2012-02-09 20:05]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000Core.job
- c:\users\Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 07:10]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000UA.job
- c:\users\Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 07:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: northernbank.co.uk\www
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,6d,f9,9b,70,f5,50,96,c1,11,a0,c8,73,f6,0a,7e,a8,a2,19,49,e7,
e9,a1,1e,3a,ed,c6,75,5d,58,6d,2d,ef,82,c4,2e,8a,93,8c,4e,f5,91,85,f5,2f,54,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-04-10 10:13:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 09:13
ComboFix2.txt 2012-04-09 15:17
.
Pre-Run: 5,183,717,376 bytes free
Post-Run: 5,664,186,368 bytes free
.
- - End Of File - - 47FD53C9335D8C659731F53B667EE239

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 10 April 2012 - 05:54 AM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\SysWOW64\nshwfpp.dll
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Savo.

Savo.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 10 April 2012 - 08:21 AM

I ran Blitzblank and it seems to have done the job. Internet explorer is running fine, and I am not being redirected anymore :thumbsup: .

I just want to say thankyou Gringo for your help, and it's really appreciated.

There's were two logs reported from Blitzblank, one was a small report. So here's the two logs from Blitzblank


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\nshwfpp.dll", destinationFile = "(null)", replaceWithDummy = 0



2012-04-09 15:48:58.089 PROFILE [Midas stop] [0ms]
2012-04-09 15:48:58.089 PROFILE [StopProxies] [0ms]
2012-04-09 15:48:58.339 PROFILE [Stop Drivers] [257ms]
2012-04-09 15:48:58.339 PROFILE [Unload html] [0ms]
2012-04-09 15:48:58.339 PROFILE [Registration data] [0ms]
2012-04-09 15:48:58.339 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-09 15:48:58.339 PROFILE [GM unload] [0ms]
2012-04-09 15:48:58.339 PROFILE [Vulner uninit] [0ms]
2012-04-09 15:48:58.339 PROFILE [Parental uninit] [0ms]
2012-04-09 15:48:58.339 PROFILE [WSACleanup] [0ms]
2012-04-09 15:48:58.354 PROFILE [Free SF] [15ms]
2012-04-09 15:48:58.354 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-09 15:48:58.354 PROFILE [AntiPh & AS unload] [0ms]
2012-04-09 15:48:58.354 PROFILE [LogUnInit] [0ms]
2012-04-09 15:49:00.507 PROFILE [CM Stop & eventq uninit] [2s:148ms]
2012-04-09 15:49:00.507 PROFILE [npcomm uninit] [0ms]
2012-04-09 15:49:00.507 PROFILE [STOP Received - time] [2s:427ms]
2012-04-09 16:20:55.478 PROFILE [Midas stop] [0ms]
2012-04-09 16:20:55.478 PROFILE [StopProxies] [0ms]
2012-04-09 16:20:55.681 PROFILE [Stop Drivers] [201ms]
2012-04-09 16:20:55.681 PROFILE [Unload html] [0ms]
2012-04-09 16:20:55.681 PROFILE [Registration data] [0ms]
2012-04-09 16:20:55.681 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-09 16:20:55.681 PROFILE [GM unload] [0ms]
2012-04-09 16:20:55.681 PROFILE [Vulner uninit] [0ms]
2012-04-09 16:20:55.681 PROFILE [Parental uninit] [0ms]
2012-04-09 16:20:55.681 PROFILE [WSACleanup] [0ms]
2012-04-09 16:20:55.697 PROFILE [Free SF] [14ms]
2012-04-09 16:20:55.697 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-09 16:20:55.697 PROFILE [AntiPh & AS unload] [0ms]
2012-04-09 16:20:55.697 PROFILE [LogUnInit] [0ms]
2012-04-09 16:20:57.803 PROFILE [CM Stop & eventq uninit] [2s:113ms]
2012-04-09 16:20:57.803 PROFILE [npcomm uninit] [0ms]
2012-04-09 16:20:57.803 PROFILE [STOP Received - time] [2s:331ms]
2012-04-09 17:08:09.377 PROFILE [Midas stop] [0ms]
2012-04-09 17:08:09.377 PROFILE [StopProxies] [0ms]
2012-04-09 17:08:09.627 PROFILE [Stop Drivers] [247ms]
2012-04-09 17:08:09.627 PROFILE [Unload html] [0ms]
2012-04-09 17:08:09.627 PROFILE [Registration data] [0ms]
2012-04-09 17:08:09.627 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-09 17:08:09.627 PROFILE [GM unload] [0ms]
2012-04-09 17:08:09.627 PROFILE [Vulner uninit] [0ms]
2012-04-09 17:08:09.627 PROFILE [Parental uninit] [0ms]
2012-04-09 17:08:09.627 PROFILE [WSACleanup] [0ms]
2012-04-09 17:08:09.627 PROFILE [Free SF] [13ms]
2012-04-09 17:08:09.627 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-09 17:08:09.627 PROFILE [AntiPh & AS unload] [0ms]
2012-04-09 17:08:09.642 PROFILE [LogUnInit] [0ms]
2012-04-09 17:08:11.265 PROFILE [CM Stop & eventq uninit] [1s:624ms]
2012-04-09 17:08:11.265 PROFILE [npcomm uninit] [0ms]
2012-04-09 17:08:11.265 PROFILE [STOP Received - time] [1s:889ms]
2012-04-09 17:33:04.870 PROFILE [Midas stop] [0ms]
2012-04-09 17:33:04.870 PROFILE [StopProxies] [0ms]
2012-04-09 17:33:05.260 PROFILE [Stop Drivers] [388ms]
2012-04-09 17:33:05.260 PROFILE [Unload html] [0ms]
2012-04-09 17:33:05.260 PROFILE [Registration data] [0ms]
2012-04-09 17:33:05.260 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-09 17:33:05.260 PROFILE [GM unload] [0ms]
2012-04-09 17:33:05.260 PROFILE [Vulner uninit] [0ms]
2012-04-09 17:33:05.260 PROFILE [Parental uninit] [0ms]
2012-04-09 17:33:05.260 PROFILE [WSACleanup] [0ms]
2012-04-09 17:33:05.276 PROFILE [Free SF] [15ms]
2012-04-09 17:33:05.276 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-09 17:33:05.276 PROFILE [AntiPh & AS unload] [0ms]
2012-04-09 17:33:05.276 PROFILE [LogUnInit] [0ms]
2012-04-09 17:33:07.070 PROFILE [CM Stop & eventq uninit] [1s:796ms]
2012-04-09 17:33:07.070 PROFILE [npcomm uninit] [0ms]
2012-04-09 17:33:07.070 PROFILE [STOP Received - time] [2s:203ms]
2012-04-09 19:23:45.944 PROFILE [Midas stop] [0ms]
2012-04-09 19:23:45.944 PROFILE [StopProxies] [0ms]
2012-04-09 19:23:46.365 PROFILE [Stop Drivers] [419ms]
2012-04-09 19:23:46.365 PROFILE [Unload html] [0ms]
2012-04-09 19:23:46.365 PROFILE [Registration data] [0ms]
2012-04-09 19:23:46.365 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-09 19:23:46.365 PROFILE [GM unload] [0ms]
2012-04-09 19:23:46.365 PROFILE [Vulner uninit] [0ms]
2012-04-09 19:23:46.365 PROFILE [Parental uninit] [0ms]
2012-04-09 19:23:46.365 PROFILE [WSACleanup] [0ms]
2012-04-09 19:23:46.381 PROFILE [Free SF] [20ms]
2012-04-09 19:23:46.381 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-09 19:23:46.381 PROFILE [AntiPh & AS unload] [0ms]
2012-04-09 19:23:46.381 PROFILE [LogUnInit] [0ms]
2012-04-09 19:23:48.534 PROFILE [CM Stop & eventq uninit] [2s:154ms]
2012-04-09 19:23:48.534 PROFILE [npcomm uninit] [0ms]
2012-04-09 19:23:48.534 PROFILE [STOP Received - time] [2s:598ms]
2012-04-09 22:09:11.136 PROFILE [Midas stop] [0ms]
2012-04-09 22:09:11.136 PROFILE [StopProxies] [0ms]
2012-04-09 22:09:11.416 PROFILE [Stop Drivers] [279ms]
2012-04-09 22:09:11.416 PROFILE [Unload html] [0ms]
2012-04-09 22:09:11.416 PROFILE [Registration data] [0ms]
2012-04-09 22:09:11.416 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-09 22:09:11.416 PROFILE [GM unload] [0ms]
2012-04-09 22:09:11.416 PROFILE [Vulner uninit] [0ms]
2012-04-09 22:09:11.416 PROFILE [Parental uninit] [0ms]
2012-04-09 22:09:11.416 PROFILE [WSACleanup] [0ms]
2012-04-09 22:09:11.416 PROFILE [Free SF] [13ms]
2012-04-09 22:09:11.416 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-09 22:09:11.416 PROFILE [AntiPh & AS unload] [0ms]
2012-04-09 22:09:11.432 PROFILE [LogUnInit] [0ms]
2012-04-09 22:09:13.476 PROFILE [CM Stop & eventq uninit] [2s:43ms]
2012-04-09 22:09:13.476 PROFILE [npcomm uninit] [0ms]
2012-04-09 22:09:13.476 PROFILE [STOP Received - time] [2s:340ms]
2012-04-10 10:09:07.278 PROFILE [Midas stop] [0ms]
2012-04-10 10:09:07.278 PROFILE [StopProxies] [0ms]
2012-04-10 10:09:07.543 PROFILE [Stop Drivers] [264ms]
2012-04-10 10:09:07.543 PROFILE [Unload html] [0ms]
2012-04-10 10:09:07.543 PROFILE [Registration data] [0ms]
2012-04-10 10:09:07.543 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-10 10:09:07.543 PROFILE [GM unload] [0ms]
2012-04-10 10:09:07.543 PROFILE [Vulner uninit] [0ms]
2012-04-10 10:09:07.543 PROFILE [Parental uninit] [0ms]
2012-04-10 10:09:07.543 PROFILE [WSACleanup] [0ms]
2012-04-10 10:09:07.543 PROFILE [Free SF] [13ms]
2012-04-10 10:09:07.543 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-10 10:09:07.543 PROFILE [AntiPh & AS unload] [0ms]
2012-04-10 10:09:07.543 PROFILE [LogUnInit] [0ms]
2012-04-10 10:09:09.104 PROFILE [CM Stop & eventq uninit] [1s:548ms]
2012-04-10 10:09:09.104 PROFILE [npcomm uninit] [0ms]
2012-04-10 10:09:09.104 PROFILE [STOP Received - time] [1s:828ms]
2012-04-10 11:17:38.167 PROFILE [Midas stop] [0ms]
2012-04-10 11:17:38.182 PROFILE [StopProxies] [1ms]
2012-04-10 11:17:38.245 PROFILE [Stop Drivers] [73ms]
2012-04-10 11:17:38.245 PROFILE [Unload html] [1ms]
2012-04-10 11:17:38.245 PROFILE [Registration data] [0ms]
2012-04-10 11:17:38.245 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-10 11:17:38.245 PROFILE [GM unload] [0ms]
2012-04-10 11:17:38.245 PROFILE [Vulner uninit] [1ms]
2012-04-10 11:17:38.260 PROFILE [Parental uninit] [0ms]
2012-04-10 11:17:38.260 PROFILE [WSACleanup] [0ms]
2012-04-10 11:17:38.276 PROFILE [Free SF] [19ms]
2012-04-10 11:17:38.276 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-10 11:17:38.276 PROFILE [AntiPh & AS unload] [0ms]
2012-04-10 11:17:38.276 PROFILE [LogUnInit] [0ms]
2012-04-10 11:17:40.538 PROFILE [CM Stop & eventq uninit] [2s:263ms]
2012-04-10 11:17:40.538 PROFILE [npcomm uninit] [0ms]
2012-04-10 11:17:40.538 PROFILE [STOP Received - time] [2s:370ms]
2012-04-10 12:04:27.365 PROFILE [Midas stop] [0ms]
2012-04-10 12:04:27.365 PROFILE [StopProxies] [0ms]
2012-04-10 12:04:27.880 PROFILE [Stop Drivers] [513ms]
2012-04-10 12:04:27.880 PROFILE [Unload html] [0ms]
2012-04-10 12:04:27.880 PROFILE [Registration data] [0ms]
2012-04-10 12:04:27.880 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-10 12:04:27.880 PROFILE [GM unload] [0ms]
2012-04-10 12:04:27.880 PROFILE [Vulner uninit] [0ms]
2012-04-10 12:04:27.880 PROFILE [Parental uninit] [0ms]
2012-04-10 12:04:27.880 PROFILE [WSACleanup] [0ms]
2012-04-10 12:04:27.895 PROFILE [Free SF] [13ms]
2012-04-10 12:04:27.895 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-10 12:04:27.895 PROFILE [AntiPh & AS unload] [0ms]
2012-04-10 12:04:27.895 PROFILE [LogUnInit] [0ms]
2012-04-10 12:04:29.923 PROFILE [CM Stop & eventq uninit] [2s:28ms]
2012-04-10 12:04:29.923 PROFILE [npcomm uninit] [0ms]
2012-04-10 12:04:29.923 PROFILE [STOP Received - time] [2s:558ms]
2012-04-10 12:24:29.275 PROFILE [Midas stop] [0ms]
2012-04-10 12:24:29.275 PROFILE [StopProxies] [0ms]
2012-04-10 12:24:29.681 PROFILE [Stop Drivers] [404ms]
2012-04-10 12:24:29.681 PROFILE [Unload html] [0ms]
2012-04-10 12:24:29.681 PROFILE [Registration data] [0ms]
2012-04-10 12:24:29.681 PROFILE [NPCOMM_MSG_VSSERVDOWN NPC_BDAGENT_MAIN] [0ms]
2012-04-10 12:24:29.681 PROFILE [GM unload] [0ms]
2012-04-10 12:24:29.681 PROFILE [Vulner uninit] [0ms]
2012-04-10 12:24:29.681 PROFILE [Parental uninit] [0ms]
2012-04-10 12:24:29.681 PROFILE [WSACleanup] [0ms]
2012-04-10 12:24:29.681 PROFILE [Free SF] [13ms]
2012-04-10 12:24:29.681 PROFILE [UninitializeMultiUserSupport] [0ms]
2012-04-10 12:24:29.681 PROFILE [AntiPh & AS unload] [0ms]
2012-04-10 12:24:29.696 PROFILE [LogUnInit] [0ms]
2012-04-10 12:24:31.412 PROFILE [CM Stop & eventq uninit] [1s:717ms]
2012-04-10 12:24:31.412 PROFILE [npcomm uninit] [0ms]
2012-04-10 12:24:31.412 PROFILE [STOP Received - time] [2s:138ms]

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 10 April 2012 - 05:26 PM

Hello

I want you to run this script to clean up the rest of this thing


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
AtJob::
File::
c:\windows\SysWOW64\nshwfpp.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Savo.

Savo.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 11 April 2012 - 01:14 AM

Hello,

The Internet Explorer seems to be running good.

Here's the Combofix log



ComboFix 12-04-09.04 - Savage 11/04/2012 6:48.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4334 [GMT 1:00]
Running from: c:\users\Savage\Desktop\ComboFix.exe
Command switches used :: c:\users\Savage\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\SysWOW64\nshwfpp.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 05:55 . 2012-04-11 05:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-11 05:55 . 2012-04-11 05:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 13:45 . 2012-04-10 13:45 -------- d-----w- c:\program files (x86)\uTorrent
2012-04-10 08:36 . 2012-03-20 02:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{342C400F-7F53-46C3-BAE9-B2D8D33BBD42}\mpengine.dll
2012-04-09 16:21 . 2012-04-09 16:21 -------- d-----w- C:\Rbackup
2012-04-09 13:54 . 2012-04-09 13:54 205698 ----a-w- c:\programdata\1333979474.bdinstall.bin
2012-04-09 13:54 . 2012-04-09 13:54 -------- d-----w- c:\programdata\BDLogging
2012-04-09 13:53 . 2012-04-09 13:53 -------- d-----w- c:\users\Savage\AppData\Roaming\Bitdefender
2012-04-09 13:53 . 2012-04-09 13:54 -------- d-----w- c:\programdata\Bitdefender
2012-04-09 13:51 . 2012-04-09 13:51 -------- d-----w- c:\users\Savage\AppData\Roaming\QuickScan
2012-04-09 13:51 . 2012-04-09 13:51 -------- d-----w- c:\program files\Bitdefender
2012-04-09 13:51 . 2011-08-16 13:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-04-09 13:51 . 2011-10-27 14:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-04-09 13:50 . 2012-04-09 13:51 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-04-09 12:36 . 2012-04-09 12:36 -------- d-----w- c:\program files (x86)\MSSOAP
2012-04-09 12:16 . 2012-04-09 12:16 -------- d-----w- c:\users\Savage\AppData\Roaming\GetRightToGo
2012-04-09 10:25 . 2012-04-09 10:25 -------- d-----w- c:\users\Savage\AppData\Local\Threat Expert
2012-04-09 09:59 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-09 09:59 . 2012-04-09 10:26 -------- d-----w- c:\programdata\AVAST Software
2012-04-09 09:32 . 2012-04-09 16:09 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-04-09 09:32 . 2012-02-24 09:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-04-09 09:32 . 2012-04-09 16:08 -------- d-----w- c:\programdata\PC Tools
2012-04-09 09:32 . 2012-04-09 09:32 -------- d-----w- c:\users\Savage\AppData\Roaming\TestApp
2012-04-08 16:19 . 2012-04-08 16:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-08 16:14 . 2010-01-10 17:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-04-08 16:14 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-04-08 15:50 . 2012-04-08 16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-07 07:49 . 2011-04-05 16:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-07 07:49 . 2011-04-05 16:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-07 07:49 . 2011-04-05 16:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-07 07:49 . 2011-02-08 08:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-07 07:36 . 2012-04-09 09:55 -------- d-----w- C:\sh4ldr
2012-04-07 07:36 . 2012-04-07 07:36 -------- d-----w- c:\program files\Enigma Software Group
2012-04-07 07:36 . 2012-04-09 09:55 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-07 07:10 . 2012-04-07 07:10 -------- d-----w- c:\users\Savage\AppData\Local\Google
2012-04-07 07:09 . 2012-04-07 07:09 -------- d-----w- c:\users\Savage\AppData\Local\Deployment
2012-04-07 07:09 . 2012-04-07 07:09 -------- d-----w- c:\users\Savage\AppData\Local\Apps
2012-04-06 06:25 . 2012-04-06 06:25 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2012-04-05 07:23 . 2012-04-05 07:23 -------- d-----w- c:\programdata\rokapublish
2012-04-05 07:20 . 2012-04-05 07:20 -------- d-----w- c:\windows\SysWow64\2058
2012-04-05 06:34 . 2012-04-06 07:45 -------- d-----w- c:\programdata\PopCap Games
2012-04-05 06:02 . 2012-04-05 06:02 -------- d-----w- c:\programdata\SpinTop Games
2012-04-03 08:49 . 2012-04-03 08:49 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-03 07:44 . 2012-04-03 07:44 -------- d-----w- c:\users\Savage\AppData\Roaming\iWin
2012-04-03 07:37 . 2012-04-03 07:37 -------- d-----w- c:\programdata\cerasus.media
2012-04-03 07:37 . 2012-04-03 07:37 -------- d-----w- c:\users\Savage\AppData\Roaming\cerasus.media
2012-04-02 11:05 . 2012-04-02 11:05 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-24 19:08 . 2012-04-05 08:03 -------- d-----w- c:\users\Savage\AppData\Roaming\dvdcss
2012-03-20 19:22 . 2012-03-20 19:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-03-14 09:26 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:26 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:26 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:55 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:55 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:55 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 06:54 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:54 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 06:54 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:54 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 06:54 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:54 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:54 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:49 . 2012-01-01 19:13 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-03 08:49 . 2012-01-01 19:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-03 08:49 . 2012-01-01 19:13 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-03 08:49 . 2012-01-01 19:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-02 11:05 . 2011-06-07 16:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 15:21 . 2011-04-16 08:18 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-29 15:21 . 2011-04-14 16:09 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-29 15:21 . 2011-04-14 16:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-11 12:48 . 2011-06-07 10:48 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-09 08:11 . 2012-03-09 08:11 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-03 17:44 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-03 16:13 . 2011-04-14 16:09 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-03 06:52 . 2010-12-01 16:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 09:18 . 2010-12-01 16:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 15:45 . 2012-02-17 15:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-02-10 04:13 . 2012-02-27 11:57 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 04:13 . 2012-02-27 11:57 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 04:13 . 2012-02-27 11:57 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-02-27 11:57 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-02-27 11:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-02-27 11:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 04:13 . 2012-02-27 11:57 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-02-10 04:13 . 2012-02-27 11:57 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-27 11:57 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 04:13 . 2012-02-27 11:57 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-27 11:57 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-02-27 11:57 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 04:13 . 2012-02-27 11:57 25541952 ----a-w- c:\windows\system32\nvoglv64.dll
2012-02-10 04:13 . 2012-02-27 11:57 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-02-27 11:57 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-02-10 04:13 . 2012-02-27 11:57 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 04:13 . 2012-02-27 11:57 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 04:13 . 2012-02-27 11:57 19443520 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-02-10 04:13 . 2012-02-27 11:57 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-02-27 11:57 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-10 04:13 . 2012-02-27 11:57 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2012-02-27 11:57 13624128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2011-08-26 07:04 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2011-08-26 07:04 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2011-04-19 17:32 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-10 04:13 . 2010-12-01 17:09 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 04:13 . 2010-12-01 17:09 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 03:14 . 2011-04-07 22:19 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2011-04-07 22:18 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2011-04-07 22:19 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-10 03:07 . 2011-04-07 22:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:07 . 2011-04-07 22:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:07 . 2010-10-16 12:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:05 . 2012-02-27 11:57 2497985 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-09 20:05 . 2012-02-09 20:05 45056 ----a-w- c:\windows\SysWow64\nvStreaminng.exe
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-01-19 09:22 . 2012-01-19 09:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
2012-01-17 12:46 . 2012-02-27 11:57 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-01-17 12:45 . 2012-02-27 11:57 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-01-17 12:45 . 2012-02-27 11:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-10_09.10.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-10 09:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-11 05:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-10 09:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-11 05:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-10 09:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-11 05:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-01 16:13 . 2012-04-11 05:39 47264 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-11 05:39 36990 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-01 15:58 . 2012-04-11 05:39 11572 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2608702294-3157462213-4233021008-1000_UserData.bin
+ 2010-12-01 23:46 . 2012-04-10 12:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 23:46 . 2012-04-09 14:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-01 23:46 . 2012-04-09 14:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-01 23:46 . 2012-04-10 12:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-10 12:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 14:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-11 05:58 . 2012-04-11 05:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-10 09:10 . 2012-04-10 09:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-10 08:37 637182 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-11 05:42 637182 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-11 05:42 114624 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-10 08:37 114624 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-11 05:55 275576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-10 09:09 275576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-02 14:52 . 2012-04-11 05:55 5429412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-8192.dat
- 2010-12-02 14:52 . 2012-04-10 09:09 5429412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-8192.dat
+ 2011-03-26 09:37 . 2012-04-10 10:17 3237328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-12288.dat
- 2011-03-26 09:37 . 2012-04-09 13:34 3237328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-12288.dat
- 2011-03-22 12:42 . 2012-04-09 18:23 45804961 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-4096.dat
+ 2011-03-22 12:42 . 2012-04-10 17:10 45804961 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2608702294-3157462213-4233021008-1000-4096.dat
+ 2012-04-11 05:47 . 2012-04-11 05:47 10788864 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-11 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-11 61712]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 11:05]
.
2012-04-05 c:\windows\Tasks\At1.job
- c:\windows\SysWOW64\nvStreaminng.exe [2012-02-09 20:05]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000Core.job
- c:\users\Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 07:10]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000UA.job
- c:\users\Savage\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 07:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: northernbank.co.uk\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{72E3328C-6531-7DA4-415C-500F22C54648} - c:\windows\SysWOW64\nshwfpp.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,6d,f9,9b,70,f5,50,96,c1,11,a0,c8,73,f6,0a,7e,a8,a2,19,49,e7,
e9,a1,1e,3a,ed,c6,75,5d,58,6d,2d,ef,82,c4,2e,8a,93,8c,4e,f5,91,85,f5,2f,54,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-04-11 07:00:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 06:00
ComboFix2.txt 2012-04-10 09:13
ComboFix3.txt 2012-04-09 15:17
.
Pre-Run: 5,137,489,920 bytes free
Post-Run: 4,883,767,296 bytes free
.
- - End Of File - - 02848B6E039B1B00B784DE1A3C510C08

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 11 April 2012 - 08:12 AM

Hello

there is something not getting removed so I want to run this scan and see if it shows up here

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Savo.

Savo.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 11 April 2012 - 12:21 PM

Hello,

Here's OTL.txt log report



OTL logfile created on: 11/04/2012 18:09:33 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Savage\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.56 Gb Available Physical Memory | 75.97% Memory free
12.00 Gb Paging File | 10.44 Gb Available in Paging File | 87.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 4.60 Gb Free Space | 3.86% Space Free | Partition Type: NTFS
Drive D: | 189.91 Gb Total Space | 150.62 Gb Free Space | 79.31% Space Free | Partition Type: NTFS
Drive G: | 931.28 Gb Total Space | 534.91 Gb Free Space | 57.44% Space Free | Partition Type: FAT32

Computer Name: SAVAGE-PC | User Name: Savage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Savage\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()
MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe (Bitdefender)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe (Bitdefender)
SRV:64bit: - (Update Server) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
DRV:64bit: - (bdsandbox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV:64bit: - (SbTis) -- C:\Windows\SysNative\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV:64bit: - (zghsmdm) -- C:\Windows\SysNative\drivers\zghsmdm.sys (ZTE Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (nvoclk64) -- C:\Windows\SysNative\drivers\nvoclk64.sys (NVIDIA Corp.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SaiH8000) -- C:\Windows\SysNative\drivers\SaiH8000.sys (Saitek)
DRV:64bit: - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\SysNative\drivers\s116unic.sys (MCCI Corporation)
DRV:64bit: - (s116obex) -- C:\Windows\SysNative\drivers\s116obex.sys (MCCI Corporation)
DRV:64bit: - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s116mgmt.sys (MCCI Corporation)
DRV:64bit: - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\SysNative\drivers\s116nd5.sys (MCCI Corporation)
DRV:64bit: - (s116mdm) -- C:\Windows\SysNative\drivers\s116mdm.sys (MCCI Corporation)
DRV:64bit: - (s116mdfl) -- C:\Windows\SysNative\drivers\s116mdfl.sys (MCCI Corporation)
DRV:64bit: - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\SysNative\drivers\s116bus.sys (MCCI Corporation)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{987108F8-DAC4-45c2-AA27-0443121F54B7}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=ce45d7da-1844-11e1-b819-1c6f6538337d&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = G:\Downloads G
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 3F 57 23 72 91 CB 01 [binary data]
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\..\SearchScopes,DefaultScope = {7C0CD47E-BD27-40e7-BB16-82C968B1E2D2}
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\..\SearchScopes\{7C0CD47E-BD27-40e7-BB16-82C968B1E2D2}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\..\SearchScopes\{987108F8-DAC4-45c2-AA27-0443121F54B7}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=ce45d7da-1844-11e1-b819-1c6f6538337d&q={searchTerms}
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\..\SearchScopes\{B86FD7E9-1204-4fec-8264-C6EF8613BA68}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Savage\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Savage\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Savage\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Savage\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Savage\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Savage\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IGN Entertainment, Inc. = C:\Users\Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\egaldchnbmmdfealahdjkjenipolfggb\1_0\
CHR - Extension: Gmail = C:\Users\Savage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/11 06:58:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {72E3328C-6531-7DA4-415C-500F22C54648} - C:\Windows\SysWOW64\nshwfpp.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-21-2608702294-3157462213-4233021008-1009..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2608702294-3157462213-4233021008-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2608702294-3157462213-4233021008-1009\Software\Policies\Microsoft\Internet Explorer\control panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2608702294-3157462213-4233021008-1000\..Trusted Domains: northernbank.co.uk ([www] https in Trusted sites)
O16 - DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.4.21.0.cab (SysInfo Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FBAA943-FA99-42D4-A396-E4767A8BEA67}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/17 07:29:04 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/11 18:07:19 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Savage\Desktop\OTL.exe
[2012/04/11 17:42:58 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{3BBCD568-587A-44C5-A9CA-B2E47FCD9C5D}
[2012/04/11 08:45:17 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 08:45:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 08:45:16 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 08:45:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 08:45:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 08:45:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 08:45:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 08:45:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 08:45:15 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 08:45:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 08:45:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 08:45:07 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 08:45:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 08:45:07 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 08:44:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 08:44:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 08:44:07 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/11 08:24:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/10 14:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/04/10 12:20:49 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{A338FEB6-63D6-4797-91A4-8BC560837D0D}
[2012/04/09 17:21:48 | 000,000,000 | ---D | C] -- C:\Rbackup
[2012/04/09 16:06:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/09 16:06:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/09 16:06:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/09 16:06:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/09 16:05:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/09 15:55:38 | 004,453,897 | R--- | C] (Swearware) -- C:\Users\Savage\Desktop\ComboFix.exe
[2012/04/09 14:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/04/09 14:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
[2012/04/09 14:53:51 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Roaming\Bitdefender
[2012/04/09 14:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012/04/09 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Roaming\QuickScan
[2012/04/09 14:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/04/09 14:51:18 | 000,442,088 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2012/04/09 14:51:17 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012/04/09 14:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/04/09 14:41:30 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{F61454E0-A5F5-47A5-BCE3-F467726AE7F6}
[2012/04/09 13:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2012/04/09 13:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012/04/09 13:16:52 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Roaming\GetRightToGo
[2012/04/09 11:25:31 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\Threat Expert
[2012/04/09 10:59:32 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/04/09 10:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/04/09 10:32:26 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/09 10:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/09 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Roaming\TestApp
[2012/04/09 10:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/08 19:57:12 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/08 19:57:12 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/08 19:57:12 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/08 19:57:12 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/08 19:57:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/08 19:57:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/08 19:57:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/08 19:57:11 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/08 19:57:11 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/08 19:57:11 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/08 19:57:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/08 19:57:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/08 19:57:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/08 19:57:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/08 19:57:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/08 19:57:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/08 19:57:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/08 19:57:11 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/08 19:57:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/08 19:57:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/08 19:57:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/08 19:57:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/08 19:57:10 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/08 19:57:10 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/08 19:57:10 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/08 19:57:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/08 19:57:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/08 19:57:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/08 19:57:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/08 19:57:10 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/08 19:57:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/08 19:57:10 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/08 19:57:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/08 19:57:10 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/08 19:57:10 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/08 19:57:10 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/08 19:57:10 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/08 19:57:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/08 19:57:10 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/08 19:57:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/08 19:57:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/08 19:57:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/08 19:57:10 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/08 19:57:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/08 19:57:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/08 19:57:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/08 19:57:09 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/08 19:57:09 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/08 19:57:09 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/08 19:57:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/08 19:57:09 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/08 19:57:09 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/08 19:57:09 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/08 19:57:09 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/08 19:57:09 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/08 19:57:09 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/08 19:57:09 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/08 19:57:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/08 19:57:09 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/08 19:57:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/08 19:57:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/08 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{C4FC0962-D85A-4094-96ED-9AE3BACECEF2}
[2012/04/08 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/04/08 17:14:28 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/04/08 17:14:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2012/04/08 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/08 12:07:34 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{0B15D480-C583-488E-AF55-7A21BBF8BA7E}
[2012/04/07 08:49:46 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbtis.sys
[2012/04/07 08:49:46 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/04/07 08:49:43 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/04/07 08:49:43 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/04/07 08:36:33 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/07 08:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/07 08:10:28 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/04/07 08:10:00 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\Google
[2012/04/07 08:09:52 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\Deployment
[2012/04/07 08:09:52 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\Apps
[2012/04/06 08:18:42 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{B945B5C8-8DCE-4EEB-8C2E-FA6B81FD5BC7}
[2012/04/05 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{9A3BE893-4783-4032-8947-242861FCE17B}
[2012/04/05 08:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\rokapublish
[2012/04/05 08:20:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\2058
[2012/04/05 07:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012/04/05 07:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SpinTop Games
[2012/04/03 09:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shank
[2012/04/03 08:44:41 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Roaming\iWin
[2012/04/03 08:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\cerasus.media
[2012/04/03 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Roaming\cerasus.media
[2012/04/03 08:18:54 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{6B07E7AF-32FE-424F-B51A-33D95AF7939B}
[2012/04/02 12:05:13 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/02 09:47:57 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{1B81ACAE-7D14-4ED0-A007-9F9F96C25063}
[2012/03/28 17:26:40 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{F7FECA38-2209-4799-AD71-E2660CE11A1F}
[2012/03/28 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{BF172CB1-D39B-4DBD-A768-E6032184B47F}
[2012/03/24 20:08:53 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Roaming\dvdcss
[2012/03/24 08:40:49 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{D3F3F98C-8D79-4B1C-8934-BC59E15D1A3E}
[2012/03/24 08:40:38 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{F2EBD9A8-389E-42ED-B159-E4BDD1E41210}
[2012/03/22 21:27:23 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{03335C97-2A80-4FA3-B8C5-8782E2C2A09B}
[2012/03/22 21:27:12 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{DFB69BAF-3D79-41B1-A946-2A949C79694E}
[2012/03/20 20:22:46 | 000,691,896 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012/03/20 09:41:58 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{F2A77725-874B-4F5E-9977-D41E8EF51FEE}
[2012/03/20 09:41:47 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{4D6ACA75-4329-47FF-93D0-7EA17939DEFE}
[2012/03/18 11:35:33 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{9782D1D2-2BE4-49BE-8162-421A7071D500}
[2012/03/18 11:35:22 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{8E229553-DE0F-4E2C-BEA9-49FC99D05652}
[2012/03/15 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{00F6A2D3-6593-4F98-97F9-25452790595E}
[2012/03/15 21:20:03 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{F17D0A77-00D7-467A-A2C9-56281A014168}
[2012/03/14 07:55:31 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 07:54:57 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 07:54:57 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 07:54:57 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 07:54:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 07:54:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 13:25:10 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{3977358D-88E7-4839-A348-287189502A96}
[2012/03/13 13:24:59 | 000,000,000 | ---D | C] -- C:\Users\Savage\AppData\Local\{85886D16-2547-432E-95DE-03A4F2165C70}
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/11 18:07:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Savage\Desktop\OTL.exe
[2012/04/11 17:43:38 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 17:43:38 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 17:40:45 | 000,739,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/11 17:40:45 | 000,637,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/11 17:40:45 | 000,114,624 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/11 17:36:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 17:36:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/11 17:36:04 | 535,629,823 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 08:15:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000UA.job
[2012/04/11 08:15:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000Core.job
[2012/04/11 06:58:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/10 14:45:20 | 000,000,971 | ---- | M] () -- C:\Users\Savage\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/10 12:18:39 | 000,001,447 | ---- | M] () -- C:\Users\Savage\Desktop\Internet Explorer (2).lnk
[2012/04/10 10:16:17 | 000,002,407 | ---- | M] () -- C:\Users\Savage\Desktop\Google Chrome.lnk
[2012/04/09 19:22:25 | 000,001,189 | ---- | M] () -- C:\Users\Savage\AppData\Roaming\vso_ts_preview.xml
[2012/04/09 15:56:02 | 004,453,897 | R--- | M] (Swearware) -- C:\Users\Savage\Desktop\ComboFix.exe
[2012/04/09 14:54:22 | 000,205,698 | ---- | M] () -- C:\ProgramData\1333979474.bdinstall.bin
[2012/04/09 14:54:07 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2012/04/09 14:54:02 | 000,000,270 | -H-- | M] () -- C:\bdr-conf
[2012/04/09 14:53:56 | 001,941,485 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/09 14:53:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/04/09 14:53:52 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2012.lnk
[2012/04/09 13:24:55 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2012/04/09 13:10:02 | 000,010,056 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/04/09 11:41:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/09 11:32:20 | 000,748,566 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/09 11:24:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/09 09:26:58 | 000,000,000 | ---- | M] () -- C:\Users\Savage\defogger_reenable
[2012/04/08 19:57:12 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/04/08 19:57:12 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/04/08 19:57:12 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/08 19:57:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/04/08 19:57:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/04/08 19:57:12 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/08 19:57:11 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/04/08 19:57:11 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/04/08 19:57:11 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/08 19:57:11 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/04/08 19:57:11 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/04/08 19:57:11 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/08 19:57:11 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/04/08 19:57:11 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/04/08 19:57:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/08 19:57:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/08 19:57:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/08 19:57:11 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/04/08 19:57:11 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/04/08 19:57:11 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/04/08 19:57:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/04/08 19:57:11 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/08 19:57:11 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/08 19:57:10 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/04/08 19:57:10 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/04/08 19:57:10 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/04/08 19:57:10 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/04/08 19:57:10 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/08 19:57:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/04/08 19:57:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/04/08 19:57:10 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/04/08 19:57:10 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/08 19:57:10 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/08 19:57:10 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/08 19:57:10 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/04/08 19:57:10 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/08 19:57:10 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/04/08 19:57:10 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/08 19:57:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/04/08 19:57:10 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/04/08 19:57:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/04/08 19:57:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/04/08 19:57:10 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/04/08 19:57:10 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/04/08 19:57:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/04/08 19:57:10 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/04/08 19:57:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/08 19:57:09 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/04/08 19:57:09 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/08 19:57:09 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/04/08 19:57:09 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/04/08 19:57:09 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/04/08 19:57:09 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/08 19:57:09 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/04/08 19:57:09 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/04/08 19:57:09 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/04/08 19:57:09 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/04/08 19:57:09 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/08 19:57:09 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/08 19:57:09 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/04/08 19:57:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/08 19:57:09 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/08 19:57:09 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/08 16:40:53 | 000,853,088 | ---- | M] () -- C:\Users\Savage\AppData\Local\census.cache
[2012/04/08 16:40:45 | 000,115,326 | ---- | M] () -- C:\Users\Savage\AppData\Local\ars.cache
[2012/04/08 16:35:38 | 000,000,036 | ---- | M] () -- C:\Users\Savage\AppData\Local\housecall.guid.cache
[2012/04/05 18:31:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/04/03 09:49:49 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/04/03 09:49:49 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/04/03 09:49:49 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/04/03 09:49:49 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/04/03 09:49:22 | 000,000,505 | ---- | M] () -- C:\Users\Savage\Desktop\Shank.lnk
[2012/04/02 12:05:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/02 12:05:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/01 17:18:43 | 000,000,847 | ---- | M] () -- C:\Users\Savage\Desktop\Shank 2.lnk
[2012/03/30 09:28:20 | 000,037,944 | ---- | M] () -- C:\Users\Savage\Desktop\[kat.ph]super.street.fighter.iv.arcade.edition.skidrow.torrent
[2012/03/29 16:21:24 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/29 16:21:24 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/29 16:21:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/03/28 10:03:20 | 000,000,870 | ---- | M] () -- C:\Users\Savage\Desktop\Rayman Origins.lnk
[2012/03/20 20:22:46 | 000,691,896 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012/03/14 17:54:05 | 000,291,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 14:45:20 | 000,000,971 | ---- | C] () -- C:\Users\Savage\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/10 12:18:39 | 000,001,447 | ---- | C] () -- C:\Users\Savage\Desktop\Internet Explorer (2).lnk
[2012/04/09 16:06:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/09 16:06:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/09 16:06:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/09 16:06:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/09 16:06:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/09 14:54:22 | 000,205,698 | ---- | C] () -- C:\ProgramData\1333979474.bdinstall.bin
[2012/04/09 14:54:07 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2012/04/09 14:54:02 | 036,942,680 | -H-- | C] () -- C:\bdrescue.gz
[2012/04/09 14:54:02 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm
[2012/04/09 14:54:02 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2012/04/09 14:54:02 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
[2012/04/09 14:54:02 | 000,000,270 | -H-- | C] () -- C:\bdr-conf
[2012/04/09 14:53:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/04/09 14:53:52 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2012.lnk
[2012/04/09 13:24:51 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2012/04/09 11:53:20 | 000,010,056 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/04/09 11:32:24 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/09 10:59:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/04/09 10:32:28 | 001,941,485 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/09 09:26:58 | 000,000,000 | ---- | C] () -- C:\Users\Savage\defogger_reenable
[2012/04/08 19:57:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/04/08 19:57:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/04/08 16:40:53 | 000,853,088 | ---- | C] () -- C:\Users\Savage\AppData\Local\census.cache
[2012/04/08 16:40:45 | 000,115,326 | ---- | C] () -- C:\Users\Savage\AppData\Local\ars.cache
[2012/04/08 16:35:38 | 000,000,036 | ---- | C] () -- C:\Users\Savage\AppData\Local\housecall.guid.cache
[2012/04/07 08:10:28 | 000,002,407 | ---- | C] () -- C:\Users\Savage\Desktop\Google Chrome.lnk
[2012/04/07 08:10:02 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000UA.job
[2012/04/07 08:10:02 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2608702294-3157462213-4233021008-1000Core.job
[2012/04/05 08:20:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/04/03 09:49:22 | 000,000,505 | ---- | C] () -- C:\Users\Savage\Desktop\Shank.lnk
[2012/04/02 12:05:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/01 17:18:43 | 000,000,847 | ---- | C] () -- C:\Users\Savage\Desktop\Shank 2.lnk
[2012/03/30 09:30:03 | 000,037,944 | ---- | C] () -- C:\Users\Savage\Desktop\[kat.ph]super.street.fighter.iv.arcade.edition.skidrow.torrent
[2012/03/28 10:03:20 | 000,000,870 | ---- | C] () -- C:\Users\Savage\Desktop\Rayman Origins.lnk
[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/09 21:05:44 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\nvStreaminng.exe
[2012/01/10 18:23:31 | 000,000,288 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\.backup.dm
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\86a76453
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\864b162f
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\85d68cc8
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\85886415
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\8537d35f
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\8434fc17
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\83c43307
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\82b96b39
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\826347e8
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\7d01168e
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\7cb18a0f
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\7c593df9
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\7c0a001f
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\7b895713
[2011/06/06 09:54:09 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\7b0e6820
[2011/06/05 11:39:08 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\95e46911
[2011/06/05 11:39:08 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\9568fcbc
[2011/06/05 11:38:58 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\ff1ae152
[2011/06/05 11:38:58 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\febbac0a
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\6111db66
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\60bbe7c3
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\6043b000
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\5ff2fcb1
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\5f9d7358
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\5ebfd317
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\5e4e5803
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\5d262a4b
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\5ccc0682
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\58466393
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\57ef3a77
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\579cc24e
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\5749fcfe
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\56cd3988
[2011/06/05 11:38:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\565b7965
[2011/06/05 11:33:26 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\185cb22b
[2011/06/05 11:33:26 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\180c6087
[2011/06/05 11:33:26 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\1752a143
[2011/06/05 11:33:26 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\16c753cd
[2011/06/05 11:32:52 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\1e4b8d25
[2011/06/05 11:32:52 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\1deb5ec7
[2011/06/05 11:32:48 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\e87846e8
[2011/06/05 11:32:48 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\e8050fc7
[2011/06/05 11:31:32 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\8eef0ac
[2011/06/05 11:30:59 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\1689fb5f
[2011/06/05 11:30:59 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\16296030
[2011/06/05 11:30:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\35173509
[2011/06/05 11:30:54 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\3498c4e2
[2011/06/05 11:22:50 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a32fa7a8
[2011/06/05 11:22:50 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a2dea522
[2011/06/05 11:22:50 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a260a8e4
[2011/06/05 11:22:50 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a1ccf0e7
[2011/06/05 11:21:08 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\705f8d05
[2011/06/05 11:21:08 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\6fe4c852
[2011/06/05 11:20:59 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\d5ed9cce
[2011/06/05 11:20:59 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\d5704338
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a8652a58
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a812ea07
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a79be0a2
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a74c07b2
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a6f9e3c7
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a60595b9
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a580e07a
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a4356817
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\a3e17648
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\99ffd9a9
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\99b13faa
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\9957137a
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\99073513
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\989453e3
[2011/06/05 11:17:00 | 000,004,638 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\98323cfd
[2011/04/15 15:40:55 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/04/14 17:12:48 | 000,000,094 | ---- | C] () -- C:\Users\Savage\AppData\Local\fusioncache.dat
[2011/04/14 17:10:41 | 000,748,566 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/14 17:09:31 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/14 17:09:30 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/04/14 17:09:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/05 17:46:34 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/12/05 17:46:34 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/12/05 17:46:34 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/12/05 17:46:34 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/12/05 17:46:34 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/12/05 17:46:34 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/12/05 17:46:34 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/12/05 17:46:34 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/12/05 17:46:34 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/12/05 17:46:34 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/12/05 17:46:34 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/12/05 17:46:34 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/12/05 17:46:34 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/12/05 17:46:34 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/12/05 17:46:34 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/12/05 17:46:34 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/12/05 17:46:34 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/12/05 17:46:34 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/12/05 17:46:34 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/12/03 21:25:35 | 000,001,189 | ---- | C] () -- C:\Users\Savage\AppData\Roaming\vso_ts_preview.xml
[2010/12/01 17:14:58 | 000,000,079 | ---- | C] () -- C:\Users\Savage\AppData\Local\CrystalDiskMark30.ini
[2010/12/01 16:52:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:B1967253
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:981884E7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users