Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win64/Sirefef.B

Started by n8h79n , Apr 24 2012 10:03 PM

  • This topic is locked This topic is locked
19 replies to this topic

#1 n8h79n

n8h79n

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Queensland, Australia

Posted 24 April 2012 - 10:03 PM

Microsoft Security Essentials(which is only thing that picks it up) detected Trojan:Win64/Sirefef.B at C:\Windows\system32\consrv.dll but each time it says it removed or it says not found and it just keeps coming back haven't tried anything else to remove and also haven't noticed much change in way of performance or operation of the computer.

 

  • BC Ads
  • BleepingComputer.com

#2 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,575 posts
  • Gender:Male
  • Location:Puerto rico

Posted 25 April 2012 - 12:10 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#3 n8h79n

n8h79n

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Queensland, Australia

Posted 25 April 2012 - 11:07 AM

Oh quick reply i see, sorry wasn't on to answer sooner, computers still running fine as far as i know.


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Hard Reset
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 25
Java™ 6 Update 31
Java version out of date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox (4.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Kaspersky Lab Kaspersky PURE avp.exe
``````````End of Log````````````




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Nathan at 1:56:10 on 2012-04-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4055.2403 [GMT 10:00]
.
AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [Google Update] "C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [<NO NAME>]
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [TaskTray]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Nathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERA~1.LNK - C:\Users\Nathan\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E7E8F5B7-F5F3-4B5C-8105-27451A508C55} : DhcpNameServer = 10.0.0.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - No File
mRun-x64: [(Default)]
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [TaskTray]
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.ftp - 113.192.1.99
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 113.192.1.99
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 113.192.1.99
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 113.192.1.99
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 113.192.1.99
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency.dll
FF - component: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.5.dll
FF - component: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\components\dtTransparency3.6.dll
FF - component: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Nathan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nathan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\extensions\npretoxlive@live.heroesandgenerals.com\plugins\npretoxlive.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - a1fe758d-f774-4565-87c6-3ffc6e6b8911
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-3-4 8704]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\system32\DRIVERS\CSCrySec.sys --> C:\Windows\system32\DRIVERS\CSCrySec.sys [?]
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys --> C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 MpKslf55f38d3;MpKslf55f38d3;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD2F2C7F-E272-4131-8485-A8C0D12FA58B}\MpKslf55f38d3.sys [2012-4-25 35664]
R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-4-21 107848]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-19 13592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-20 654408]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-10-4 375872]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-10-4 454208]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys --> C:\Windows\system32\DRIVERS\AVer7231_x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253088]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-12-18 131912]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2011-10-4 621632]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-25 02:45:43 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD2F2C7F-E272-4131-8485-A8C0D12FA58B}\MpKslf55f38d3.sys
2012-04-25 02:33:09 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD2F2C7F-E272-4131-8485-A8C0D12FA58B}\offreg.dll
2012-04-25 02:31:26 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD2F2C7F-E272-4131-8485-A8C0D12FA58B}\mpengine.dll
2012-04-25 02:31:13 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-25 02:23:20 -------- d-----w- C:\Users\Nathan\Outerra
2012-04-25 02:22:56 -------- d-----w- C:\Program Files (x86)\Outerra
2012-04-24 20:37:54 -------- d-----w- C:\Users\Nathan\AppData\Roaming\GameRanger
2012-04-24 20:20:52 -------- d-----w- C:\Program Files (x86)\Ground Control II
2012-04-24 20:19:23 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-04-24 20:19:23 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-04-24 20:19:23 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-04-24 20:19:23 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-04-24 20:19:22 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-04-24 20:19:16 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-04-24 20:19:15 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-04-21 00:43:16 -------- d-----w- C:\Program Files\CCleaner
2012-04-21 00:18:54 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-04-20 22:09:05 -------- d-----w- C:\Program Files\HitmanPro
2012-04-20 22:08:37 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-20 22:01:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-20 21:20:44 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
2012-04-20 21:20:43 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2012-04-20 21:20:43 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2012-04-20 21:20:43 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
2012-04-20 21:20:42 -------- d-----w- C:\Program Files\Prevx
2012-04-20 21:20:06 -------- d-----w- C:\ProgramData\PrevxCSI
2012-04-20 07:39:45 -------- d-----w- C:\Users\Nathan\AppData\Roaming\Malwarebytes
2012-04-20 07:39:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-20 07:39:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-20 07:39:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-15 05:07:14 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 09:50:30 0 ----a-w- C:\Windows\SysWow64\sho6A08.tmp
2012-04-12 16:27:22 -------- d-----w- C:\Program Files (x86)\GOG.com
2012-04-11 09:39:18 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-11 09:39:06 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-11 09:36:35 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-04-11 09:36:17 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-04-11 09:35:11 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-04-11 09:34:53 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-04-11 09:34:41 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-04-11 09:33:41 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-04-11 09:32:35 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-04-11 09:32:23 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-04-11 09:31:53 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-04-11 09:31:34 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-04-11 09:30:40 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 09:30:22 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-11 09:23:33 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 09:23:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 09:22:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 09:09:40 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 09:09:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 09:09:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 09:03:16 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 09:02:52 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 09:02:46 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 09:02:40 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-09 06:14:20 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-07 03:05:08 0 ----a-w- C:\Windows\SysWow64\shoECEF.tmp
2012-04-05 14:35:20 -------- d-----w- C:\Users\Nathan\AppData\Local\Ironclad Games
2012-04-05 14:34:42 -------- d-----w- C:\ProgramData\Ironclad Games
2012-04-05 08:28:42 -------- d-----w- C:\ProgramData\FAForever
2012-04-05 01:28:10 0 ----a-w- C:\Windows\SysWow64\sho6F00.tmp
2012-04-03 21:00:27 0 ----a-w- C:\Windows\SysWow64\shoD612.tmp
2012-04-03 07:35:08 0 ----a-w- C:\Windows\SysWow64\sho137E.tmp
.
==================== Find3M ====================
.
2012-04-24 21:17:06 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-04-15 06:07:38 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 10:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 10:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-18 09:53:51 0 ----a-w- C:\Windows\SysWow64\sho3986.tmp
2012-03-17 12:52:25 0 ----a-w- C:\Windows\SysWow64\sho89FB.tmp
2012-03-16 19:30:44 0 ----a-w- C:\Windows\SysWow64\sho778.tmp
2012-03-12 14:52:26 0 ----a-w- C:\Windows\SysWow64\sho6EC2.tmp
2012-03-10 02:27:04 0 ----a-w- C:\Windows\SysWow64\sho1D85.tmp
2012-03-07 01:56:07 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-03-07 01:56:07 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-03-07 01:56:06 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-03-07 01:56:06 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-03-06 18:21:02 0 ----a-w- C:\Windows\SysWow64\shoA8F9.tmp
2012-03-05 04:45:23 231440 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-03-04 18:04:34 0 ----a-w- C:\Windows\SysWow64\sho9A5A.tmp
2012-03-01 10:27:09 0 ----a-w- C:\Windows\SysWow64\sho3B8.tmp
2012-02-29 19:21:24 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-02-29 19:21:24 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-02-29 11:07:54 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-29 11:07:42 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-29 11:07:04 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-02-22 12:20:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 16:04:29 0 ----a-w- C:\Windows\SysWow64\sho679A.tmp
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-14 18:07:35 0 ----a-w- C:\Windows\SysWow64\sho5A6A.tmp
2012-02-14 12:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-14 12:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 12:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-14 12:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-14 12:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-14 12:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-14 12:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-14 12:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-12 19:06:49 0 ----a-w- C:\Windows\SysWow64\shoABBC.tmp
2012-02-11 09:28:34 0 ----a-w- C:\Windows\SysWow64\shoE5E1.tmp
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-08 21:18:57 0 ----a-w- C:\Windows\SysWow64\sho892B.tmp
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-30 20:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-30 20:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 1:57:39.77 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/01/2011 6:29:56 PM
System Uptime: 25/04/2012 10:32:55 PM (3 hours ago)
.
Motherboard: MSI | | 2A9C
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz | CPU 1 | 1988/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 274.222 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.377 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 932 GiB total, 280.92 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
RP514: 22/04/2012 9:23:22 PM - Windows Update
RP516: 24/04/2012 5:09:16 PM - Microsoft Antimalware Checkpoint
RP517: 25/04/2012 6:20:14 AM - Installed Ground Control II
RP518: 25/04/2012 6:28:24 AM - Installed XEd
RP519: 25/04/2012 12:29:53 PM - Windows Update
RP521: 25/04/2012 12:33:26 PM - Microsoft Antimalware Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.20
AC3 Decoder
AC3Filter 1.62b
Adobe AIR
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.6
Advanced Archive Password Recovery
Agatha Christie - Death on the Nile
Age of Empires Online
Alcor Micro USB Card Reader
Aliens vs. Predator
ANNO 2070
APB Reloaded
APOX
Application Profiles
ATI Catalyst Registration
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Battlefield 2142
Battlefield Play4Free
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Black Prophecy
Blackhawk Striker 2
Blasterball 3
Blockade Runner
Bus Driver
Call of Pripyat Complete v1.0.2
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.0
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Codename Panzers Cold War
Combat Arms
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes Online Launcher (THQ)
CyberLink DVD Suite Deluxe
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
DarksidersInstaller
Dead Island version 1.0
Demigod
Desura
Desura: I Shall Remain
Deus Ex Human Revolution Augmented Edition
DivX Setup
Dora's Carnival Adventure
Dota 2
Download Manager 2.3.10
Driver Genius Professional Edition
DVD Menu Pack for HP MediaSmart Video
Earth Defense Force: Insect Armageddon
Emergency 2012
Empire Earth
Escape Rosecliff Island
Evil Genius
Faerie Solitaire
FAM 1.0.0.0
FATE
Forged Alliance Forever
Fort Zombie
Free DVD Ripper Version 2.25
Free Text Pad
Freelancer
Frozen Synapse
Full Spectrum Warrior
Full Spectrum Warrior: Ten Hammers
GameRanger
GameSpy Arcade
Google Chrome
GPGNet
Ground Control II
Hard Reset
Hewlett-Packard ACLM.NET v1.1.2.0
Hi-Rez Studios Authenticate and Update Service
Hitman Collection
Homeworld2
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HydraVision
iMesh
InstallIQ Updater
Intel® Control Center
Intel® Rapid Storage Technology
Jagged Alliance - Back in Action
Java Auto Updater
Java™ 6 Update 25
Java™ 6 Update 31
Jewel Quest 3
Junk Mail filter update
Kaspersky PURE
LabelPrint
Legend of Grimrock
LightScribe System Software
LIMBO
LogMeIn Hamachi
Maelstrom
Magic ISO Maker v5.5 (build 0281)
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
Mass Effect
MediaBar
Men of War
Men of War: Assault Squad
Men of War: Vietnam
Mesh Runtime
Messenger Companion
Microsoft Application Compatibility Toolkit 5.6
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Default Manager
Microsoft Flight
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Monday Night Combat
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MusicStation
Nation Red
Nexus: The Jupiter Incident
Notrium
NVIDIA PhysX
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
OpenAL
Order of War
Origin
Outerra - Anteworld - Outerra Anteworld Demo
Pando Media Booster
Patch v4.15
PAYDAY: The Heist
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
ProtectDisc Driver, Version 11
PunkBuster Services
Ralink RT2860 Wireless LAN Card
Raptr
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Recovery Manager
RESIDENT EVIL 5
Revo Uninstaller 1.93
Section 8: Prejudice
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V - Game of the Year Edition
Silent Storm
Sins of a Solar Empire: Rebellion Beta
Sins of a Solar Empire: Trinity
Sitecom USB2.0 Network Cable CN-124
SIW version 2011.10.29
SkyDrift Demo
Skype™ 5.8
Space Pirates and Zombies
SPORE™
SPORE™ Creepy & Cute Parts Pack
Spring 0.82.7.1
Stalker Complete 2009 v1.4.4
Star Ruler
Star Trek Online
Star Wars - Battlefront II
Star Wars Galactic Battlegrounds: Saga
StarCraft II
Steam
Storm Frontline Nation
Stronghold Kingdoms
Stronghold Legends
Super MNC Invitational
Supreme Commander
Supreme Commander 2
Supreme Commander: Forged Alliance
SWAT 4
swMSM
System Requirements Lab CYRI
Terrafirma
Terraria
The Battle for Middle-earth ™ II
The Lord of the Rings FREE Trial
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 Late Night
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 World Adventures
Tribes Ascend Open Beta
Ubisoft Game Launcher
UE3Redist
UFO Afterlight
UFO:AI 2.3.1
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Virtual Families
Virtual Villagers - The Secret City
VLC media player 1.1.11
Vuze
Vuze Remote Toolbar
Warzone 2100
WCrysis
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinISO 5.3
WinRAR archiver
World of Tanks v.0.6.7
World of Warcraft
X3: Albion Prelude
XEd
Xfire (remove only)
Xvid 1.2.1 final uninstall
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
25/04/2012 10:47:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
25/04/2012 10:39:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/04/2012 1:05:09 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
25/04/2012 1:04:51 PM, Error: Service Control Manager [7022] - The Kaspersky PURE service hung on starting.
25/04/2012 1:03:01 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
25/04/2012 1:02:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
25/04/2012 1:02:59 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
25/04/2012 1:02:58 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
24/04/2012 5:00:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24/04/2012 4:58:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
23/04/2012 9:19:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
22/04/2012 9:42:39 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
22/04/2012 9:28:21 AM, Error: Service Control Manager [7031] - The CSIScanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
22/04/2012 9:24:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
22/04/2012 9:15:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
21/04/2012 8:17:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
21/04/2012 1:58:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
21/04/2012 1:57:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HitmanProScheduler service.
20/04/2012 5:28:15 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.B&threatid=2147646729 Name: Trojan:Win64/Sirefef.B ID: 2147646729 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\consrv.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Mr-HP\Nathan Process Name: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe Action: Remove Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.125.146.0, AS: 1.125.146.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8304.0, NIS: 2.0.8001.0
20/04/2012 5:28:15 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.B&threatid=2147646729 Name: Trojan:Win64/Sirefef.B ID: 2147646729 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\consrv.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: Mr-HP\Nathan Process Name: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070005 Error description: Access is denied. Signature Version: AV: 1.125.146.0, AS: 1.125.146.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8304.0, NIS: 2.0.8001.0
20/04/2012 4:57:24 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
20/04/2012 4:16:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
19/04/2012 4:43:36 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
19/04/2012 4:21:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,575 posts
  • Gender:Male
  • Location:Puerto rico

Posted 25 April 2012 - 12:29 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#5 n8h79n

n8h79n

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Queensland, Australia

Posted 26 April 2012 - 12:20 AM

"let me know of any problems you may have had" as in with running Combofix? If so then only problem was i shut down Kaspersky(making sure process was no longer running too) and Combofix said Kaspersky was still running, nothing wrong other then that. As for computer may be slow at times as well as internet but nothing wrong that i can see, if need more details then more specific questions other then a generalized "How is the computer doing now?" would be appreciated.





ComboFix 12-04-25.02 - Nathan 26/04/2012 14:11:27.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4055.2694 [GMT 10:00]
Running from: c:\users\Nathan\Desktop\ComboFix.exe
AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Nathan\AppData\Local\.#
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\weave\toFetch
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\weave\toFetch\clients.json
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\weave\toFetch\tabs.json
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 04:22 . 2012-04-26 04:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 04:22 . 2012-04-26 04:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-25 16:06 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91DA9C1C-DF01-486C-B35E-FBBFFCB71CA7}\mpengine.dll
2012-04-25 02:31 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-25 02:31 . 2012-04-25 02:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-25 02:23 . 2012-04-25 02:24 -------- d-----w- c:\users\Nathan\Outerra
2012-04-25 02:22 . 2012-04-25 02:22 -------- d-----w- c:\program files (x86)\Outerra
2012-04-24 20:37 . 2012-04-24 20:38 -------- d-----w- c:\users\Nathan\AppData\Roaming\GameRanger
2012-04-24 20:20 . 2012-04-24 20:31 -------- d-----w- c:\program files (x86)\Ground Control II
2012-04-24 20:19 . 2003-11-10 08:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-04-24 20:19 . 2003-11-10 08:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-04-24 20:19 . 2003-11-10 08:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-04-24 20:19 . 2003-11-10 08:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-04-24 20:19 . 2003-11-10 08:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-04-24 20:19 . 2012-04-24 20:19 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-04-24 20:19 . 2012-04-24 20:19 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-04-21 00:43 . 2012-04-21 00:43 -------- d-----w- c:\program files\CCleaner
2012-04-21 00:18 . 2012-04-21 00:18 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-04-20 22:09 . 2012-04-20 22:09 -------- d-----w- c:\program files\HitmanPro
2012-04-20 22:08 . 2012-04-20 22:09 -------- d-----w- c:\programdata\HitmanPro
2012-04-20 22:01 . 2012-04-20 22:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-20 21:20 . 2012-04-20 21:20 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2012-04-20 21:20 . 2012-04-20 21:20 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-04-20 21:20 . 2012-04-20 21:20 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-04-20 21:20 . 2012-04-20 21:20 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2012-04-20 21:20 . 2012-04-20 21:20 -------- d-----w- c:\program files\Prevx
2012-04-20 21:20 . 2012-04-21 21:41 -------- d-----w- c:\programdata\PrevxCSI
2012-04-20 07:39 . 2012-04-20 07:39 -------- d-----w- c:\users\Nathan\AppData\Roaming\Malwarebytes
2012-04-20 07:39 . 2012-04-20 07:39 -------- d-----w- c:\programdata\Malwarebytes
2012-04-20 07:39 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-20 07:39 . 2012-04-20 07:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-15 05:07 . 2012-04-15 06:07 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 09:50 . 2012-04-14 09:50 0 ----a-w- c:\windows\SysWow64\sho6A08.tmp
2012-04-12 16:27 . 2012-04-12 16:27 -------- d-----w- c:\program files (x86)\GOG.com
2012-04-11 09:39 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 09:39 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-11 09:36 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-11 09:36 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 09:35 . 2012-02-28 06:47 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-11 09:34 . 2012-02-28 01:08 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-04-11 09:34 . 2012-02-28 06:56 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-11 09:33 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-04-11 09:32 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-04-11 09:32 . 2012-02-28 06:48 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-11 09:31 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-11 09:31 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 09:30 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 09:30 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 09:23 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 09:23 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 09:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 09:09 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 09:09 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 09:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 09:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 09:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 09:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 09:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 06:14 . 2012-04-15 06:07 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-07 03:05 . 2012-04-07 03:05 0 ----a-w- c:\windows\SysWow64\shoECEF.tmp
2012-04-05 14:35 . 2012-04-05 14:35 -------- d-----w- c:\users\Nathan\AppData\Local\Ironclad Games
2012-04-05 14:34 . 2012-04-05 14:34 -------- d-----w- c:\programdata\Ironclad Games
2012-04-05 08:28 . 2012-04-11 12:24 -------- d-----w- c:\programdata\FAForever
2012-04-05 01:28 . 2012-04-05 01:28 0 ----a-w- c:\windows\SysWow64\sho6F00.tmp
2012-04-03 21:00 . 2012-04-03 21:00 0 ----a-w- c:\windows\SysWow64\shoD612.tmp
2012-04-03 07:35 . 2012-04-03 07:35 0 ----a-w- c:\windows\SysWow64\sho137E.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 21:17 . 2011-08-12 03:03 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-04-15 06:07 . 2011-05-19 14:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 10:44 . 2011-04-27 05:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 10:44 . 2011-04-18 03:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 09:53 . 2012-03-18 09:53 0 ----a-w- c:\windows\SysWow64\sho3986.tmp
2012-03-17 12:52 . 2012-03-17 12:52 0 ----a-w- c:\windows\SysWow64\sho89FB.tmp
2012-03-16 19:30 . 2012-03-16 19:30 0 ----a-w- c:\windows\SysWow64\sho778.tmp
2012-03-12 14:52 . 2012-03-12 14:52 0 ----a-w- c:\windows\SysWow64\sho6EC2.tmp
2012-03-10 02:27 . 2012-03-10 02:27 0 ----a-w- c:\windows\SysWow64\sho1D85.tmp
2012-03-07 01:56 . 2012-03-07 01:56 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-07 01:56 . 2011-01-09 12:48 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-07 01:56 . 2012-03-06 21:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-07 01:56 . 2011-01-09 12:48 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-06 18:21 . 2012-03-06 18:21 0 ----a-w- c:\windows\SysWow64\shoA8F9.tmp
2012-03-05 04:45 . 2012-03-05 04:46 231440 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-03-04 18:04 . 2012-03-04 18:04 0 ----a-w- c:\windows\SysWow64\sho9A5A.tmp
2012-03-01 10:27 . 2012-03-01 10:27 0 ----a-w- c:\windows\SysWow64\sho3B8.tmp
2012-02-29 19:21 . 2012-02-29 19:21 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-02-29 19:21 . 2012-02-29 19:21 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-02-29 11:07 . 2011-01-10 13:59 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-29 11:07 . 2011-01-10 13:59 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-29 11:07 . 2012-02-29 11:07 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-02-22 12:20 . 2011-01-12 17:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 04:25 . 2011-01-08 10:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-20 04:24 . 2011-01-08 10:27 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-17 16:04 . 2012-02-17 16:04 0 ----a-w- c:\windows\SysWow64\sho679A.tmp
2012-02-17 06:38 . 2012-03-13 23:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-14 18:07 . 2012-02-14 18:07 0 ----a-w- c:\windows\SysWow64\sho5A6A.tmp
2012-02-14 12:05 . 2012-02-14 12:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 12:05 . 2012-02-14 12:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 12:05 . 2012-02-14 12:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 12:05 . 2012-02-14 12:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 12:05 . 2012-02-14 12:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 12:04 . 2012-02-14 12:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 12:03 . 2012-02-14 12:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 12:03 . 2012-02-14 12:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-12 19:06 . 2012-02-12 19:06 0 ----a-w- c:\windows\SysWow64\shoABBC.tmp
2012-02-11 09:28 . 2012-02-11 09:28 0 ----a-w- c:\windows\SysWow64\shoE5E1.tmp
2012-02-10 10:09 . 2012-02-10 10:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20A3B893-9F18-43A1-B855-D2F4CAF6A259}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 23:27 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:26 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 21:18 . 2012-02-08 21:18 0 ----a-w- c:\windows\SysWow64\sho892B.tmp
2012-02-03 04:34 . 2012-03-13 23:16 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-03-08 02:49 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 20:02 . 2012-01-30 20:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-30 20:00 . 2012-01-30 20:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-30 08:18 . 2011-03-17 05:55 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-01-30 08:18 . 2011-03-17 05:55 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 12:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2012-04-16 53168]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-01 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-03-09 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-08-23 284440]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
.
c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Nathan\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2012-3-25 1273568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2011-10-4 12909928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 hnwpxnke;hnwpxnke;c:\windows\system32\drivers\hnwpxnke.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 ALSysIO;ALSysIO;c:\users\Nathan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-12-18 131912]
R3 dump_wmimmc;dump_wmimmc;k:\nathan- pc\Installed Games\GenesisAD\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [2011-03-04 621632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-04-20 107848]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-08-23 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2011-03-31 454208]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO35
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 06:07]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3387036327-894707209-3877738219-1000Core.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 11:32]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3387036327-894707209-3877738219-1000UA.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 11:32]
.
2012-04-15 c:\windows\Tasks\HPCeeScheduleForNathan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 12:15]
.
2012-04-20 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 12:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.ftp - 113.192.1.99
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 113.192.1.99
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 113.192.1.99
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 113.192.1.99
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 113.192.1.99
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - a1fe758d-f774-4565-87c6-3ffc6e6b8911
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TaskTray - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1 - k:\nathan- pc\Installed Games\World_of_Tanks 6.7\unins000.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3387036327-894707209-3877738219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3387036327-894707209-3877738219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3387036327-894707209-3877738219-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b8,1a,24,b4,6f,9e,ca,5c,89,fc,b0,c2,a2,36,e9,be,64,e3,14,03,64,ea,7e,
59,ec,57,2d,fd,a6,f7,ba,b1,c5,d8,69,41,2c,6c,23,58,7b,a9,56,cd,72,6e,72,d1,\
"??"=hex:a1,53,c8,78,30,e1,ac,65,e1,a8,0d,5f,dc,3e,fc,c2
.
[HKEY_USERS\S-1-5-21-3387036327-894707209-3877738219-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,05,8f,76,88,46,7f,de,3f,f5,63,fb,a5,9a,85,ab,9d,ac,8a,e0,c1,
1e,c4,00,37,c4,4b,87,29,47,c7,a6,9e,38,12,bf,aa,e4,9c,30,11,2b,1a,cb,e7,11,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\USER\S-1-5-21-3387036327-894707209-3877738219-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,8a,be,04,dc,70,4b,78,39,fc,8d,47,b6,a4,58,19,96,ec,98,c4,70,
3b,27,1e,91,08,93,47,c0,e5,48,fe,70,14,0e,20,39,fb,92,76,50,fe,76,f2,da,17,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\progra~2\Raptr\raptr.exe
c:\progra~2\Raptr\raptr_im.exe
.
**************************************************************************
.
Completion time: 2012-04-26 14:32:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 04:32
.
Pre-Run: 291,532,152,832 bytes free
Post-Run: 291,427,344,384 bytes free
.
- - End Of File - - 523BD8E5D1E3E86E1F632CAF9A5569BE

#6 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,575 posts
  • Gender:Male
  • Location:Puerto rico

Posted 26 April 2012 - 06:21 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#7 n8h79n

n8h79n

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Queensland, Australia

Posted 27 April 2012 - 06:53 AM

20:37:55.0006 5936 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:37:55.0882 5936 ============================================================
20:37:55.0882 5936 Current date / time: 2012/04/27 20:37:55.0882
20:37:55.0882 5936 SystemInfo:
20:37:55.0882 5936
20:37:55.0882 5936 OS Version: 6.1.7601 ServicePack: 1.0
20:37:55.0882 5936 Product type: Workstation
20:37:55.0882 5936 ComputerName: MR-HP
20:37:55.0882 5936 UserName: Nathan
20:37:55.0882 5936 Windows directory: C:\Windows
20:37:55.0882 5936 System windows directory: C:\Windows
20:37:55.0882 5936 Running under WOW64
20:37:55.0882 5936 Processor architecture: Intel x64
20:37:55.0882 5936 Number of processors: 4
20:37:55.0882 5936 Page size: 0x1000
20:37:55.0883 5936 Boot type: Normal boot
20:37:55.0883 5936 ============================================================
20:37:56.0646 5936 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:37:57.0224 5936 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:37:57.0248 5936 ============================================================
20:37:57.0248 5936 \Device\Harddisk0\DR0:
20:37:57.0262 5936 MBR partitions:
20:37:57.0262 5936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:37:57.0262 5936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73037800
20:37:57.0262 5936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7306A000, BlocksNum 0x169C000
20:37:57.0262 5936 \Device\Harddisk1\DR1:
20:37:57.0263 5936 MBR partitions:
20:37:57.0263 5936 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
20:37:57.0263 5936 ============================================================
20:37:57.0339 5936 C: <-> \Device\Harddisk0\DR0\Partition1
20:37:57.0449 5936 D: <-> \Device\Harddisk0\DR0\Partition2
20:37:57.0474 5936 K: <-> \Device\Harddisk1\DR1\Partition0
20:37:57.0475 5936 ============================================================
20:37:57.0475 5936 Initialize success
20:37:57.0475 5936 ============================================================
20:38:04.0927 2084 ============================================================
20:38:04.0927 2084 Scan started
20:38:04.0927 2084 Mode: Manual;
20:38:04.0927 2084 ============================================================
20:38:05.0290 2084 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:38:05.0295 2084 1394ohci - ok
20:38:05.0359 2084 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
20:38:05.0368 2084 acedrv11 - ok
20:38:05.0408 2084 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:38:05.0412 2084 ACPI - ok
20:38:05.0420 2084 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:38:05.0425 2084 AcpiPmi - ok
20:38:05.0540 2084 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:38:05.0543 2084 AdobeFlashPlayerUpdateSvc - ok
20:38:05.0584 2084 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:38:05.0612 2084 adp94xx - ok
20:38:05.0649 2084 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:38:05.0669 2084 adpahci - ok
20:38:05.0703 2084 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:38:05.0721 2084 adpu320 - ok
20:38:05.0748 2084 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:38:05.0749 2084 AeLookupSvc - ok
20:38:05.0814 2084 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:38:05.0855 2084 AFD - ok
20:38:05.0884 2084 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:38:05.0887 2084 agp440 - ok
20:38:05.0906 2084 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:38:05.0907 2084 ALG - ok
20:38:05.0917 2084 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:38:05.0920 2084 aliide - ok
20:38:06.0043 2084 ALSysIO - ok
20:38:06.0103 2084 AMD External Events Utility (a592ca3ec9a5af7f74d5169d556b976f) C:\Windows\system32\atiesrxx.exe
20:38:06.0107 2084 AMD External Events Utility - ok
20:38:06.0127 2084 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:38:06.0133 2084 amdide - ok
20:38:06.0147 2084 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:38:06.0183 2084 AmdK8 - ok
20:38:06.0516 2084 amdkmdag (1512ceedc3657082f396a0818528b5e8) C:\Windows\system32\DRIVERS\atikmdag.sys
20:38:06.0674 2084 amdkmdag - ok
20:38:06.0730 2084 amdkmdap (3d00276750e2d6f35228e12868cf1a46) C:\Windows\system32\DRIVERS\atikmpag.sys
20:38:06.0734 2084 amdkmdap - ok
20:38:06.0744 2084 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:38:06.0766 2084 AmdPPM - ok
20:38:06.0804 2084 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:38:06.0814 2084 amdsata - ok
20:38:06.0859 2084 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:38:06.0898 2084 amdsbs - ok
20:38:06.0924 2084 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:38:06.0925 2084 amdxata - ok
20:38:06.0975 2084 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:38:06.0984 2084 AppID - ok
20:38:07.0005 2084 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:38:07.0020 2084 AppIDSvc - ok
20:38:07.0054 2084 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:38:07.0056 2084 Appinfo - ok
20:38:07.0098 2084 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:38:07.0136 2084 arc - ok
20:38:07.0160 2084 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:38:07.0182 2084 arcsas - ok
20:38:07.0214 2084 ASPI - ok
20:38:07.0302 2084 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:38:07.0386 2084 aspnet_state - ok
20:38:07.0424 2084 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:38:07.0441 2084 AsyncMac - ok
20:38:07.0465 2084 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:38:07.0468 2084 atapi - ok
20:38:07.0550 2084 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
20:38:07.0591 2084 AtiHDAudioService - ok
20:38:07.0622 2084 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
20:38:07.0629 2084 AtiHdmiService - ok
20:38:07.0663 2084 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
20:38:07.0668 2084 atksgt - ok
20:38:07.0716 2084 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:38:07.0724 2084 AudioEndpointBuilder - ok
20:38:07.0731 2084 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:38:07.0735 2084 AudioSrv - ok
20:38:07.0813 2084 AVer7231_x64 (691b21a44a472b46ce7dc12bdfff7c87) C:\Windows\system32\DRIVERS\AVer7231_x64.sys
20:38:07.0852 2084 AVer7231_x64 - ok
20:38:07.0942 2084 AVP (a2b790f9a751f24f17967f9a5574186d) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
20:38:07.0945 2084 AVP - ok
20:38:08.0023 2084 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:38:08.0034 2084 AxInstSV - ok
20:38:08.0111 2084 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:38:08.0158 2084 b06bdrv - ok
20:38:08.0205 2084 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:38:08.0218 2084 b57nd60a - ok
20:38:08.0253 2084 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:38:08.0265 2084 BDESVC - ok
20:38:08.0278 2084 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:38:08.0290 2084 Beep - ok
20:38:08.0362 2084 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:38:08.0370 2084 BFE - ok
20:38:08.0422 2084 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:38:08.0433 2084 BITS - ok
20:38:08.0461 2084 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:38:08.0491 2084 blbdrive - ok
20:38:08.0529 2084 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:38:08.0530 2084 bowser - ok
20:38:08.0594 2084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:38:08.0634 2084 BrFiltLo - ok
20:38:08.0665 2084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:38:08.0683 2084 BrFiltUp - ok
20:38:08.0706 2084 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:38:08.0713 2084 Bridge - ok
20:38:08.0722 2084 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:38:08.0722 2084 BridgeMP - ok
20:38:08.0758 2084 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:38:08.0760 2084 Browser - ok
20:38:08.0775 2084 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:38:08.0795 2084 Brserid - ok
20:38:08.0818 2084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:38:08.0837 2084 BrSerWdm - ok
20:38:08.0840 2084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:38:08.0858 2084 BrUsbMdm - ok
20:38:08.0871 2084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:38:08.0889 2084 BrUsbSer - ok
20:38:08.0902 2084 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:38:08.0920 2084 BTHMODEM - ok
20:38:08.0941 2084 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:38:08.0948 2084 bthserv - ok
20:38:08.0978 2084 catchme - ok
20:38:08.0999 2084 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:38:09.0000 2084 cdfs - ok
20:38:09.0035 2084 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:38:09.0039 2084 cdrom - ok
20:38:09.0066 2084 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:38:09.0067 2084 CertPropSvc - ok
20:38:09.0081 2084 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:38:09.0111 2084 circlass - ok
20:38:09.0133 2084 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:38:09.0136 2084 CLFS - ok
20:38:09.0204 2084 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:09.0216 2084 clr_optimization_v2.0.50727_32 - ok
20:38:09.0247 2084 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:38:09.0258 2084 clr_optimization_v2.0.50727_64 - ok
20:38:09.0323 2084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:09.0421 2084 clr_optimization_v4.0.30319_32 - ok
20:38:09.0456 2084 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:38:09.0501 2084 clr_optimization_v4.0.30319_64 - ok
20:38:09.0528 2084 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:38:09.0545 2084 CmBatt - ok
20:38:09.0574 2084 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:38:09.0576 2084 cmdide - ok
20:38:09.0747 2084 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:38:09.0754 2084 CNG - ok
20:38:09.0761 2084 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:38:09.0790 2084 Compbatt - ok
20:38:09.0833 2084 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:38:09.0836 2084 CompositeBus - ok
20:38:09.0848 2084 COMSysApp - ok
20:38:09.0907 2084 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:38:09.0929 2084 crcdisk - ok
20:38:09.0966 2084 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:38:09.0968 2084 CryptSvc - ok
20:38:10.0020 2084 CSCrySec (ab1201f8de199e764da9a32abf71049c) C:\Windows\system32\DRIVERS\CSCrySec.sys
20:38:10.0022 2084 CSCrySec - ok
20:38:10.0123 2084 CSObjectsSrv (6e5b42219f1fe4a3d087d9d501e343d5) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
20:38:10.0129 2084 CSObjectsSrv - ok
20:38:10.0206 2084 CSVirtualDiskDrv (a6eed705bb510fa6b0f9f097165a3395) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
20:38:10.0226 2084 CSVirtualDiskDrv - ok
20:38:10.0323 2084 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:38:10.0331 2084 cvhsvc - ok
20:38:10.0337 2084 CXCIR (7d8451566fe3d9332e79751e58ec2ee0) C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys
20:38:10.0384 2084 CXCIR - ok
20:38:10.0421 2084 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:38:10.0427 2084 DcomLaunch - ok
20:38:10.0467 2084 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:38:10.0471 2084 defragsvc - ok
20:38:10.0536 2084 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
20:38:10.0548 2084 Desura Install Service - ok
20:38:10.0582 2084 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:38:10.0583 2084 DfsC - ok
20:38:10.0622 2084 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:38:10.0627 2084 Dhcp - ok
20:38:10.0663 2084 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:38:10.0677 2084 discache - ok
20:38:10.0822 2084 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:38:10.0830 2084 Disk - ok
20:38:10.0876 2084 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:38:10.0879 2084 Dnscache - ok
20:38:10.0909 2084 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:38:10.0918 2084 dot3svc - ok
20:38:10.0961 2084 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:38:10.0964 2084 DPS - ok
20:38:10.0975 2084 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:38:10.0988 2084 drmkaud - ok
20:38:11.0059 2084 dump_wmimmc - ok
20:38:11.0124 2084 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:38:11.0145 2084 DXGKrnl - ok
20:38:11.0169 2084 EagleX64 - ok
20:38:11.0207 2084 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:38:11.0209 2084 EapHost - ok
20:38:11.0296 2084 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:38:11.0396 2084 ebdrv - ok
20:38:11.0490 2084 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:38:11.0493 2084 EFS - ok
20:38:11.0544 2084 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:38:11.0551 2084 ehRecvr - ok
20:38:11.0581 2084 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:38:11.0588 2084 ehSched - ok
20:38:11.0640 2084 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:38:11.0672 2084 elxstor - ok
20:38:11.0701 2084 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:38:11.0704 2084 ErrDev - ok
20:38:11.0740 2084 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:38:11.0744 2084 EventSystem - ok
20:38:11.0781 2084 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:38:11.0790 2084 exfat - ok
20:38:11.0809 2084 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:38:11.0819 2084 fastfat - ok
20:38:11.0846 2084 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:38:11.0853 2084 Fax - ok
20:38:11.0989 2084 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:38:12.0012 2084 fdc - ok
20:38:12.0025 2084 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:38:12.0026 2084 fdPHost - ok
20:38:12.0033 2084 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:38:12.0034 2084 FDResPub - ok
20:38:12.0048 2084 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:38:12.0049 2084 FileInfo - ok
20:38:12.0058 2084 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:38:12.0065 2084 Filetrace - ok
20:38:12.0076 2084 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:38:12.0094 2084 flpydisk - ok
20:38:12.0109 2084 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:38:12.0111 2084 FltMgr - ok
20:38:12.0167 2084 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:38:12.0200 2084 FontCache - ok
20:38:12.0257 2084 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:38:12.0259 2084 FontCache3.0.0.0 - ok
20:38:12.0285 2084 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:38:12.0302 2084 FsDepends - ok
20:38:12.0337 2084 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
20:38:12.0347 2084 fssfltr - ok
20:38:12.0468 2084 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:38:12.0512 2084 fsssvc - ok
20:38:12.0576 2084 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:38:12.0590 2084 Fs_Rec - ok
20:38:12.0627 2084 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:38:12.0630 2084 fvevol - ok
20:38:12.0671 2084 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:38:12.0705 2084 gagp30kx - ok
20:38:12.0768 2084 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:38:12.0783 2084 GameConsoleService - ok
20:38:12.0846 2084 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:38:12.0858 2084 gpsvc - ok
20:38:12.0917 2084 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:38:12.0928 2084 hamachi - ok
20:38:13.0137 2084 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:38:13.0195 2084 Hamachi2Svc - ok
20:38:13.0254 2084 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:38:13.0287 2084 hcw85cir - ok
20:38:13.0331 2084 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:38:13.0336 2084 HdAudAddService - ok
20:38:13.0382 2084 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:38:13.0387 2084 HDAudBus - ok
20:38:13.0419 2084 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:38:13.0447 2084 HECIx64 - ok
20:38:13.0476 2084 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:38:13.0503 2084 HidBatt - ok
20:38:13.0543 2084 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:38:13.0570 2084 HidBth - ok
20:38:13.0626 2084 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:38:13.0668 2084 HidIr - ok
20:38:13.0685 2084 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:38:13.0687 2084 hidserv - ok
20:38:13.0696 2084 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:38:13.0699 2084 HidUsb - ok
20:38:13.0766 2084 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
20:38:13.0783 2084 HiPatchService - ok
20:38:13.0851 2084 HitmanProScheduler (4d4897ea19c389fbb900378bf57e660f) C:\Program Files\HitmanPro\hmpsched.exe
20:38:13.0853 2084 HitmanProScheduler - ok
20:38:13.0893 2084 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:38:13.0895 2084 hkmsvc - ok
20:38:13.0909 2084 hnwpxnke - ok
20:38:13.0951 2084 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:38:13.0955 2084 HomeGroupListener - ok
20:38:13.0988 2084 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:38:13.0991 2084 HomeGroupProvider - ok
20:38:14.0135 2084 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:38:14.0136 2084 HP Support Assistant Service - ok
20:38:14.0231 2084 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:38:14.0232 2084 HPDrvMntSvc.exe - ok
20:38:14.0267 2084 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:38:14.0286 2084 hpqwmiex - ok
20:38:14.0340 2084 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:38:14.0346 2084 HpSAMD - ok
20:38:14.0394 2084 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:38:14.0413 2084 HTTP - ok
20:38:14.0448 2084 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:38:14.0449 2084 hwpolicy - ok
20:38:14.0496 2084 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:38:14.0502 2084 i8042prt - ok
20:38:14.0549 2084 iaStor (f981817d0bd03eac4fa60d0b2551a310) C:\Windows\system32\DRIVERS\iaStor.sys
20:38:14.0554 2084 iaStor - ok
20:38:14.0630 2084 IAStorDataMgrSvc (b1cc71046a714e6a6af0a09eb7e05299) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:38:14.0631 2084 IAStorDataMgrSvc - ok
20:38:14.0670 2084 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:38:14.0678 2084 iaStorV - ok
20:38:14.0736 2084 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:38:14.0745 2084 IDriverT - ok
20:38:14.0817 2084 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:38:14.0835 2084 idsvc - ok
20:38:14.0876 2084 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:38:14.0917 2084 iirsp - ok
20:38:14.0957 2084 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:38:14.0964 2084 IKEEXT - ok
20:38:15.0078 2084 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys
20:38:15.0141 2084 IntcAzAudAddService - ok
20:38:15.0213 2084 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:38:15.0247 2084 intelide - ok
20:38:15.0253 2084 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:38:15.0283 2084 intelppm - ok
20:38:15.0318 2084 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:38:15.0320 2084 IPBusEnum - ok
20:38:15.0330 2084 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:38:15.0336 2084 IpFilterDriver - ok
20:38:15.0422 2084 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:38:15.0431 2084 iphlpsvc - ok
20:38:15.0456 2084 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:38:15.0463 2084 IPMIDRV - ok
20:38:15.0495 2084 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:38:15.0513 2084 IPNAT - ok
20:38:15.0538 2084 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:38:15.0556 2084 IRENUM - ok
20:38:15.0581 2084 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:38:15.0585 2084 isapnp - ok
20:38:15.0634 2084 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:38:15.0639 2084 iScsiPrt - ok
20:38:15.0645 2084 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:38:15.0649 2084 kbdclass - ok
20:38:15.0678 2084 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:38:15.0681 2084 kbdhid - ok
20:38:15.0712 2084 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:15.0719 2084 KeyIso - ok
20:38:15.0772 2084 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
20:38:15.0790 2084 kl1 - ok
20:38:15.0801 2084 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
20:38:15.0812 2084 KLBG - ok
20:38:15.0870 2084 KLIF (34d49307217b20e5a845b7db50cdd4fa) C:\Windows\system32\DRIVERS\klif.sys
20:38:15.0885 2084 KLIF - ok
20:38:15.0891 2084 KLIM6 (630f22545379437737cf4172f09fe449) C:\Windows\system32\DRIVERS\klim6.sys
20:38:15.0903 2084 KLIM6 - ok
20:38:15.0938 2084 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
20:38:15.0945 2084 klmouflt - ok
20:38:15.0961 2084 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:38:15.0975 2084 KSecDD - ok
20:38:15.0986 2084 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:38:15.0998 2084 KSecPkg - ok
20:38:16.0010 2084 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:38:16.0017 2084 ksthunk - ok
20:38:16.0046 2084 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:38:16.0058 2084 KtmRm - ok
20:38:16.0120 2084 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:38:16.0143 2084 LanmanServer - ok
20:38:16.0184 2084 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:38:16.0206 2084 LanmanWorkstation - ok
20:38:16.0288 2084 LightScribeService (3503f257b3203f824b1567238ebe17e2) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:38:16.0303 2084 LightScribeService - ok
20:38:16.0380 2084 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
20:38:16.0390 2084 lirsgt - ok
20:38:16.0417 2084 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:38:16.0428 2084 lltdio - ok
20:38:16.0454 2084 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:38:16.0469 2084 lltdsvc - ok
20:38:16.0501 2084 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:38:16.0515 2084 lmhosts - ok
20:38:16.0546 2084 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:38:16.0581 2084 LSI_FC - ok
20:38:16.0614 2084 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:38:16.0632 2084 LSI_SAS - ok
20:38:16.0640 2084 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:38:16.0658 2084 LSI_SAS2 - ok
20:38:16.0671 2084 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:38:16.0690 2084 LSI_SCSI - ok
20:38:16.0755 2084 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:38:16.0772 2084 luafv - ok
20:38:16.0840 2084 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:38:16.0869 2084 MBAMProtector - ok
20:38:16.0929 2084 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:38:16.0954 2084 MBAMService - ok
20:38:16.0989 2084 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:38:17.0002 2084 Mcx2Svc - ok
20:38:17.0011 2084 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:38:17.0038 2084 megasas - ok
20:38:17.0057 2084 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:38:17.0087 2084 MegaSR - ok
20:38:17.0103 2084 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:38:17.0115 2084 MMCSS - ok
20:38:17.0129 2084 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:38:17.0140 2084 Modem - ok
20:38:17.0169 2084 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:38:17.0185 2084 monitor - ok
20:38:17.0221 2084 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:38:17.0225 2084 mouclass - ok
20:38:17.0253 2084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:38:17.0280 2084 mouhid - ok
20:38:17.0307 2084 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:38:17.0313 2084 mountmgr - ok
20:38:17.0353 2084 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:38:17.0417 2084 MpFilter - ok
20:38:17.0430 2084 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:38:17.0440 2084 mpio - ok
20:38:17.0487 2084 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:38:17.0504 2084 mpsdrv - ok
20:38:17.0566 2084 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:38:17.0599 2084 MpsSvc - ok
20:38:17.0639 2084 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:38:17.0648 2084 MRxDAV - ok
20:38:17.0680 2084 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:38:17.0687 2084 mrxsmb - ok
20:38:17.0715 2084 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:38:17.0723 2084 mrxsmb10 - ok
20:38:17.0740 2084 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:38:17.0747 2084 mrxsmb20 - ok
20:38:17.0756 2084 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:38:17.0760 2084 msahci - ok
20:38:17.0774 2084 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:38:17.0779 2084 msdsm - ok
20:38:17.0805 2084 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:38:17.0818 2084 MSDTC - ok
20:38:17.0839 2084 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:38:17.0851 2084 Msfs - ok
20:38:17.0878 2084 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:38:17.0890 2084 mshidkmdf - ok
20:38:17.0939 2084 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:38:17.0944 2084 msisadrv - ok
20:38:17.0978 2084 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:38:17.0987 2084 MSiSCSI - ok
20:38:17.0990 2084 msiserver - ok
20:38:18.0019 2084 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:38:18.0028 2084 MSKSSRV - ok
20:38:18.0131 2084 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:38:18.0156 2084 MsMpSvc - ok
20:38:18.0187 2084 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:38:18.0200 2084 MSPCLOCK - ok
20:38:18.0205 2084 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:38:18.0217 2084 MSPQM - ok
20:38:18.0240 2084 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:38:18.0252 2084 MsRPC - ok
20:38:18.0290 2084 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:38:18.0294 2084 mssmbios - ok
20:38:18.0298 2084 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:38:18.0308 2084 MSTEE - ok
20:38:18.0343 2084 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:38:18.0373 2084 MTConfig - ok
20:38:18.0399 2084 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:38:18.0407 2084 Mup - ok
20:38:18.0428 2084 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:38:18.0443 2084 napagent - ok
20:38:18.0467 2084 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:38:18.0481 2084 NativeWifiP - ok
20:38:18.0517 2084 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:38:18.0531 2084 NDIS - ok
20:38:18.0565 2084 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:38:18.0573 2084 NdisCap - ok
20:38:18.0596 2084 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:38:18.0604 2084 NdisTapi - ok
20:38:18.0652 2084 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:38:18.0658 2084 Ndisuio - ok
20:38:18.0692 2084 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:38:18.0699 2084 NdisWan - ok
20:38:18.0707 2084 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:38:18.0714 2084 NDProxy - ok
20:38:18.0726 2084 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:38:18.0736 2084 NetBIOS - ok
20:38:18.0758 2084 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:38:18.0764 2084 NetBT - ok
20:38:18.0791 2084 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:18.0793 2084 Netlogon - ok
20:38:18.0883 2084 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:38:18.0905 2084 Netman - ok
20:38:18.0996 2084 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:38:19.0015 2084 NetMsmqActivator - ok
20:38:19.0018 2084 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:38:19.0019 2084 NetPipeActivator - ok
20:38:19.0045 2084 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:38:19.0057 2084 netprofm - ok
20:38:19.0149 2084 netr28x (5758fd37bf31e759f8610311e4d08eca) C:\Windows\system32\DRIVERS\netr28x.sys
20:38:19.0212 2084 netr28x - ok
20:38:19.0261 2084 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:38:19.0263 2084 NetTcpActivator - ok
20:38:19.0268 2084 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:38:19.0270 2084 NetTcpPortSharing - ok
20:38:19.0362 2084 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:38:19.0406 2084 nfrd960 - ok
20:38:19.0461 2084 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:38:19.0495 2084 NisDrv - ok
20:38:19.0605 2084 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:38:19.0649 2084 NisSrv - ok
20:38:19.0694 2084 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:38:19.0713 2084 NlaSvc - ok
20:38:19.0744 2084 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:38:19.0754 2084 Npfs - ok
20:38:19.0767 2084 npggsvc - ok
20:38:19.0771 2084 NPPTNT2 - ok
20:38:19.0804 2084 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:38:19.0816 2084 nsi - ok
20:38:19.0821 2084 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:38:19.0848 2084 nsiproxy - ok
20:38:19.0864 2084 NSNDIS5 - ok
20:38:19.0953 2084 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:38:20.0000 2084 Ntfs - ok
20:38:20.0067 2084 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:38:20.0083 2084 Null - ok
20:38:20.0119 2084 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:38:20.0125 2084 nvraid - ok
20:38:20.0143 2084 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:38:20.0149 2084 nvstor - ok
20:38:20.0178 2084 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:38:20.0182 2084 nv_agp - ok
20:38:20.0195 2084 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:38:20.0199 2084 ohci1394 - ok
20:38:20.0242 2084 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:38:20.0251 2084 ose - ok
20:38:20.0445 2084 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:38:20.0548 2084 osppsvc - ok
20:38:20.0637 2084 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:38:20.0662 2084 p2pimsvc - ok
20:38:20.0699 2084 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:38:20.0725 2084 p2psvc - ok
20:38:20.0818 2084 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:38:20.0843 2084 Parport - ok
20:38:20.0884 2084 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:38:20.0890 2084 partmgr - ok
20:38:20.0909 2084 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:38:20.0921 2084 PcaSvc - ok
20:38:20.0935 2084 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:38:20.0939 2084 pci - ok
20:38:20.0948 2084 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:38:20.0973 2084 pciide - ok
20:38:21.0011 2084 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:38:21.0030 2084 pcmcia - ok
20:38:21.0056 2084 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:38:21.0065 2084 pcw - ok
20:38:21.0095 2084 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:38:21.0112 2084 PEAUTH - ok
20:38:21.0163 2084 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:38:21.0169 2084 PerfHost - ok
20:38:21.0297 2084 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:38:21.0337 2084 pla - ok
20:38:21.0441 2084 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:38:21.0452 2084 PlugPlay - ok
20:38:21.0476 2084 PnkBstrA - ok
20:38:21.0513 2084 PnkBstrB - ok
20:38:21.0526 2084 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:38:21.0564 2084 PNRPAutoReg - ok
20:38:21.0585 2084 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:38:21.0589 2084 PNRPsvc - ok
20:38:21.0621 2084 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:38:21.0635 2084 PolicyAgent - ok
20:38:21.0673 2084 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:38:21.0689 2084 Power - ok
20:38:21.0744 2084 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:38:21.0754 2084 PptpMiniport - ok
20:38:21.0792 2084 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:38:21.0836 2084 Processor - ok
20:38:21.0953 2084 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:38:21.0976 2084 ProfSvc - ok
20:38:22.0004 2084 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:22.0005 2084 ProtectedStorage - ok
20:38:22.0051 2084 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:38:22.0056 2084 Psched - ok
20:38:22.0095 2084 pxkbf (14d82090b0ed422ccdeaf97eda60df4c) C:\Windows\system32\drivers\pxkbf.sys
20:38:22.0098 2084 pxkbf - ok
20:38:22.0109 2084 pxrts (a5000e7b2b1e2dd4a593a15774b943ac) C:\Windows\system32\drivers\pxrts.sys
20:38:22.0111 2084 pxrts - ok
20:38:22.0178 2084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:38:22.0266 2084 ql2300 - ok
20:38:22.0328 2084 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:38:22.0373 2084 ql40xx - ok
20:38:22.0413 2084 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:38:22.0425 2084 QWAVE - ok
20:38:22.0458 2084 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:38:22.0469 2084 QWAVEdrv - ok
20:38:22.0556 2084 RalinkRegistryWriter (f502a4b72524d21c5ca7183e61fb522e) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
20:38:22.0588 2084 RalinkRegistryWriter - ok
20:38:22.0651 2084 RalinkRegistryWriter64 (56b2eed5f1f150519dfac03aa9825af5) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
20:38:22.0678 2084 RalinkRegistryWriter64 - ok
20:38:22.0738 2084 RaMediaServer (cbc738221e5b80c4566e4ac0dc16cc8c) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
20:38:22.0748 2084 RaMediaServer - ok
20:38:22.0812 2084 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:38:22.0829 2084 RasAcd - ok
20:38:22.0896 2084 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:38:22.0932 2084 RasAgileVpn - ok
20:38:22.0971 2084 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:38:22.0989 2084 RasAuto - ok
20:38:23.0029 2084 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:38:23.0034 2084 Rasl2tp - ok
20:38:23.0063 2084 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:38:23.0081 2084 RasMan - ok
20:38:23.0099 2084 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:38:23.0109 2084 RasPppoe - ok
20:38:23.0136 2084 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:38:23.0146 2084 RasSstp - ok
20:38:23.0164 2084 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:38:23.0172 2084 rdbss - ok
20:38:23.0194 2084 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:38:23.0216 2084 rdpbus - ok
20:38:23.0236 2084 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:38:23.0245 2084 RDPCDD - ok
20:38:23.0256 2084 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:38:23.0265 2084 RDPENCDD - ok
20:38:23.0279 2084 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:38:23.0287 2084 RDPREFMP - ok
20:38:23.0325 2084 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:38:23.0343 2084 RDPWD - ok
20:38:23.0375 2084 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:38:23.0381 2084 rdyboost - ok
20:38:23.0404 2084 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:38:23.0414 2084 RemoteAccess - ok
20:38:23.0444 2084 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:38:23.0454 2084 RemoteRegistry - ok
20:38:23.0503 2084 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
20:38:23.0511 2084 RMCAST - ok
20:38:23.0525 2084 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:38:23.0537 2084 RpcEptMapper - ok
20:38:23.0547 2084 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:38:23.0559 2084 RpcLocator - ok
20:38:23.0601 2084 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:38:23.0611 2084 RpcSs - ok
20:38:23.0629 2084 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:38:23.0642 2084 rspndr - ok
20:38:23.0712 2084 RTHDMIAzAudService (2e7d1ca91d62501713c9d6e6704395c6) C:\Windows\system32\drivers\RtHDMIVX.sys
20:38:23.0737 2084 RTHDMIAzAudService - ok
20:38:23.0774 2084 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:38:23.0784 2084 RTL8167 - ok
20:38:23.0819 2084 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:23.0821 2084 SamSs - ok
20:38:23.0848 2084 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:38:23.0866 2084 sbp2port - ok
20:38:23.0892 2084 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:38:23.0908 2084 SCardSvr - ok
20:38:23.0954 2084 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:38:23.0964 2084 scfilter - ok
20:38:24.0004 2084 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:38:24.0060 2084 Schedule - ok
20:38:24.0190 2084 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:38:24.0197 2084 SCPolicySvc - ok
20:38:24.0215 2084 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:38:24.0224 2084 SDRSVC - ok
20:38:24.0269 2084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:38:24.0282 2084 secdrv - ok
20:38:24.0311 2084 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:38:24.0319 2084 seclogon - ok
20:38:24.0336 2084 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:38:24.0351 2084 SENS - ok
20:38:24.0370 2084 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:38:24.0383 2084 SensrSvc - ok
20:38:24.0408 2084 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:38:24.0439 2084 Serenum - ok
20:38:24.0465 2084 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:38:24.0485 2084 Serial - ok
20:38:24.0504 2084 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:38:24.0515 2084 sermouse - ok
20:38:24.0546 2084 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:38:24.0552 2084 SessionEnv - ok
20:38:24.0567 2084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:38:24.0578 2084 sffdisk - ok
20:38:24.0591 2084 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:38:24.0602 2084 sffp_mmc - ok
20:38:24.0615 2084 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:38:24.0627 2084 sffp_sd - ok
20:38:24.0637 2084 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:38:24.0660 2084 sfloppy - ok
20:38:24.0718 2084 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:38:24.0742 2084 Sftfs - ok
20:38:24.0824 2084 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:38:24.0861 2084 sftlist - ok
20:38:24.0949 2084 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:38:24.0982 2084 Sftplay - ok
20:38:24.0996 2084 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:38:25.0008 2084 Sftredir - ok
20:38:25.0011 2084 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:38:25.0023 2084 Sftvol - ok
20:38:25.0042 2084 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:38:25.0057 2084 sftvsa - ok
20:38:25.0246 2084 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:38:25.0260 2084 SharedAccess - ok
20:38:25.0301 2084 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:38:25.0310 2084 ShellHWDetection - ok
20:38:25.0338 2084 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:38:25.0362 2084 SiSRaid2 - ok
20:38:25.0380 2084 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:38:25.0398 2084 SiSRaid4 - ok
20:38:25.0458 2084 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:38:25.0478 2084 SkypeUpdate - ok
20:38:25.0516 2084 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:38:25.0535 2084 Smb - ok
20:38:25.0575 2084 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:38:25.0595 2084 SNMPTRAP - ok
20:38:25.0616 2084 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:38:25.0634 2084 spldr - ok
20:38:25.0661 2084 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:38:25.0690 2084 Spooler - ok
20:38:25.0817 2084 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:38:25.0842 2084 sppsvc - ok
20:38:25.0947 2084 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:38:25.0966 2084 sppuinotify - ok
20:38:25.0980 2084 sptd - ok
20:38:26.0043 2084 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:38:26.0075 2084 srv - ok
20:38:26.0115 2084 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:38:26.0138 2084 srv2 - ok
20:38:26.0175 2084 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:38:26.0197 2084 srvnet - ok
20:38:26.0233 2084 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:38:26.0248 2084 SSDPSRV - ok
20:38:26.0302 2084 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:38:26.0316 2084 SstpSvc - ok
20:38:26.0412 2084 Steam Client Service - ok
20:38:26.0437 2084 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:38:26.0455 2084 stexstor - ok
20:38:26.0508 2084 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:38:26.0520 2084 stisvc - ok
20:38:26.0552 2084 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:38:26.0566 2084 swenum - ok
20:38:26.0591 2084 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:38:26.0609 2084 swprv - ok
20:38:26.0693 2084 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:38:26.0735 2084 SysMain - ok
20:38:26.0807 2084 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:38:26.0816 2084 TabletInputService - ok
20:38:26.0838 2084 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:38:26.0852 2084 TapiSrv - ok
20:38:26.0884 2084 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:38:26.0893 2084 TBS - ok
20:38:26.0978 2084 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:38:27.0044 2084 Tcpip - ok
20:38:27.0167 2084 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:38:27.0176 2084 TCPIP6 - ok
20:38:27.0254 2084 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:38:27.0264 2084 tcpipreg - ok
20:38:27.0283 2084 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:38:27.0293 2084 TDPIPE - ok
20:38:27.0324 2084 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:38:27.0350 2084 TDTCP - ok
20:38:27.0508 2084 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:38:27.0529 2084 tdx - ok
20:38:27.0635 2084 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:38:27.0657 2084 TermDD - ok
20:38:27.0756 2084 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:38:27.0782 2084 TermService - ok
20:38:27.0797 2084 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:38:27.0806 2084 Themes - ok
20:38:27.0833 2084 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:38:27.0834 2084 THREADORDER - ok
20:38:27.0849 2084 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:38:27.0861 2084 TrkWks - ok
20:38:27.0943 2084 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:38:27.0972 2084 TrustedInstaller - ok
20:38:27.0999 2084 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:38:28.0011 2084 tssecsrv - ok
20:38:28.0042 2084 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:38:28.0055 2084 TsUsbFlt - ok
20:38:28.0125 2084 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:38:28.0141 2084 tunnel - ok
20:38:28.0172 2084 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:38:28.0201 2084 uagp35 - ok
20:38:28.0246 2084 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:38:28.0254 2084 udfs - ok
20:38:28.0285 2084 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:38:28.0297 2084 UI0Detect - ok
20:38:28.0329 2084 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:38:28.0354 2084 uliagpkx - ok
20:38:28.0365 2084 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:38:28.0381 2084 umbus - ok
20:38:28.0423 2084 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:38:28.0450 2084 UmPass - ok
20:38:28.0506 2084 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:38:28.0529 2084 upnphost - ok
20:38:28.0564 2084 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:38:28.0581 2084 usbccgp - ok
20:38:28.0730 2084 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:38:28.0746 2084 usbcir - ok
20:38:28.0815 2084 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:38:28.0825 2084 usbehci - ok
20:38:29.0115 2084 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:38:29.0128 2084 usbhub - ok
20:38:29.0156 2084 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:38:29.0184 2084 usbohci - ok
20:38:29.0211 2084 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:38:29.0237 2084 usbprint - ok
20:38:29.0261 2084 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:38:29.0278 2084 usbscan - ok
20:38:29.0320 2084 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:38:29.0326 2084 USBSTOR - ok
20:38:29.0335 2084 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:38:29.0353 2084 usbuhci - ok
20:38:29.0366 2084 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:38:29.0374 2084 UxSms - ok
20:38:29.0405 2084 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:29.0406 2084 VaultSvc - ok
20:38:29.0432 2084 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:38:29.0450 2084 vdrvroot - ok
20:38:29.0492 2084 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:38:29.0506 2084 vds - ok
20:38:29.0543 2084 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:38:29.0558 2084 vga - ok
20:38:29.0564 2084 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:38:29.0598 2084 VgaSave - ok
20:38:29.0619 2084 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:38:29.0638 2084 vhdmp - ok
20:38:29.0652 2084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:38:29.0682 2084 viaide - ok
20:38:29.0824 2084 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:38:29.0842 2084 volmgr - ok
20:38:29.0949 2084 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:38:29.0978 2084 volmgrx - ok
20:38:30.0003 2084 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:38:30.0025 2084 volsnap - ok
20:38:30.0065 2084 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
20:38:30.0071 2084 vpcbus - ok
20:38:30.0129 2084 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:38:30.0144 2084 vpcnfltr - ok
20:38:30.0160 2084 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
20:38:30.0166 2084 vpcusb - ok
20:38:30.0204 2084 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
20:38:30.0211 2084 vpcuxd - ok
20:38:30.0258 2084 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
20:38:30.0276 2084 vpcvmm - ok
20:38:30.0310 2084 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:38:30.0336 2084 vsmraid - ok
20:38:30.0404 2084 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:38:30.0441 2084 VSS - ok
20:38:30.0533 2084 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:38:30.0552 2084 vwifibus - ok
20:38:30.0597 2084 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:38:30.0616 2084 vwififlt - ok
20:38:30.0650 2084 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:38:30.0681 2084 vwifimp - ok
20:38:31.0118 2084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:38:31.0159 2084 W32Time - ok
20:38:31.0173 2084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:38:31.0218 2084 WacomPen - ok
20:38:31.0299 2084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:38:31.0320 2084 WANARP - ok
20:38:31.0345 2084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:38:31.0347 2084 Wanarpv6 - ok
20:38:32.0923 2084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:38:32.0976 2084 WatAdminSvc - ok
20:38:33.0290 2084 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:38:33.0340 2084 wbengine - ok
20:38:33.0426 2084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:38:33.0447 2084 WbioSrvc - ok
20:38:33.0522 2084 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:38:33.0537 2084 wcncsvc - ok
20:38:33.0585 2084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:38:33.0598 2084 WcsPlugInService - ok
20:38:33.0634 2084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:38:33.0671 2084 Wd - ok
20:38:33.0722 2084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:38:33.0745 2084 Wdf01000 - ok
20:38:33.0797 2084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:38:33.0821 2084 WdiServiceHost - ok
20:38:33.0824 2084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:38:33.0827 2084 WdiSystemHost - ok
20:38:33.0964 2084 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:38:33.0989 2084 WebClient - ok
20:38:34.0116 2084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:38:34.0137 2084 Wecsvc - ok
20:38:34.0233 2084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:38:34.0254 2084 wercplsupport - ok
20:38:34.0285 2084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:38:34.0300 2084 WerSvc - ok
20:38:34.0318 2084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:38:34.0331 2084 WfpLwf - ok
20:38:34.0365 2084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:38:34.0394 2084 WIMMount - ok
20:38:34.0542 2084 WinDefend - ok
20:38:34.0561 2084 WinHttpAutoProxySvc - ok
20:38:34.0616 2084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:38:34.0633 2084 Winmgmt - ok
20:38:34.0745 2084 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:38:34.0803 2084 WinRM - ok
20:38:34.0987 2084 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:38:35.0008 2084 WinUsb - ok
20:38:35.0042 2084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:38:35.0060 2084 Wlansvc - ok
20:38:35.0122 2084 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:38:35.0144 2084 wlcrasvc - ok
20:38:35.0298 2084 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:38:35.0363 2084 wlidsvc - ok
20:38:35.0414 2084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:38:35.0429 2084 WmiAcpi - ok
20:38:35.0554 2084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:38:35.0575 2084 wmiApSrv - ok
20:38:35.0600 2084 WMPNetworkSvc - ok
20:38:35.0624 2084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:38:35.0632 2084 WPCSvc - ok
20:38:35.0671 2084 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:38:35.0679 2084 WPDBusEnum - ok
20:38:35.0694 2084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:38:35.0706 2084 ws2ifsl - ok
20:38:35.0734 2084 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:38:35.0744 2084 wscsvc - ok
20:38:35.0748 2084 WSearch - ok
20:38:35.0850 2084 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:38:35.0908 2084 wuauserv - ok
20:38:35.0984 2084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:38:36.0001 2084 WudfPf - ok
20:38:36.0036 2084 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:38:36.0048 2084 WUDFRd - ok
20:38:36.0060 2084 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:38:36.0071 2084 wudfsvc - ok
20:38:36.0090 2084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:38:36.0107 2084 WwanSvc - ok
20:38:36.0145 2084 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:38:36.0151 2084 xusb21 - ok
20:38:36.0179 2084 MBR (0x1B8) (20865a18b5820db8c5804c42087fd83f) \Device\Harddisk0\DR0
20:38:36.0344 2084 \Device\Harddisk0\DR0 - ok
20:38:36.0395 2084 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
20:38:36.0400 2084 \Device\Harddisk1\DR1 - ok
20:38:36.0404 2084 Boot (0x1200) (cfba97c183807b5fdc1077d1bd7bec7c) \Device\Harddisk0\DR0\Partition0
20:38:36.0406 2084 \Device\Harddisk0\DR0\Partition0 - ok
20:38:36.0421 2084 Boot (0x1200) (21e71fc073c375b82328a91a13ea44a1) \Device\Harddisk0\DR0\Partition1
20:38:36.0423 2084 \Device\Harddisk0\DR0\Partition1 - ok
20:38:36.0446 2084 Boot (0x1200) (ee1198705c40ab3939dac5b2223416ce) \Device\Harddisk0\DR0\Partition2
20:38:36.0448 2084 \Device\Harddisk0\DR0\Partition2 - ok
20:38:36.0453 2084 Boot (0x1200) (37cfa1bbc1b6ede9b62a3c6f05e7769d) \Device\Harddisk1\DR1\Partition0
20:38:36.0457 2084 \Device\Harddisk1\DR1\Partition0 - ok
20:38:36.0458 2084 ============================================================
20:38:36.0458 2084 Scan finished
20:38:36.0458 2084 ============================================================
20:38:36.0478 8076 Detected object count: 0
20:38:36.0478 8076 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 20:41:57
-----------------------------
20:41:57.470 OS Version: Windows x64 6.1.7601 Service Pack 1
20:41:57.470 Number of processors: 4 586 0x1E05
20:41:57.470 ComputerName: MR-HP UserName:
20:42:10.736 Initialize success
20:44:14.521 AVAST engine defs: 12042700
20:47:28.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:47:28.015 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 8
20:47:28.031 Disk 0 MBR read successfully
20:47:28.031 Disk 0 MBR scan
20:47:28.046 Disk 0 unknown MBR code
20:47:28.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:47:28.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942191 MB offset 206848
20:47:28.156 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11576 MB offset 1929814016
20:47:28.265 Disk 0 scanning C:\Windows\system32\drivers
20:47:46.954 Service scanning
20:48:11.805 Modules scanning
20:48:11.820 Disk 0 trace - called modules:
20:48:11.851 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:48:11.851 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ab7060]
20:48:11.867 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800483a050]
20:48:13.599 AVAST engine scan C:\Windows
20:48:20.665 AVAST engine scan C:\Windows\system32
20:54:30.015 File: C:\Windows\assembly\tmp\EPP8DOA9\Microsoft.DirectX.DirectSound.dll **SUSPICIOUS**
20:54:30.077 File: C:\Windows\assembly\tmp\EPP8DOA9\__AssemblyInfo__.ini **SUSPICIOUS**
20:54:39.063 AVAST engine scan C:\Windows\system32\drivers
20:55:19.202 AVAST engine scan C:\Users\Nathan
21:24:27.568 AVAST engine scan C:\ProgramData
21:42:05.702 File: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll **INFECTED** Win32:Adware-gen [Adw]
21:44:50.922 Scan finished successfully
21:46:07.705 Disk 0 MBR has been saved successfully to "K:\TrojanWin64Sirefef.B\MBR.dat"
21:46:07.798 The log file has been saved successfully to "K:\TrojanWin64Sirefef.B\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,575 posts
  • Gender:Male
  • Location:Puerto rico

Posted 27 April 2012 - 07:41 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Vuze_Remote
c:\progra~2\IMESHA~1

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#9 n8h79n

n8h79n

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Queensland, Australia

Posted 27 April 2012 - 12:23 PM

Oh beautiful browser go's so much faster after that, i see what was deleted included Imesh(which thankfully didn't delete my music that was apart of it because that folder was elsewhere)which included alot of addons for chrome which loads almost instantly now use to be much slower, so thanks for that. So far that's only improvement i can see. Also things went smoothly with it no problems.
Note: Id thought id include exactly what Microsoft Security Essentials says about consrv.dll since it just popped up at me again.

Security Essentials encountered the following error: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:C:\Windows\system32\consrv.dll

"The program could not find the malware and other potentially unwanted software on this computer." Even though it detects it every time it runs a quick scan and "removes" it and says everything's fine again.



ComboFix 12-04-25.02 - Nathan 28/04/2012 2:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4055.2312 [GMT 10:00]
Running from: c:\users\Nathan\Desktop\ComboFix.exe
Command switches used :: c:\users\Nathan\Desktop\CFScript.txt
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\IMESHA~1
c:\progra~2\IMESHA~1\iMesh\ammp3.dll
c:\progra~2\IMESHA~1\iMesh\avcodec-51.dll
c:\progra~2\IMESHA~1\iMesh\avformat-51.dll
c:\progra~2\IMESHA~1\iMesh\avutil-49.dll
c:\progra~2\IMESHA~1\iMesh\BerkeleyLoader.dll
c:\progra~2\IMESHA~1\iMesh\Copy_Folder.bat
c:\progra~2\IMESHA~1\iMesh\DiscoveryHelper.dll
c:\progra~2\IMESHA~1\iMesh\FixAudioDriverSignature.reg
c:\progra~2\IMESHA~1\iMesh\GIFAnimator.dll
c:\progra~2\IMESHA~1\iMesh\HTML\error.html
c:\progra~2\IMESHA~1\iMesh\HTML\Images\bg-top.jpg
c:\progra~2\IMESHA~1\iMesh\HTML\Images\closeRecommend.gif
c:\progra~2\IMESHA~1\iMesh\HTML\loading.html
c:\progra~2\IMESHA~1\iMesh\HTML\noInternet.html
c:\progra~2\IMESHA~1\iMesh\HTML\offline.html
c:\progra~2\IMESHA~1\iMesh\HTML\Recommendation_Offline.html
c:\progra~2\IMESHA~1\iMesh\htmlayout.dll
c:\progra~2\IMESHA~1\iMesh\ImageUploader5.ocx
c:\progra~2\IMESHA~1\iMesh\iMesh.exe
c:\progra~2\IMESHA~1\iMesh\iMesh.ico
c:\progra~2\IMESHA~1\iMesh\IMTrProgress.dll
c:\progra~2\IMESHA~1\iMesh\IMWebControl.dll
c:\progra~2\IMESHA~1\iMesh\Launcher_x64.exe
c:\progra~2\IMESHA~1\iMesh\libungif4.dll
c:\progra~2\IMESHA~1\iMesh\lic_helper.dll
c:\progra~2\IMESHA~1\iMesh\license.txt
c:\progra~2\IMESHA~1\iMesh\NCTAudioCDGrabber2.dll
c:\progra~2\IMESHA~1\iMesh\NCTAudioCDWriter2.dll
c:\progra~2\IMESHA~1\iMesh\NCTAudioCompress3.dll
c:\progra~2\IMESHA~1\iMesh\NCTAudioFile3.dll
c:\progra~2\IMESHA~1\iMesh\NCTAudioFileWMA3.dll
c:\progra~2\IMESHA~1\iMesh\NCTAudioFormatSettings3.dll
c:\progra~2\IMESHA~1\iMesh\NCTDataCDWriter2.dll
c:\progra~2\IMESHA~1\iMesh\Nickel.ocx
c:\progra~2\IMESHA~1\iMesh\ResourcesLoc.dll
c:\progra~2\IMESHA~1\iMesh\SHW32.DLL
c:\progra~2\IMESHA~1\iMesh\Skins\Default.skn
c:\progra~2\IMESHA~1\iMesh\Skins\Default.xml
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\albums.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\images\defpreview.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\images\playbtn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\images\playing.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\artists.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\defpreview.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\play.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\play_disabled.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\play_down.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\play_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\menu.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\cdripview\cdrip.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\active.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\azure.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\black.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\blue.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\byzantium.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\close-hovered.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\close-normal.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\close-pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\close.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\dark-blue.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\green.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\grey.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\hover.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\inactive.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\magenta.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\olive.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\orange.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\pink.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\pro.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\images\red.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\pro-view.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorschemebubble\view.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\defalbum.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\defbutton.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\ls_btn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\ls_btn_hover.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\ls_btn_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_bottom.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_bottom_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_bottom_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_fill.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_top.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_top_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_top_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\th_btn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\th_btn_hover.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\th_btn_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\tip.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\tipb.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\white.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\images\defpreview.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\images\list_btn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\images\playbtn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\images\playing.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\videos.html
c:\progra~2\IMESHA~1\iMesh\Skins\Images\DefArtwork.jpg
c:\progra~2\IMESHA~1\iMesh\Skins\Images\DefFemale.gif
c:\progra~2\IMESHA~1\iMesh\Skins\Images\DefMale.gif
c:\progra~2\IMESHA~1\iMesh\Skins\Images\FriendshipNotif.jpg
c:\progra~2\IMESHA~1\iMesh\Skins\Images\SendPlaylist.jpg
c:\progra~2\IMESHA~1\iMesh\Skins\Images\TAFLogo.PNG
c:\progra~2\IMESHA~1\iMesh\Skins\Images\ToGoLogo.PNG
c:\progra~2\IMESHA~1\iMesh\Skins\RemoteSkin.wmz
c:\progra~2\IMESHA~1\iMesh\Skins\Settings.xml
c:\progra~2\IMESHA~1\iMesh\Smiley.ico
c:\progra~2\IMESHA~1\iMesh\UninstallUsers.exe
c:\progra~2\IMESHA~1\iMesh\UpdateInst.exe
c:\progra~2\IMESHA~1\iMesh\WMAProfiles.prx
c:\progra~2\IMESHA~1\iMesh\WMHelper.dll
c:\progra~2\IMESHA~1\iMesh\WMHelper.log
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\data\search\engines.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\data\search\search.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\imeshcode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\about.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\external.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\imeshcode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\nsDragAndDrop.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsspreview.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsswin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\rsswin.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\vmncode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\neterror.xhtml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\preferences.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\template.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\toolbar.htm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\toolbar.xul
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\vmncode.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\login.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\index.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.4.3.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.event.wheel.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.scrollTo-min.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\youtube.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\about_logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\babylon_logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\bluelite.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\bluesky.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\btn_settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ca.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\dictionary.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\downloadcom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\dtxlogo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ebay.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ebay_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email_on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\email_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\facebook.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\games.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred0.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred0_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred1.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred1_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred2_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred3.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred3_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred4.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred4_5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphred5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\graphredna.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\grey.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\ico-shield.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\icon_seperator_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\images.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\imesh.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\aol.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\blank.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\chevron.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\collapse.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\comcast.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\dtx.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\expand.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\found.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\gmail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\imap.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\lock.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\modify.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\move.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\pop.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\reload.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\remove.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rename.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rss.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\search-go.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\lichen.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo-separator.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_about_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_over_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_over_t_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\logo_t_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\mail.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\maps.bmp
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modify-save.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modify.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\modifyhot.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\music.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\news.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-main.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\orange.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\pixsy.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\protect-id.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\relatedlinks.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-collapse.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-delete.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-expand.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-feed.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-folder.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-found.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-reload.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rss.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rssback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\rsstopback.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search-over.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search_button_over_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\search_button_png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\settings.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\shopping.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\siteinfo.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-grey.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-lichen.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-orange.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin-yellow.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\skin.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\technorati.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\translate.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\TRUSTe_about.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\video.bmp
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\vmn.css
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\vmn.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\weather.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\web.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\wikipedia.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\yahoosearch.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\yellow.gif
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\youtube.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\chrome\skin\zoom.png
c:\progra~2\IMESHA~1\MediaBar\ToolBar\components\windowmediator.js
c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshbandmltbpi.dll
c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
c:\progra~2\IMESHA~1\MediaBar\ToolBar\manifest.xml
c:\progra~2\IMESHA~1\MediaBar\ToolBar\uninstall.exe
c:\progra~2\IMESHA~1\MediaBar\uninstall.exe
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\Vuze_Remote\GottenAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\ldrtbVuz2.dll
c:\program files (x86)\Vuze_Remote\OtherAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll
c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
c:\program files (x86)\Vuze_Remote\SharedAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\tbVuz0.dll
c:\program files (x86)\Vuze_Remote\tbVuz2.dll
c:\program files (x86)\Vuze_Remote\tbVuze.dll
c:\program files (x86)\Vuze_Remote\toolbar.cfg
c:\program files (x86)\Vuze_Remote\ToolbarContextMenu.xml
c:\program files (x86)\Vuze_Remote\uninstall.exe
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 16:41 . 2012-04-27 16:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-27 16:41 . 2012-04-27 16:41 -------- d-----w- c:\users\Mcx1-MR-HP\AppData\Local\temp
2012-04-27 16:41 . 2012-04-27 16:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-27 16:41 . 2012-04-27 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 16:41 . 2012-04-27 16:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-27 06:06 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52EB1F3B-0547-4157-BB30-2A3EBF07EC73}\mpengine.dll
2012-04-26 08:05 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-25 02:31 . 2012-04-25 02:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-25 02:23 . 2012-04-25 02:24 -------- d-----w- c:\users\Nathan\Outerra
2012-04-25 02:22 . 2012-04-25 02:22 -------- d-----w- c:\program files (x86)\Outerra
2012-04-24 20:37 . 2012-04-24 20:38 -------- d-----w- c:\users\Nathan\AppData\Roaming\GameRanger
2012-04-24 20:20 . 2012-04-24 20:31 -------- d-----w- c:\program files (x86)\Ground Control II
2012-04-24 20:19 . 2003-11-10 08:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-04-24 20:19 . 2003-11-10 08:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-04-24 20:19 . 2003-11-10 08:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-04-24 20:19 . 2003-11-10 08:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-04-24 20:19 . 2003-11-10 08:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-04-24 20:19 . 2012-04-24 20:19 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-04-24 20:19 . 2012-04-24 20:19 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-04-21 00:43 . 2012-04-21 00:43 -------- d-----w- c:\program files\CCleaner
2012-04-21 00:18 . 2012-04-21 00:18 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-04-20 22:09 . 2012-04-20 22:09 -------- d-----w- c:\program files\HitmanPro
2012-04-20 22:08 . 2012-04-20 22:09 -------- d-----w- c:\programdata\HitmanPro
2012-04-20 22:01 . 2012-04-20 22:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-20 21:20 . 2012-04-20 21:20 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2012-04-20 21:20 . 2012-04-20 21:20 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-04-20 21:20 . 2012-04-20 21:20 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-04-20 21:20 . 2012-04-20 21:20 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2012-04-20 21:20 . 2012-04-20 21:20 -------- d-----w- c:\program files\Prevx
2012-04-20 21:20 . 2012-04-21 21:41 -------- d-----w- c:\programdata\PrevxCSI
2012-04-20 07:39 . 2012-04-20 07:39 -------- d-----w- c:\users\Nathan\AppData\Roaming\Malwarebytes
2012-04-20 07:39 . 2012-04-20 07:39 -------- d-----w- c:\programdata\Malwarebytes
2012-04-20 07:39 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-20 07:39 . 2012-04-20 07:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-15 05:07 . 2012-04-15 06:07 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-14 09:50 . 2012-04-14 09:50 0 ----a-w- c:\windows\SysWow64\sho6A08.tmp
2012-04-12 16:27 . 2012-04-12 16:27 -------- d-----w- c:\program files (x86)\GOG.com
2012-04-11 09:39 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-11 09:39 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-11 09:36 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-11 09:36 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-11 09:35 . 2012-02-28 06:47 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-11 09:34 . 2012-02-28 01:08 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-04-11 09:34 . 2012-02-28 06:56 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-11 09:33 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-04-11 09:32 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-04-11 09:32 . 2012-02-28 06:48 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-11 09:31 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-11 09:31 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-11 09:30 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-11 09:30 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-11 09:23 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 09:23 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 09:22 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 09:09 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 09:09 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 09:09 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 09:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 09:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 09:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 09:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 06:14 . 2012-04-15 06:07 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-07 03:05 . 2012-04-07 03:05 0 ----a-w- c:\windows\SysWow64\shoECEF.tmp
2012-04-05 14:35 . 2012-04-05 14:35 -------- d-----w- c:\users\Nathan\AppData\Local\Ironclad Games
2012-04-05 14:34 . 2012-04-05 14:34 -------- d-----w- c:\programdata\Ironclad Games
2012-04-05 08:28 . 2012-04-11 12:24 -------- d-----w- c:\programdata\FAForever
2012-04-05 01:28 . 2012-04-05 01:28 0 ----a-w- c:\windows\SysWow64\sho6F00.tmp
2012-04-03 21:00 . 2012-04-03 21:00 0 ----a-w- c:\windows\SysWow64\shoD612.tmp
2012-04-03 07:35 . 2012-04-03 07:35 0 ----a-w- c:\windows\SysWow64\sho137E.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 21:17 . 2011-08-12 03:03 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-04-15 06:07 . 2011-05-19 14:03 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 10:44 . 2011-04-27 05:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 10:44 . 2011-04-18 03:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-18 09:53 . 2012-03-18 09:53 0 ----a-w- c:\windows\SysWow64\sho3986.tmp
2012-03-17 12:52 . 2012-03-17 12:52 0 ----a-w- c:\windows\SysWow64\sho89FB.tmp
2012-03-16 19:30 . 2012-03-16 19:30 0 ----a-w- c:\windows\SysWow64\sho778.tmp
2012-03-12 14:52 . 2012-03-12 14:52 0 ----a-w- c:\windows\SysWow64\sho6EC2.tmp
2012-03-10 02:27 . 2012-03-10 02:27 0 ----a-w- c:\windows\SysWow64\sho1D85.tmp
2012-03-07 01:56 . 2012-03-07 01:56 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-07 01:56 . 2011-01-09 12:48 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-03-07 01:56 . 2012-03-06 21:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-07 01:56 . 2011-01-09 12:48 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-03-06 18:21 . 2012-03-06 18:21 0 ----a-w- c:\windows\SysWow64\shoA8F9.tmp
2012-03-05 04:45 . 2012-03-05 04:46 231440 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-03-04 18:04 . 2012-03-04 18:04 0 ----a-w- c:\windows\SysWow64\sho9A5A.tmp
2012-03-01 10:27 . 2012-03-01 10:27 0 ----a-w- c:\windows\SysWow64\sho3B8.tmp
2012-02-29 19:21 . 2012-02-29 19:21 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-02-29 19:21 . 2012-02-29 19:21 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-02-29 11:07 . 2011-01-10 13:59 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-29 11:07 . 2011-01-10 13:59 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-29 11:07 . 2012-02-29 11:07 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-02-22 12:20 . 2011-01-12 17:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 04:25 . 2011-01-08 10:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-20 04:24 . 2011-01-08 10:27 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-17 16:04 . 2012-02-17 16:04 0 ----a-w- c:\windows\SysWow64\sho679A.tmp
2012-02-17 06:38 . 2012-03-13 23:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:04 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:04 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-14 18:07 . 2012-02-14 18:07 0 ----a-w- c:\windows\SysWow64\sho5A6A.tmp
2012-02-14 12:05 . 2012-02-14 12:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 12:05 . 2012-02-14 12:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 12:05 . 2012-02-14 12:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 12:05 . 2012-02-14 12:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 12:05 . 2012-02-14 12:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 12:04 . 2012-02-14 12:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 12:03 . 2012-02-14 12:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 12:03 . 2012-02-14 12:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-12 19:06 . 2012-02-12 19:06 0 ----a-w- c:\windows\SysWow64\shoABBC.tmp
2012-02-11 09:28 . 2012-02-11 09:28 0 ----a-w- c:\windows\SysWow64\shoE5E1.tmp
2012-02-10 10:09 . 2012-02-10 10:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20A3B893-9F18-43A1-B855-D2F4CAF6A259}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 23:27 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:26 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 21:18 . 2012-02-08 21:18 0 ----a-w- c:\windows\SysWow64\sho892B.tmp
2012-02-03 04:34 . 2012-03-13 23:16 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-03-08 02:49 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 20:02 . 2012-01-30 20:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-30 20:00 . 2012-01-30 20:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-30 08:18 . 2011-03-17 05:55 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-01-30 08:18 . 2011-03-17 05:55 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_04.24.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-27 16:41 . 2012-04-27 16:41 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-26 04:23 . 2012-04-26 04:23 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-01-08 08:31 . 2012-04-27 16:20 73678 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-27 16:20 40802 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-08 08:31 . 2012-04-27 16:20 20518 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3387036327-894707209-3877738219-1000_UserData.bin
- 2011-01-08 23:16 . 2012-04-26 04:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-08 23:16 . 2012-04-27 16:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 16:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-26 08:17 . 2012-04-26 08:17 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-01-20 20:00 . 2012-04-26 04:22 5474 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-01-20 20:00 . 2012-04-27 16:41 5474 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-26 04:23 . 2012-04-26 04:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-27 16:42 . 2012-04-27 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-26 04:23 . 2012-04-26 04:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-27 16:42 . 2012-04-27 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-04-27 16:24 669282 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-27 16:24 127650 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-27 16:41 247776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-26 04:22 247776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-26 08:17 . 2012-04-26 08:17 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-01-06 20:04 . 2012-04-27 16:41 1020376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-06 20:04 . 2012-04-09 01:41 1020376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-04-16 22:01 . 2012-04-16 22:01 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-26 08:17 . 2012-04-26 08:17 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-16 22:01 . 2012-04-16 22:01 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-01-17 16:06 . 2012-04-26 04:22 10832817 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3387036327-894707209-3877738219-1000-12288.dat
+ 2011-01-17 16:06 . 2012-04-27 16:41 10832817 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3387036327-894707209-3877738219-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 12:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2012-04-16 53168]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-01 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-03-09 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-08-23 284440]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
.
c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Nathan\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2012-3-25 1273568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2011-10-4 12909928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 hnwpxnke;hnwpxnke;c:\windows\system32\drivers\hnwpxnke.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 ALSysIO;ALSysIO;c:\users\Nathan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-12-18 131912]
R3 dump_wmimmc;dump_wmimmc;k:\nathan- pc\Installed Games\GenesisAD\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [2011-03-04 621632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-04-20 107848]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-08-23 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2011-03-31 454208]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO35
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 06:07]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3387036327-894707209-3877738219-1000Core.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 11:32]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3387036327-894707209-3877738219-1000UA.job
- c:\users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 11:32]
.
2012-04-15 c:\windows\Tasks\HPCeeScheduleForNathan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 12:15]
.
2012-04-27 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 12:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} - hxxp://game.heroesandgenerals.com/retox.ocx
FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\7iwl4l2w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.ftp - 113.192.1.99
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 113.192.1.99
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 113.192.1.99
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 113.192.1.99
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 113.192.1.99
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - a1fe758d-f774-4565-87c6-3ffc6e6b8911
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuz2.dll
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-iMesh 1 MediaBar - c:\program files (x86)\iMesh Applications\MediaBar\uninstall.exe
AddRemove-Vuze_Remote Toolbar - c:\program files (x86)\Vuze_Remote\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3387036327-894707209-3877738219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3387036327-894707209-3877738219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3387036327-894707209-3877738219-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b8,1a,24,b4,6f,9e,ca,5c,89,fc,b0,c2,a2,36,e9,be,64,e3,14,03,64,ea,7e,
59,ec,57,2d,fd,a6,f7,ba,b1,c5,d8,69,41,2c,6c,23,58,7b,a9,56,cd,72,6e,72,d1,\
"??"=hex:a1,53,c8,78,30,e1,ac,65,e1,a8,0d,5f,dc,3e,fc,c2
.
[HKEY_USERS\S-1-5-21-3387036327-894707209-3877738219-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,05,8f,76,88,46,7f,de,3f,f5,63,fb,a5,9a,85,ab,9d,ac,8a,e0,c1,
1e,c4,00,37,c4,4b,87,29,47,c7,a6,9e,38,12,bf,aa,e4,9c,30,11,2b,1a,cb,e7,11,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\KasperskyLab\Sandbox\KLSB1\REGISTRY\USER\S-1-5-21-3387036327-894707209-3877738219-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,8a,be,04,dc,70,4b,78,39,fc,8d,47,b6,a4,58,19,96,ec,98,c4,70,
3b,27,1e,91,08,93,47,c0,e5,48,fe,70,14,0e,20,39,fb,92,76,50,fe,76,f2,da,17,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
.
**************************************************************************
.
Completion time: 2012-04-28 02:49:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 16:49
ComboFix2.txt 2012-04-26 04:32
.
Pre-Run: 287,342,010,368 bytes free
Post-Run: 287,122,264,064 bytes free
.
- - End Of File - - 3090E94492DAAD95D90555F161C862B2

#10 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,575 posts
  • Gender:Male
  • Location:Puerto rico

Posted 27 April 2012 - 12:31 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Rewards Client Installer
DAEMON Tools Toolbar
Java™ 6 Update 25
MediaBar
Vuze
Vuze Remote Toolbar
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#11 n8h79n

n8h79n

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Queensland, Australia

Posted 28 April 2012 - 03:13 PM

Removed

DAEMON Tools Toolbar
Java™ 6 Update 25
MediaBar

Vuze Remote Toolbar i know was removed by Combofix and Bing Rewards Client Installer just couldn't find, Vuze i use frequently so didn't remove.
In Regards to problems only thing was can follow steps up to here

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK

Theres no show results button, the log just came up after clicking Ok and for if close it there is a Tab along top called Log that has all logs listed under anyway so you don't have to go find it. As for computer i think performance has increased a little(opens/does things bit faster) i think.



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nathan :: MR-HP [administrator]

Protection: Enabled

29/04/2012 5:50:02 AM
mbam-log-2012-04-29 (05-50-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277621
Time elapsed: 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:11:30 AM, on 29/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll (file missing)
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - Startup: GameRanger.lnk = Nathan\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5B54751C-0EDB-4CAE-816C-65BCED3FF819} (Retox Control (live)) - http://game.heroesandgenerals.com/retox.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13082 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,575 posts
  • Gender:Male
  • Location:Puerto rico

Posted 28 April 2012 - 06:27 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
      O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - Startup: GameRanger.lnk = Nathan\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
      O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#13 n8h79n

n8h79n

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Queensland, Australia

Posted 29 April 2012 - 12:37 AM

C:\Downloads\Games\Rat.exe Win16/Hoax.BadJoke.MouseShoot.A virus
C:\Downloads\Games\Games\Rat.exe Win16/Hoax.BadJoke.MouseShoot.A virus
C:\Games\Tools\FAMM\FAMM.exe a variant of Win32/Packed.MoleboxUltra application
C:\Program Files (x86)\Cheat Engine 6\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\Cheat Engine 6\dbk32.sys probably a variant of Win32/HackTool.CheatEngine.AA application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Nathan\Desktop\Shortcuts\Dead Space Trainer V2.exe a variant of Win32/GameHack.F application
K:\Nathan- PC\Installed Games\Command & Conquer 3\C & C 3 Trainer 1.09.exe a variant of Win32/GameHack.F application

#14 n8h79n

n8h79n

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Queensland, Australia

Posted 29 April 2012 - 03:04 AM

Should also note that Microsoft Security Essentials seems to have removed Consrv.dll it didn't get Security Essentials encountered the following error: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer. , ill see if it comes back after a reboot though.

#15 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 120,575 posts
  • Gender:Male
  • Location:Puerto rico

Posted 29 April 2012 - 06:21 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Downloads\Games\Rat.exe"
    del /f /s /q "C:\Downloads\Games\Games\Rat.exe"
    del /f /s /q "C:\Games\Tools\FAMM\FAMM.exe"
    del /f /s /q "C:\Program Files (x86)\Cheat Engine 6\cheatengine-i386.exe"
    del /f /s /q "C:\Program Files (x86)\Cheat Engine 6\dbk32.sys"
    del /f /s /q "C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dl"
    del /f /s /q "C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll"
    del /f /s /q "C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll"
    del /f /s /q "C:\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll"
    del /f /s /q "C:\Users\Nathan\Desktop\Shortcuts\Dead Space Trainer V2.exe"
    del /f /s /q "K:\Nathan- PC\Installed Games\Command & Conquer 3\C & C 3 Trainer 1.09.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·