Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

My scvhost.exe & serves.exe are infected AND I have a redirector

Started by Bones667 , Jul 06 2012 07:43 AM

This topic is locked

18 replies to this topic

#1 Bones667

New Member

Members
10 posts

Posted 06 July 2012 - 07:43 AM

I have been working on backing up, scanning, and attempting to restore my computer for the past 16 hours. After finding out that a factory reset was not an option, I attempted to do my best at removing this infection from my computer. So far I have no luck and am requesting help. I have searched this website and found a possible solution, but in part of the description a certain script was made specifically for the victim's pc So therefor I am hoping to get some help.

Symptom #1 : Malwarebytes periodically alerts me that an outgoing attempt was blocked

Part of huge LOG:
206.161.121.123 (Type: outgoing, Port: 60149, Process: svchost.exe)
2012/07/06 06:55:38 -0400 UNCONVENTIONAL Joe IP-BLOCK 206.161.121.124 (Type: outgoing, Port: 60150, Process: svchost.exe)
2012/07/06 06:55:38 -0400 UNCONVENTIONAL Joe IP-BLOCK 206.161.121.126 (Type: outgoing, Port: 60151, Process: svchost.exe)

Symptom #2: AVG Periodically Alerts me about c:\windows\system32\services.exe
Threat name Trojan horse Dropper.Generic_c.MMI

Symptom #3: While using Firefox, I have a google re director, which will redirect my first 2 google searches. It will also occasionally redirect a new window

Symptom#4:

I have used tdsskiller, spybot search and destroy, ccleaner, malwarebytes, and msert to scan and attempt to remove said infections. Each time, (including while in safe mode) have failed.

Please help!

DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Joe at 8:35:20 on 2012-07-06
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -

C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:

\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-

0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-

5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-

0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} -

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-

9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program

Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRunOnce: [PC Tools Security] C:\Users\Joe\Desktop\aaaa\SD_ONL~1.EXE
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

-r
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager

\AsShellApplication.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java

\Java Update\jusched.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding

device initialization" /min "C:\Program Files (x86)\AMD AVT\bin

\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE

\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office

\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\Joe\AppData\Roaming\MICROS~1\Windows

\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter

\Rainmeter.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-

98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-

914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-

9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-

8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-

BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} -

hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/

srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5CD5CC2B-960F-4E87-B2FA-A1998EEF73A4} :

DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E757BBBC-5DE4-4906-BB0C-449695920F63} :

DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program

Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\Program Files (x86)\Microsoft Office

\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:

\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8}

- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program

Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-

52453494e6cd} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -

C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-

8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} -

C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck

\VDeck.exe -r
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager

\AsShellApplication.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files

\Java\Java Update\jusched.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video

Transcoding device initialization" /min "C:\Program Files (x86)\AMD

AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies

\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office

\Office12\GrooveMonitor.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-

52453494E6CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox

\Profiles\l54ld9kz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air

\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR

\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin

\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight

\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins

\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery

\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app

\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Joe\AppData\Local\Google\Update

\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader

\npUnity3D32.dll
FF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins

\npgoogletalk.dll
FF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins

\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-07-06 12:27:01 453896 ----a-w- C:\Windows

\System32\drivers\pctDS64.sys
2012-07-06 12:27:01 1096176 ----a-w- C:\Windows

\System32\drivers\pctEFA64.sys
2012-07-06 12:26:56 426616 ----a-w- C:\Windows

\System32\drivers\PCTCore64.sys
2012-07-06 12:26:54 251528 ----a-w- C:\Windows

\System32\drivers\PCTSD64.sys
2012-07-06 12:26:54 -------- d-----w- C:\Program

Files (x86)\PC Tools
2012-07-06 12:26:54 -------- d-----w- C:\Program

Files (x86)\Common Files\PC Tools
2012-07-06 11:45:02 -------- d-----w- C:\Program

Files (x86)\stinger
2012-07-06 10:51:01 184320 ----a-w- C:\Windows

\System32\cryptsvc.dll
2012-07-06 10:51:01 1462272 ----a-w- C:\Windows

\System32\crypt32.dll
2012-07-06 10:51:01 140288 ----a-w- C:\Windows

\SysWow64\cryptsvc.dll
2012-07-06 10:51:01 140288 ----a-w- C:\Windows

\System32\cryptnet.dll
2012-07-06 10:51:01 1158656 ----a-w- C:\Windows

\SysWow64\crypt32.dll
2012-07-06 10:51:01 103936 ----a-w- C:\Windows

\SysWow64\cryptnet.dll
2012-07-06 10:50:43 1544704 ----a-w- C:\Windows

\System32\DWrite.dll
2012-07-06 10:50:43 1077248 ----a-w- C:\Windows

\SysWow64\DWrite.dll
2012-07-06 10:50:41 5559664 ----a-w- C:\Windows

\System32\ntoskrnl.exe
2012-07-06 10:50:41 3913072 ----a-w- C:\Windows

\SysWow64\ntoskrnl.exe
2012-07-06 10:50:40 3968368 ----a-w- C:\Windows

\SysWow64\ntkrnlpa.exe
2012-07-06 10:50:39 9216 ----a-w- C:\Windows

\System32\rdrmemptylst.exe
2012-07-06 10:50:39 77312 ----a-w- C:\Windows

\System32\rdpwsx.dll
2012-07-06 10:50:39 149504 ----a-w- C:\Windows

\System32\rdpcorekmts.dll
2012-07-06 10:50:38 210944 ----a-w- C:\Windows

\System32\drivers\rdpwd.sys
2012-07-06 10:50:01 3146752 ----a-w- C:\Windows

\System32\win32k.sys
2012-07-06 10:49:56 209920 ----a-w- C:\Windows

\System32\profsvc.dll
2012-07-06 10:49:55 3216384 ----a-w- C:\Windows

\System32\msi.dll
2012-07-06 10:49:55 2342400 ----a-w- C:\Windows

\SysWow64\msi.dll
2012-07-06 10:49:53 75120 ----a-w- C:\Windows

\System32\drivers\partmgr.sys
2012-07-06 10:48:32 936960 ----a-w- C:\Program Files

(x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-06 10:48:32 1732096 ----a-w- C:\Program Files

\Windows Journal\NBDoc.DLL
2012-07-06 10:48:32 1402880 ----a-w- C:\Program Files

\Windows Journal\JNWDRV.dll
2012-07-06 10:48:32 1393664 ----a-w- C:\Program Files

\Windows Journal\JNTFiltr.dll
2012-07-06 10:48:32 1367552 ----a-w- C:\Program Files

\Common Files\Microsoft Shared\ink\journal.dll
2012-07-06 10:47:46 1918320 ----a-w- C:\Windows

\System32\drivers\tcpip.sys
2012-07-06 10:43:20 2622464 ----a-w- C:\Windows

\System32\wucltux.dll
2012-07-06 10:43:10 99840 ----a-w- C:\Windows

\System32\wudriver.dll
2012-07-06 10:42:55 36864 ----a-w- C:\Windows

\System32\wuapp.exe
2012-07-06 10:42:55 186752 ----a-w- C:\Windows

\System32\wuwebv.dll
2012-07-06 09:52:18 328704 ----a-w- C:\Windows

\System32\services.exe.6AE654C46EB61281
2012-07-06 06:46:42 24904 ----a-w- C:\Windows

\System32\drivers\mbam.sys
2012-07-06 06:46:42 -------- d-----w- C:\Program

Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 21:12:54 -------- d-----w- C:

\TDSSKiller_Quarantine
2012-07-05 21:10:02 -------- d-----w- C:\Program

Files\CCleaner
2012-07-05 16:27:14 -------- d-sh--w- C:\Windows

\SysWow64\%APPDATA%
2012-07-05 12:51:13 -------- d-----w- C:\Users\Joe

\AppData\Local\Ventrilo
2012-07-03 18:48:15 -------- d-----w- C:\Users\Joe

\AppData\Local\Macromedia
2012-07-03 18:37:15 -------- d-----w- C:\Users\Joe

\AppData\Roaming\AVG2012
2012-07-03 10:01:52 -------- d-----w- C:\Windows

\SysWow64\drivers\AVG
2012-07-03 10:01:29 -------- d--h--w- C:\$AVG
2012-07-03 10:01:28 -------- d-----w- C:\Windows

\System32\drivers\AVG
2012-07-03 10:01:28 -------- d-----w- C:

\ProgramData\AVG2012
2012-07-03 10:00:56 -------- d-----w- C:\Program

Files (x86)\AVG
2012-07-03 09:56:28 -------- d--h--w- C:

\ProgramData\Common Files
2012-07-03 09:56:18 -------- d-----w- C:

\ProgramData\MFAData
2012-06-30 06:20:18 9013136 ----a-w- C:\ProgramData

\Microsoft\Windows Defender\Definition Updates\{A5D99162-BDF9-40FD-

8165-E1288575D272}\mpengine.dll
2012-06-19 21:35:14 4967624 ----a-w- C:\Program Files

(x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-

43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-13 05:34:07 -------- d-----w- C:\Program

Files\Ventrilo
2012-06-13 03:32:36 -------- d-----r- C:\Program

Files (x86)\Skype
2012-06-06 22:12:04 770384 ----a-w- C:\Program Files

(x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 22:12:04 421200 ----a-w- C:\Program Files

(x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 17:32:36 -------- d-----w- C:\Users\Joe

\AppData\Local\{7CB32B13-730F-4439-A42D-1577072A11B3}
2012-06-06 17:32:00 -------- d-----w- C:\Users\Joe

\AppData\Local\{B739C330-CB7E-4AB0-A4ED-BAA2A498A2E5}
.
==================== Find3M ====================
.
2012-07-05 17:58:01 70344 ----a-w- C:\Windows

\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 17:58:01 426184 ----a-w- C:\Windows

\SysWow64\FlashPlayerApp.exe
2012-05-31 20:53:35 281288 ----a-w- C:\Windows

\SysWow64\PnkBstrB.xtr
2012-05-31 20:53:35 281288 ----a-w- C:\Windows

\SysWow64\PnkBstrB.exe
2012-05-31 08:04:08 281288 ----a-w- C:\Windows

\SysWow64\PnkBstrB.ex0
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows

\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows

\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows

\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows

\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows

\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows

\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows

\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows

\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows

\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows

\SysWow64\mshtml.tlb
2012-05-06 20:48:36 76888 ----a-w- C:\Windows

\SysWow64\PnkBstrA.exe
2012-04-19 08:50:26 28480 ----a-w- C:\Windows

\System32\drivers\avgidsha.sys
2012-04-17 16:07:56 27256 ----a-w- C:\Windows

\System32\drivers\FixZeroAccess.sys
2012-04-17 13:40:38 0 --sha-w- C:\Windows

\System32\dds_trash_log.cmd
.
============= FINISH: 8:36:34.43 ===============

Edited by Bones667, 06 July 2012 - 07:44 AM.

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 06 July 2012 - 07:46 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 Bones667

New Member

Members
10 posts

Posted 06 July 2012 - 09:17 AM

So far my computer has been running normally, while doing what was told on instructions. I've checked online and so far no trace of any infection. Malwarebytes and AVG are now running and so far I am not getting any periodic (every 1-5minutes or so) warning from any AV software. I've also checked my access to windows firewall, I have complete access and it is now on! Here are the logs you have requested...

EDIT: I am not sure if this is an over sensitive security setting, but Malwarebytes has blocked a malicious attempt:
2012/07/06 10:21:21 -0400 UNCONVENTIONAL Joe IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49265, Process: utorrent.exe)
2012/07/06 10:23:30 -0400 UNCONVENTIONAL Joe IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49316, Process: utorrent.exe)

////////////
Check up
///////////

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

////////////////
combofix
////////////////

ComboFix 12-07-06.01 - Joe 07/06/2012 9:50.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6554 [GMT -4:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Joe\AppData\Roaming\Local
c:\users\Joe\AppData\Roaming\Local\FalloutNV\Fallout.ini
c:\users\Joe\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini
c:\users\Joe\AppData\Roaming\Local\FalloutNV\NVDLCList.txt
c:\users\Joe\AppData\Roaming\Local\FalloutNV\plugins.txt
c:\users\Joe\AppData\Roaming\Local\FalloutNV\RendererInfo.txt
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\@
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L\00000004.@
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L\1afb2d56
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\L\201d3dde
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\00000004.@
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\00000008.@
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\000000cb.@
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\80000000.@
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\80000032.@
c:\windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\80000064.@
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 13:58 . 2012-07-06 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 12:56 . 2012-07-06 12:56 181000 ----a-w- c:\windows\system32\drivers\pctplfw64.sys
2012-07-06 12:56 . 2012-07-06 12:56 123808 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2012-07-06 12:53 . 2012-07-06 12:53 -------- d-----w- c:\program files (x86)\uTorrent
2012-07-06 12:52 . 2012-07-06 12:58 -------- d-----w- c:\users\Joe\AppData\Roaming\uTorrent
2012-07-06 12:39 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-06 12:39 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-06 12:39 . 2012-06-14 16:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-06 12:39 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-06 12:39 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-06 12:39 . 2012-05-11 15:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-07-06 12:39 . 2012-05-11 15:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-07-06 12:39 . 2012-05-11 15:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-07-06 12:39 . 2012-05-11 15:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-07-06 12:39 . 2012-07-06 12:39 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-06 12:27 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-07-06 12:27 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-07-06 12:26 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-07-06 12:26 . 2012-07-06 12:55 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-06 12:26 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-06 11:45 . 2012-07-06 12:21 -------- d-----w- c:\program files (x86)\stinger
2012-07-06 10:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-06 10:51 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-06 10:51 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-06 10:51 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-06 10:51 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-06 10:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-07-06 10:50 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-07-06 10:50 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-06 10:50 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-06 10:50 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-07-06 10:50 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-06 10:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-06 10:50 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-06 10:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-06 10:50 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-06 10:50 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 10:49 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-06 10:49 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-06 10:49 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-06 10:49 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-06 10:48 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-06 10:48 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-06 10:48 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-06 10:48 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-06 10:48 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-06 10:47 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-06 10:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-06 10:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-06 10:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-06 10:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-06 10:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-06 10:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-06 10:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-06 10:42 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-06 10:42 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-06 09:52 . 2012-07-06 09:52 328704 ----a-w- c:\windows\system32\services.exe.6AE654C46EB61281
2012-07-06 06:46 . 2012-07-06 06:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 06:46 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 21:12 . 2012-07-06 09:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-05 21:10 . 2012-07-05 21:10 -------- d-----w- c:\program files\CCleaner
2012-07-05 16:27 . 2012-07-05 16:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-05 12:51 . 2012-07-05 12:51 -------- d-----w- c:\users\Joe\AppData\Local\Ventrilo
2012-07-03 18:48 . 2012-07-03 18:48 -------- d-----w- c:\users\Joe\AppData\Local\Macromedia
2012-07-03 18:37 . 2012-07-03 18:37 -------- d-----w- c:\users\Joe\AppData\Roaming\AVG2012
2012-07-03 10:01 . 2012-07-03 10:01 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-03 10:01 . 2012-07-03 10:01 -------- d-----w- C:\$AVG
2012-07-03 10:01 . 2012-07-05 13:27 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-03 10:01 . 2012-07-04 06:45 -------- d-----w- c:\programdata\AVG2012
2012-07-03 10:00 . 2012-07-03 10:00 -------- d-----w- c:\program files (x86)\AVG
2012-07-03 09:56 . 2012-07-03 09:56 -------- d--h--w- c:\programdata\Common Files
2012-07-03 09:56 . 2012-07-06 11:43 -------- d-----w- c:\programdata\MFAData
2012-06-30 06:20 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5D99162-BDF9-40FD-8165-E1288575D272}\mpengine.dll
2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-17 01:16 . 2012-06-17 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 01:16 . 2012-06-17 01:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-13 05:34 . 2012-07-05 21:14 -------- d-----w- c:\users\Joe\AppData\Roaming\Ventrilo
2012-06-13 05:34 . 2012-06-13 05:34 -------- d-----w- c:\program files\Ventrilo
2012-06-13 03:32 . 2012-06-13 07:32 -------- d-----w- c:\users\Joe\AppData\Roaming\Skype
2012-06-13 03:32 . 2012-06-13 03:33 -------- d-----r- c:\program files (x86)\Skype
2012-06-13 03:32 . 2012-06-13 03:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-13 03:32 . 2012-06-27 14:28 -------- d-----w- c:\programdata\Skype
2012-06-06 22:12 . 2012-06-06 22:12 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 22:12 . 2012-06-06 22:12 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 17:58 . 2012-04-09 13:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 17:58 . 2011-09-12 14:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 15:03 . 2012-07-06 12:39 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 15:03 . 2012-07-06 12:39 131 ----a-w- c:\windows\IDB.zip
2012-05-31 20:53 . 2012-02-22 16:25 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-31 20:53 . 2011-12-14 13:11 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-31 08:04 . 2011-12-14 13:11 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-30 21:05 . 2012-05-30 21:05 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-06 20:48 . 2011-12-14 13:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-17 16:07 . 2012-04-17 16:07 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-11-10 234040]
R3 ALSysIO;ALSysIO;c:\users\Joe\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 FoxAwdWINFLASH;FoxAwdWINFLASH;c:\program files (x86)\Foxconn\Fox DMI\FoxAwdWINFLASH64.sys [2008-12-19 17808]
R3 FXDrv32;FXDrv32;D:\FXDrv64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-20 702976]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896]
R3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys [2011-07-13 45160]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-02-14 350096]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-14 575448]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 13:28]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 13:28]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919909691-3227023766-3484066574-1000Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 16:48]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919909691-3227023766-3484066574-1000UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 16:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 9642528]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
xfactorae1
w200mdfl
epson_pm_rpcv2_02
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\l54ld9kz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a4,f6,5a,1a,24,58,cd,01
.
[HKEY_USERS\S-1-5-21-1919909691-3227023766-3484066574-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,91,01,99,7f,af,c1,af,5c,80,ed,31,e3,66,be,76,45,b4,66,50,f7,
40,3e,e3,d8,8b,d1,6b,0f,e3,f1,e3,ca,63,bb,97,7b,6a,47,64,f5,02,0b,bf,5d,5c,\
"rkeysecu"=hex:c1,de,3a,7d,5c,b8,ea,fa,88,92,83,f2,95,ca,03,3c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:04,bb,1a,dd,d2,45,25,2b,97,5a,b7,07,f0,53,da,ed,41,14,d5,0c,ce,
1c,10,b8,c2,c9,50,bf,10,1a,4e,6d,2b,17,cb,da,6d,54,20,25,81,a6,67,89,4a,06,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:04,bb,1a,dd,d2,45,25,2b,97,5a,b7,07,f0,53,da,ed,41,14,d5,0c,ce,
1c,10,b8,c2,c9,50,bf,10,1a,4e,6d,2b,17,cb,da,6d,54,20,25,81,a6,67,89,4a,06,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-06 10:05:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 14:05
.
Pre-Run: 829,961,117,696 bytes free
Post-Run: 829,794,029,568 bytes free
.
- - End Of File - - 006DD906CA4C51F94EF96CFB0C0C7E68

Edited by Bones667, 06 July 2012 - 09:25 AM.

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 06 July 2012 - 10:29 AM

Greetings

2012/07/06 10:21:21 -0400 UNCONVENTIONAL Joe IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49265, Process: utorrent.exe)
2012/07/06 10:23:30 -0400 UNCONVENTIONAL Joe IP-BLOCK 67.215.246.204 (Type: outgoing, Port: 49316, Process: utorrent.exe)

This is normal and will continue to get these warnings as utorrent continues to access dangerous ip addresses

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#5 Bones667

New Member

Members
10 posts

Posted 06 July 2012 - 11:47 AM

So far my computer is acting normal. No signs of infection.

12:29:34.0901 5264 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
12:29:35.0447 5264 ============================================================
12:29:35.0447 5264 Current date / time: 2012/07/06 12:29:35.0447
12:29:35.0447 5264 SystemInfo:
12:29:35.0447 5264
12:29:35.0447 5264 OS Version: 6.1.7601 ServicePack: 1.0
12:29:35.0447 5264 Product type: Workstation
12:29:35.0447 5264 ComputerName: UNCONVENTIONAL
12:29:35.0447 5264 UserName: Joe
12:29:35.0447 5264 Windows directory: C:\Windows
12:29:35.0447 5264 System windows directory: C:\Windows
12:29:35.0447 5264 Running under WOW64
12:29:35.0447 5264 Processor architecture: Intel x64
12:29:35.0447 5264 Number of processors: 4
12:29:35.0447 5264 Page size: 0x1000
12:29:35.0447 5264 Boot type: Normal boot
12:29:35.0447 5264 ============================================================
12:29:36.0742 5264 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:37.0303 5264 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:37.0319 5264 Drive \Device\Harddisk2\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:29:39.0347 5264 Drive \Device\Harddisk3\DR4 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:29:39.0643 5264 ============================================================
12:29:39.0643 5264 \Device\Harddisk0\DR0:
12:29:39.0643 5264 MBR partitions:
12:29:39.0643 5264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1394800, BlocksNum 0x73371000
12:29:39.0643 5264 \Device\Harddisk1\DR1:
12:29:39.0643 5264 MBR partitions:
12:29:39.0643 5264 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
12:29:39.0643 5264 \Device\Harddisk2\DR3:
12:29:39.0690 5264 MBR partitions:
12:29:39.0690 5264 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
12:29:39.0690 5264 \Device\Harddisk3\DR4:
12:29:39.0706 5264 MBR partitions:
12:29:39.0706 5264 ============================================================
12:29:39.0737 5264 C: <-> \Device\Harddisk0\DR0\Partition0
12:29:39.0737 5264 E: <-> \Device\Harddisk2\DR3\Partition0
12:29:39.0768 5264 G: <-> \Device\Harddisk1\DR1\Partition0
12:29:39.0768 5264 ============================================================
12:29:39.0768 5264 Initialize success
12:29:39.0768 5264 ============================================================
12:29:43.0996 4604 ============================================================
12:29:43.0996 4604 Scan started
12:29:43.0996 4604 Mode: Manual;
12:29:43.0996 4604 ============================================================
12:29:44.0869 4604 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
12:29:44.0885 4604 1394ohci - ok
12:29:44.0947 4604 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
12:29:44.0947 4604 61883 - ok
12:29:45.0010 4604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:29:45.0025 4604 ACPI - ok
12:29:45.0041 4604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:29:45.0041 4604 AcpiPmi - ok
12:29:45.0119 4604 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:29:45.0119 4604 AdobeARMservice - ok
12:29:45.0150 4604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:29:45.0166 4604 adp94xx - ok
12:29:45.0197 4604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:29:45.0197 4604 adpahci - ok
12:29:45.0213 4604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:29:45.0228 4604 adpu320 - ok
12:29:45.0244 4604 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:29:45.0244 4604 AeLookupSvc - ok
12:29:45.0322 4604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:29:45.0337 4604 AFD - ok
12:29:45.0369 4604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:29:45.0369 4604 agp440 - ok
12:29:45.0384 4604 ahcix64s (4b4c16b50fdcd6b5cd21721eda2ed54c) C:\Windows\system32\drivers\ahcix64s.sys
12:29:45.0384 4604 ahcix64s - ok
12:29:45.0400 4604 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:29:45.0400 4604 ALG - ok
12:29:45.0415 4604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:29:45.0415 4604 aliide - ok
12:29:45.0509 4604 ALSysIO - ok
12:29:45.0587 4604 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
12:29:45.0587 4604 AMD External Events Utility - ok
12:29:45.0712 4604 AMD FUEL Service - ok
12:29:45.0727 4604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:29:45.0727 4604 amdide - ok
12:29:45.0759 4604 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
12:29:45.0759 4604 amdiox64 - ok
12:29:45.0774 4604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:29:45.0774 4604 AmdK8 - ok
12:29:46.0242 4604 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
12:29:46.0398 4604 amdkmdag - ok
12:29:46.0835 4604 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
12:29:46.0851 4604 amdkmdap - ok
12:29:46.0866 4604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:29:46.0882 4604 AmdPPM - ok
12:29:46.0897 4604 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\drivers\amdsata.sys
12:29:46.0897 4604 amdsata - ok
12:29:46.0929 4604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:29:46.0929 4604 amdsbs - ok
12:29:46.0960 4604 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\drivers\amdxata.sys
12:29:46.0960 4604 amdxata - ok
12:29:46.0991 4604 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:29:46.0991 4604 AODDriver4.01 - ok
12:29:47.0038 4604 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:29:47.0038 4604 AODDriver4.1 - ok
12:29:47.0085 4604 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:29:47.0085 4604 AppID - ok
12:29:47.0116 4604 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:29:47.0116 4604 AppIDSvc - ok
12:29:47.0131 4604 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:29:47.0131 4604 Appinfo - ok
12:29:47.0241 4604 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:29:47.0241 4604 Apple Mobile Device - ok
12:29:47.0303 4604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:29:47.0303 4604 arc - ok
12:29:47.0319 4604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:29:47.0334 4604 arcsas - ok
12:29:47.0443 4604 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys
12:29:47.0443 4604 ASInsHelp - ok
12:29:47.0459 4604 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
12:29:47.0459 4604 AsIO - ok
12:29:47.0615 4604 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:29:47.0615 4604 aspnet_state - ok
12:29:47.0631 4604 AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
12:29:47.0631 4604 AsUpIO - ok
12:29:47.0693 4604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:47.0693 4604 AsyncMac - ok
12:29:47.0693 4604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:29:47.0693 4604 atapi - ok
12:29:47.0787 4604 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
12:29:47.0787 4604 AtiHDAudioService - ok
12:29:47.0849 4604 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
12:29:47.0849 4604 AtiHdmiService - ok
12:29:48.0177 4604 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
12:29:48.0223 4604 atikmdag - ok
12:29:48.0364 4604 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\drivers\AtiPcie.sys
12:29:48.0364 4604 AtiPcie - ok
12:29:48.0457 4604 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:29:48.0457 4604 AudioEndpointBuilder - ok
12:29:48.0473 4604 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:29:48.0489 4604 AudioSrv - ok
12:29:48.0535 4604 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
12:29:48.0535 4604 Avc - ok
12:29:48.0847 4604 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
12:29:48.0879 4604 AVGIDSAgent - ok
12:29:48.0941 4604 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:29:48.0957 4604 AVGIDSDriver - ok
12:29:48.0972 4604 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:29:48.0972 4604 AVGIDSFilter - ok
12:29:48.0988 4604 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:29:48.0988 4604 AVGIDSHA - ok
12:29:49.0019 4604 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:29:49.0019 4604 Avgldx64 - ok
12:29:49.0050 4604 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:29:49.0066 4604 Avgmfx64 - ok
12:29:49.0097 4604 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:29:49.0113 4604 Avgrkx64 - ok
12:29:49.0144 4604 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:29:49.0159 4604 Avgtdia - ok
12:29:49.0191 4604 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:29:49.0206 4604 avgwd - ok
12:29:49.0253 4604 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:29:49.0269 4604 AxInstSV - ok
12:29:49.0362 4604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:29:49.0362 4604 b06bdrv - ok
12:29:49.0440 4604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:29:49.0440 4604 b57nd60a - ok
12:29:49.0487 4604 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:29:49.0503 4604 BDESVC - ok
12:29:49.0518 4604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:29:49.0518 4604 Beep - ok
12:29:49.0596 4604 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:29:49.0596 4604 BFE - ok
12:29:49.0643 4604 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:29:49.0643 4604 BITS - ok
12:29:49.0721 4604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
12:29:49.0721 4604 blbdrive - ok
12:29:49.0815 4604 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:29:49.0830 4604 Bonjour Service - ok
12:29:49.0877 4604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:29:49.0877 4604 bowser - ok
12:29:49.0908 4604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:29:49.0908 4604 BrFiltLo - ok
12:29:49.0924 4604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:29:49.0924 4604 BrFiltUp - ok
12:29:49.0939 4604 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:29:49.0939 4604 BridgeMP - ok
12:29:49.0955 4604 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:29:49.0955 4604 Browser - ok
12:29:50.0095 4604 Browser Defender Update Service (ce37210c345f6c8b019625a1fbc8a011) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
12:29:50.0095 4604 Browser Defender Update Service - ok
12:29:50.0127 4604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:29:50.0127 4604 Brserid - ok
12:29:50.0142 4604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:50.0142 4604 BrSerWdm - ok
12:29:50.0158 4604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:50.0173 4604 BrUsbMdm - ok
12:29:50.0173 4604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:50.0173 4604 BrUsbSer - ok
12:29:50.0189 4604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:29:50.0189 4604 BTHMODEM - ok
12:29:50.0236 4604 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:29:50.0251 4604 bthserv - ok
12:29:50.0283 4604 catchme - ok
12:29:50.0361 4604 cbfs3 (33b5464f4beba8b0d7d0856dccd7bee1) C:\Windows\system32\drivers\cbfs3.sys
12:29:50.0361 4604 cbfs3 - ok
12:29:50.0376 4604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:50.0376 4604 cdfs - ok
12:29:50.0439 4604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:29:50.0439 4604 cdrom - ok
12:29:50.0454 4604 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:29:50.0454 4604 CertPropSvc - ok
12:29:50.0470 4604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:29:50.0470 4604 circlass - ok
12:29:50.0501 4604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:29:50.0501 4604 CLFS - ok
12:29:50.0548 4604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:29:50.0548 4604 clr_optimization_v2.0.50727_32 - ok
12:29:50.0595 4604 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:29:50.0595 4604 clr_optimization_v2.0.50727_64 - ok
12:29:50.0673 4604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:29:50.0673 4604 clr_optimization_v4.0.30319_32 - ok
12:29:50.0688 4604 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:29:50.0688 4604 clr_optimization_v4.0.30319_64 - ok
12:29:50.0704 4604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:29:50.0704 4604 CmBatt - ok
12:29:50.0719 4604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:29:50.0719 4604 cmdide - ok
12:29:50.0751 4604 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:29:50.0751 4604 CNG - ok
12:29:50.0766 4604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:29:50.0766 4604 Compbatt - ok
12:29:50.0829 4604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:29:50.0829 4604 CompositeBus - ok
12:29:50.0844 4604 COMSysApp - ok
12:29:50.0891 4604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:29:50.0891 4604 crcdisk - ok
12:29:50.0938 4604 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:29:50.0938 4604 CryptSvc - ok
12:29:51.0000 4604 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
12:29:51.0000 4604 dc3d - ok
12:29:51.0047 4604 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:29:51.0063 4604 DcomLaunch - ok
12:29:51.0094 4604 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:29:51.0109 4604 defragsvc - ok
12:29:51.0172 4604 Device Handle Service (0a403702cb00432ac818523cd416bf67) C:\Windows\SysWOW64\AsHookDevice.exe
12:29:51.0172 4604 Device Handle Service - ok
12:29:51.0203 4604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:29:51.0203 4604 DfsC - ok
12:29:51.0234 4604 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:29:51.0250 4604 Dhcp - ok
12:29:51.0250 4604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:29:51.0250 4604 discache - ok
12:29:51.0312 4604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:29:51.0312 4604 Disk - ok
12:29:51.0328 4604 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:29:51.0328 4604 Dnscache - ok
12:29:51.0328 4604 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:29:51.0343 4604 dot3svc - ok
12:29:51.0390 4604 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:29:51.0390 4604 Dot4 - ok
12:29:51.0453 4604 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:29:51.0453 4604 Dot4Print - ok
12:29:51.0468 4604 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:29:51.0468 4604 dot4usb - ok
12:29:51.0484 4604 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:29:51.0484 4604 DPS - ok
12:29:51.0531 4604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:29:51.0546 4604 drmkaud - ok
12:29:51.0593 4604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:51.0609 4604 DXGKrnl - ok
12:29:51.0609 4604 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:29:51.0609 4604 EapHost - ok
12:29:51.0702 4604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:29:51.0749 4604 ebdrv - ok
12:29:51.0843 4604 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:29:51.0843 4604 EFS - ok
12:29:51.0905 4604 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:29:51.0905 4604 ehRecvr - ok
12:29:51.0967 4604 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:29:51.0967 4604 ehSched - ok
12:29:52.0077 4604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:29:52.0077 4604 elxstor - ok
12:29:52.0108 4604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:29:52.0108 4604 ErrDev - ok
12:29:52.0139 4604 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:29:52.0139 4604 EventSystem - ok
12:29:52.0155 4604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:29:52.0155 4604 exfat - ok
12:29:52.0170 4604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:29:52.0170 4604 fastfat - ok
12:29:52.0248 4604 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:29:52.0248 4604 Fax - ok
12:29:52.0264 4604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:29:52.0264 4604 fdc - ok
12:29:52.0279 4604 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:29:52.0279 4604 fdPHost - ok
12:29:52.0279 4604 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:29:52.0279 4604 FDResPub - ok
12:29:52.0295 4604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:29:52.0295 4604 FileInfo - ok
12:29:52.0295 4604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:29:52.0295 4604 Filetrace - ok
12:29:52.0311 4604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:29:52.0311 4604 flpydisk - ok
12:29:52.0342 4604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:29:52.0342 4604 FltMgr - ok
12:29:52.0373 4604 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:29:52.0404 4604 FontCache - ok
12:29:52.0451 4604 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:29:52.0451 4604 FontCache3.0.0.0 - ok
12:29:52.0545 4604 FoxAwdWINFLASH (be1f0854241eb3cae8ae8ba846c9467a) C:\Program Files (x86)\Foxconn\Fox DMI\FoxAwdWINFLASH64.sys
12:29:52.0545 4604 FoxAwdWINFLASH - ok
12:29:52.0607 4604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:29:52.0607 4604 FsDepends - ok
12:29:52.0685 4604 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
12:29:52.0685 4604 fssfltr - ok
12:29:52.0779 4604 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:29:52.0794 4604 fsssvc - ok
12:29:52.0857 4604 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:52.0857 4604 Fs_Rec - ok
12:29:52.0966 4604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:52.0966 4604 fvevol - ok
12:29:52.0997 4604 FXDrv32 - ok
12:29:53.0059 4604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:29:53.0075 4604 gagp30kx - ok
12:29:53.0091 4604 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:29:53.0106 4604 GEARAspiWDM - ok
12:29:53.0153 4604 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:29:53.0169 4604 gpsvc - ok
12:29:53.0262 4604 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:29:53.0262 4604 gupdate - ok
12:29:53.0309 4604 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:29:53.0309 4604 gupdatem - ok
12:29:53.0340 4604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:29:53.0340 4604 hcw85cir - ok
12:29:53.0403 4604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:29:53.0418 4604 HdAudAddService - ok
12:29:53.0465 4604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:29:53.0465 4604 HDAudBus - ok
12:29:53.0481 4604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:29:53.0496 4604 HidBatt - ok
12:29:53.0512 4604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:29:53.0512 4604 HidBth - ok
12:29:53.0543 4604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:29:53.0543 4604 HidIr - ok
12:29:53.0559 4604 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:29:53.0559 4604 hidserv - ok
12:29:53.0605 4604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:53.0605 4604 HidUsb - ok
12:29:53.0621 4604 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:29:53.0637 4604 hkmsvc - ok
12:29:53.0652 4604 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:29:53.0652 4604 HomeGroupListener - ok
12:29:53.0668 4604 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:29:53.0668 4604 HomeGroupProvider - ok
12:29:53.0699 4604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:29:53.0699 4604 HpSAMD - ok
12:29:53.0902 4604 HPSLPSVC (4f6c514b6149e380b8c1edeac3d7aec5) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:29:53.0917 4604 HPSLPSVC - ok
12:29:53.0964 4604 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:29:53.0980 4604 HTCAND64 - ok
12:29:54.0042 4604 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
12:29:54.0042 4604 htcnprot - ok
12:29:54.0136 4604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:29:54.0151 4604 HTTP - ok
12:29:54.0167 4604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:29:54.0167 4604 hwpolicy - ok
12:29:54.0214 4604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:29:54.0214 4604 i8042prt - ok
12:29:54.0276 4604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:29:54.0276 4604 iaStorV - ok
12:29:54.0323 4604 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:29:54.0339 4604 IDriverT - ok
12:29:54.0432 4604 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:29:54.0448 4604 idsvc - ok
12:29:54.0495 4604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:29:54.0510 4604 iirsp - ok
12:29:54.0557 4604 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:29:54.0573 4604 IKEEXT - ok
12:29:54.0760 4604 IntcAzAudAddService (dcf6afba140af3f880a427c2656be44d) C:\Windows\system32\drivers\RTKVHD64.sys
12:29:54.0775 4604 IntcAzAudAddService - ok
12:29:54.0822 4604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:29:54.0838 4604 intelide - ok
12:29:54.0885 4604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
12:29:54.0885 4604 intelppm - ok
12:29:54.0900 4604 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:29:54.0900 4604 IPBusEnum - ok
12:29:54.0900 4604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:54.0916 4604 IpFilterDriver - ok
12:29:54.0963 4604 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:29:54.0963 4604 iphlpsvc - ok
12:29:54.0978 4604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:29:54.0978 4604 IPMIDRV - ok
12:29:54.0994 4604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:29:54.0994 4604 IPNAT - ok
12:29:55.0103 4604 iPod Service (9b812a3484d89eb934982d67fb7d9313) C:\Program Files\iPod\bin\iPodService.exe
12:29:55.0119 4604 iPod Service - ok
12:29:55.0165 4604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:29:55.0165 4604 IRENUM - ok
12:29:55.0181 4604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:29:55.0181 4604 isapnp - ok
12:29:55.0197 4604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:29:55.0212 4604 iScsiPrt - ok
12:29:55.0228 4604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:55.0228 4604 kbdclass - ok
12:29:55.0228 4604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:55.0228 4604 kbdhid - ok
12:29:55.0243 4604 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:55.0243 4604 KeyIso - ok
12:29:55.0259 4604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:29:55.0259 4604 KSecDD - ok
12:29:55.0275 4604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:29:55.0275 4604 KSecPkg - ok
12:29:55.0290 4604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:29:55.0290 4604 ksthunk - ok
12:29:55.0306 4604 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:29:55.0306 4604 KtmRm - ok
12:29:55.0368 4604 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:29:55.0368 4604 L1C - ok
12:29:55.0446 4604 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:29:55.0462 4604 LanmanServer - ok
12:29:55.0477 4604 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:29:55.0477 4604 LanmanWorkstation - ok
12:29:55.0540 4604 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
12:29:55.0555 4604 LGBusEnum - ok
12:29:55.0602 4604 LGSHidFilt (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
12:29:55.0602 4604 LGSHidFilt - ok
12:29:55.0618 4604 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
12:29:55.0618 4604 LGVirHid - ok
12:29:55.0680 4604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:55.0680 4604 lltdio - ok
12:29:55.0711 4604 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:29:55.0711 4604 lltdsvc - ok
12:29:55.0743 4604 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:29:55.0743 4604 lmhosts - ok
12:29:55.0805 4604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:29:55.0805 4604 LSI_FC - ok
12:29:55.0836 4604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:29:55.0836 4604 LSI_SAS - ok
12:29:55.0852 4604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:29:55.0852 4604 LSI_SAS2 - ok
12:29:55.0883 4604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:29:55.0883 4604 LSI_SCSI - ok
12:29:55.0914 4604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:29:55.0914 4604 luafv - ok
12:29:55.0992 4604 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:29:55.0992 4604 MBAMProtector - ok
12:29:56.0055 4604 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:29:56.0070 4604 MBAMService - ok
12:29:56.0101 4604 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:29:56.0101 4604 Mcx2Svc - ok
12:29:56.0117 4604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:29:56.0133 4604 megasas - ok
12:29:56.0148 4604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:29:56.0164 4604 MegaSR - ok
12:29:56.0257 4604 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:29:56.0257 4604 Microsoft Office Groove Audit Service - ok
12:29:56.0273 4604 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:29:56.0289 4604 MMCSS - ok
12:29:56.0304 4604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:29:56.0304 4604 Modem - ok
12:29:56.0351 4604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:29:56.0351 4604 monitor - ok
12:29:56.0413 4604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:29:56.0413 4604 mouclass - ok
12:29:56.0429 4604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:56.0429 4604 mouhid - ok
12:29:56.0445 4604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:29:56.0445 4604 mountmgr - ok
12:29:56.0507 4604 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:29:56.0523 4604 MozillaMaintenance - ok
12:29:56.0538 4604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:29:56.0538 4604 mpio - ok
12:29:56.0569 4604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:29:56.0569 4604 mpsdrv - ok
12:29:56.0679 4604 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:29:56.0694 4604 MpsSvc - ok
12:29:56.0725 4604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:29:56.0725 4604 MRxDAV - ok
12:29:56.0741 4604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:56.0741 4604 mrxsmb - ok
12:29:56.0757 4604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:56.0757 4604 mrxsmb10 - ok
12:29:56.0772 4604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:56.0772 4604 mrxsmb20 - ok
12:29:56.0788 4604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:29:56.0788 4604 msahci - ok
12:29:56.0819 4604 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:29:56.0819 4604 msdsm - ok
12:29:56.0850 4604 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:29:56.0850 4604 MSDTC - ok
12:29:56.0975 4604 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
12:29:56.0991 4604 MSDV - ok
12:29:57.0006 4604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:29:57.0022 4604 Msfs - ok
12:29:57.0037 4604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:29:57.0053 4604 mshidkmdf - ok
12:29:57.0084 4604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:29:57.0084 4604 msisadrv - ok
12:29:57.0131 4604 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:29:57.0131 4604 MSiSCSI - ok
12:29:57.0147 4604 msiserver - ok
12:29:57.0193 4604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:57.0193 4604 MSKSSRV - ok
12:29:57.0209 4604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:57.0209 4604 MSPCLOCK - ok
12:29:57.0256 4604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:29:57.0256 4604 MSPQM - ok
12:29:57.0287 4604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:29:57.0287 4604 MsRPC - ok
12:29:57.0318 4604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:29:57.0318 4604 mssmbios - ok
12:29:57.0334 4604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:29:57.0334 4604 MSTEE - ok
12:29:57.0349 4604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:29:57.0365 4604 MTConfig - ok
12:29:57.0381 4604 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\drivers\ASACPI.sys
12:29:57.0381 4604 MTsensor - ok
12:29:57.0396 4604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:29:57.0412 4604 Mup - ok
12:29:57.0443 4604 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:29:57.0443 4604 napagent - ok
12:29:57.0537 4604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:57.0537 4604 NativeWifiP - ok
12:29:57.0630 4604 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:29:57.0630 4604 NDIS - ok
12:29:57.0677 4604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:57.0677 4604 NdisCap - ok
12:29:57.0693 4604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:57.0693 4604 NdisTapi - ok
12:29:57.0739 4604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:57.0739 4604 Ndisuio - ok
12:29:57.0755 4604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:57.0755 4604 NdisWan - ok
12:29:57.0755 4604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:29:57.0755 4604 NDProxy - ok
12:29:57.0880 4604 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
12:29:57.0880 4604 Net Driver HPZ12 - ok
12:29:57.0927 4604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:29:57.0927 4604 NetBIOS - ok
12:29:57.0973 4604 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:29:57.0989 4604 NetBT - ok
12:29:58.0005 4604 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:58.0005 4604 Netlogon - ok
12:29:58.0020 4604 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:29:58.0036 4604 Netman - ok
12:29:58.0176 4604 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:29:58.0176 4604 NetMsmqActivator - ok
12:29:58.0192 4604 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:29:58.0192 4604 NetPipeActivator - ok
12:29:58.0207 4604 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:29:58.0207 4604 netprofm - ok
12:29:58.0301 4604 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
12:29:58.0317 4604 netr28x - ok
12:29:58.0348 4604 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:29:58.0348 4604 NetTcpActivator - ok
12:29:58.0348 4604 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:29:58.0348 4604 NetTcpPortSharing - ok
12:29:58.0395 4604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:29:58.0395 4604 nfrd960 - ok
12:29:58.0473 4604 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:29:58.0488 4604 NlaSvc - ok
12:29:58.0488 4604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:29:58.0488 4604 Npfs - ok
12:29:58.0519 4604 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:29:58.0519 4604 nsi - ok
12:29:58.0519 4604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:29:58.0519 4604 nsiproxy - ok
12:29:58.0582 4604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:29:58.0597 4604 Ntfs - ok
12:29:58.0660 4604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:29:58.0660 4604 Null - ok
12:29:58.0738 4604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:29:58.0753 4604 nvraid - ok
12:29:58.0769 4604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:29:58.0769 4604 nvstor - ok
12:29:58.0800 4604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:29:58.0800 4604 nv_agp - ok
12:29:58.0894 4604 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:29:58.0894 4604 odserv - ok
12:29:58.0941 4604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:29:58.0941 4604 ohci1394 - ok
12:29:58.0956 4604 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:29:58.0956 4604 ose - ok
12:29:59.0050 4604 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:29:59.0065 4604 p2pimsvc - ok
12:29:59.0097 4604 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:29:59.0097 4604 p2psvc - ok
12:29:59.0112 4604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:29:59.0128 4604 Parport - ok
12:29:59.0143 4604 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:29:59.0143 4604 partmgr - ok
12:29:59.0221 4604 PassThru Service (68139940b5ac84affb7eb1b713be66e7) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
12:29:59.0221 4604 PassThru Service - ok
12:29:59.0253 4604 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:29:59.0253 4604 PcaSvc - ok
12:29:59.0268 4604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:29:59.0284 4604 pci - ok
12:29:59.0299 4604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:29:59.0299 4604 pciide - ok
12:29:59.0315 4604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:29:59.0315 4604 pcmcia - ok
12:29:59.0362 4604 PCTBD (bb0d5cc3474367a918f463366742afe9) C:\Windows\system32\Drivers\PCTBD64.sys
12:29:59.0362 4604 PCTBD - ok
12:29:59.0502 4604 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys
12:29:59.0502 4604 PCTCore - ok
12:29:59.0549 4604 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
12:29:59.0549 4604 pctDS - ok
12:29:59.0596 4604 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
12:29:59.0611 4604 pctEFA - ok
12:29:59.0643 4604 pctgntdi (814acba180fb7ad3856d5ccaa857c97d) C:\Windows\System32\drivers\pctgntdi64.sys
12:29:59.0643 4604 pctgntdi - ok
12:29:59.0658 4604 pctplsg (abc87b90c4d20b0f76da00ff24b8826a) C:\Windows\System32\drivers\pctplsg64.sys
12:29:59.0674 4604 pctplsg - ok
12:29:59.0689 4604 PCTSD (577f20ebf1e42bebb238e2412b99c7ee) C:\Windows\system32\Drivers\PCTSD64.sys
12:29:59.0705 4604 PCTSD - ok
12:29:59.0721 4604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:29:59.0736 4604 pcw - ok
12:29:59.0767 4604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:29:59.0767 4604 PEAUTH - ok
12:29:59.0845 4604 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:29:59.0845 4604 PerfHost - ok
12:29:59.0955 4604 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:29:59.0970 4604 pla - ok
12:30:00.0048 4604 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:30:00.0064 4604 PlugPlay - ok
12:30:00.0111 4604 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
12:30:00.0111 4604 Pml Driver HPZ12 - ok
12:30:00.0157 4604 PnkBstrA - ok
12:30:00.0189 4604 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:30:00.0204 4604 PNRPAutoReg - ok
12:30:00.0220 4604 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:30:00.0235 4604 PNRPsvc - ok
12:30:00.0298 4604 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:30:00.0313 4604 PolicyAgent - ok
12:30:00.0329 4604 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:30:00.0329 4604 Power - ok
12:30:00.0423 4604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:30:00.0423 4604 PptpMiniport - ok
12:30:00.0454 4604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:30:00.0454 4604 Processor - ok
12:30:00.0485 4604 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:30:00.0485 4604 ProfSvc - ok
12:30:00.0501 4604 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:00.0501 4604 ProtectedStorage - ok
12:30:00.0563 4604 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:30:00.0563 4604 Psched - ok
12:30:00.0594 4604 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys
12:30:00.0594 4604 PxHlpa64 - ok
12:30:00.0672 4604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:30:00.0688 4604 ql2300 - ok
12:30:00.0797 4604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:30:00.0813 4604 ql40xx - ok
12:30:00.0844 4604 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:30:00.0859 4604 QWAVE - ok
12:30:00.0859 4604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:30:00.0875 4604 QWAVEdrv - ok
12:30:00.0875 4604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:30:00.0875 4604 RasAcd - ok
12:30:00.0875 4604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:30:00.0875 4604 RasAgileVpn - ok
12:30:00.0891 4604 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:30:00.0891 4604 RasAuto - ok
12:30:00.0906 4604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:30:00.0906 4604 Rasl2tp - ok
12:30:00.0922 4604 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:30:00.0922 4604 RasMan - ok
12:30:00.0937 4604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:30:00.0937 4604 RasPppoe - ok
12:30:00.0953 4604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:30:00.0953 4604 RasSstp - ok
12:30:00.0969 4604 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:30:00.0969 4604 rdbss - ok
12:30:00.0969 4604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:30:00.0984 4604 rdpbus - ok
12:30:01.0000 4604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:30:01.0000 4604 RDPCDD - ok
12:30:01.0047 4604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:30:01.0047 4604 RDPENCDD - ok
12:30:01.0062 4604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:30:01.0062 4604 RDPREFMP - ok
12:30:01.0093 4604 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:30:01.0109 4604 RDPWD - ok
12:30:01.0125 4604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:30:01.0140 4604 rdyboost - ok
12:30:01.0187 4604 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:30:01.0203 4604 RemoteAccess - ok
12:30:01.0218 4604 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:30:01.0218 4604 RemoteRegistry - ok
12:30:01.0234 4604 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:30:01.0234 4604 RpcEptMapper - ok
12:30:01.0249 4604 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:30:01.0265 4604 RpcLocator - ok
12:30:01.0281 4604 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:30:01.0281 4604 RpcSs - ok
12:30:01.0296 4604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:30:01.0296 4604 rspndr - ok
12:30:01.0359 4604 rsvcdwdr (c8d0ca461d647165dd5c8de1ff5ea822) C:\Windows\system32\DRIVERS\rsvcdwdr.sys
12:30:01.0359 4604 rsvcdwdr - ok
12:30:01.0405 4604 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:30:01.0421 4604 RTL8167 - ok
12:30:01.0452 4604 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:01.0452 4604 SamSs - ok
12:30:01.0483 4604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:30:01.0483 4604 sbp2port - ok
12:30:01.0593 4604 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:30:01.0608 4604 SBSDWSCService - ok
12:30:01.0624 4604 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:30:01.0624 4604 SCardSvr - ok
12:30:01.0811 4604 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
12:30:01.0811 4604 SCDEmu - ok
12:30:01.0858 4604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:30:01.0858 4604 scfilter - ok
12:30:01.0998 4604 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:30:02.0014 4604 Schedule - ok
12:30:02.0029 4604 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:30:02.0029 4604 SCPolicySvc - ok
12:30:02.0123 4604 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
12:30:02.0123 4604 sdAuxService - ok
12:30:02.0170 4604 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
12:30:02.0185 4604 sdCoreService - ok
12:30:02.0232 4604 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:30:02.0232 4604 SDRSVC - ok
12:30:02.0310 4604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:30:02.0310 4604 secdrv - ok
12:30:02.0326 4604 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:30:02.0326 4604 seclogon - ok
12:30:02.0357 4604 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:30:02.0357 4604 SENS - ok
12:30:02.0419 4604 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:30:02.0435 4604 SensrSvc - ok
12:30:02.0482 4604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:30:02.0482 4604 Serenum - ok
12:30:02.0529 4604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:30:02.0544 4604 Serial - ok
12:30:02.0560 4604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:30:02.0560 4604 sermouse - ok
12:30:02.0591 4604 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:30:02.0607 4604 SessionEnv - ok
12:30:02.0607 4604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:30:02.0607 4604 sffdisk - ok
12:30:02.0622 4604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:30:02.0622 4604 sffp_mmc - ok
12:30:02.0638 4604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:30:02.0638 4604 sffp_sd - ok
12:30:02.0653 4604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:30:02.0653 4604 sfloppy - ok
12:30:02.0747 4604 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:30:02.0763 4604 SharedAccess - ok
12:30:02.0794 4604 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:30:02.0794 4604 ShellHWDetection - ok
12:30:02.0841 4604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:30:02.0841 4604 SiSRaid2 - ok
12:30:02.0856 4604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:30:02.0856 4604 SiSRaid4 - ok
12:30:03.0121 4604 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:30:03.0137 4604 Skype C2C Service - ok
12:30:03.0184 4604 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:30:03.0184 4604 SkypeUpdate - ok
12:30:03.0309 4604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:30:03.0324 4604 Smb - ok
12:30:03.0387 4604 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:30:03.0387 4604 SNMPTRAP - ok
12:30:03.0402 4604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:30:03.0402 4604 spldr - ok
12:30:03.0433 4604 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:30:03.0433 4604 Spooler - ok
12:30:03.0527 4604 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:30:03.0543 4604 sppsvc - ok
12:30:03.0589 4604 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:30:03.0605 4604 sppuinotify - ok
12:30:03.0636 4604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:30:03.0652 4604 srv - ok
12:30:03.0714 4604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:30:03.0714 4604 srv2 - ok
12:30:03.0777 4604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:30:03.0777 4604 srvnet - ok
12:30:03.0792 4604 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:30:03.0808 4604 SSDPSRV - ok
12:30:03.0839 4604 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:30:03.0839 4604 SstpSvc - ok
12:30:03.0917 4604 Steam Client Service - ok
12:30:03.0964 4604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:30:03.0964 4604 stexstor - ok
12:30:04.0042 4604 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:30:04.0042 4604 StillCam - ok
12:30:04.0135 4604 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:30:04.0151 4604 stisvc - ok
12:30:04.0167 4604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:30:04.0167 4604 swenum - ok
12:30:04.0291 4604 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:30:04.0307 4604 SwitchBoard - ok
12:30:04.0369 4604 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:30:04.0385 4604 swprv - ok
12:30:04.0463 4604 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:30:04.0479 4604 SysMain - ok
12:30:04.0525 4604 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:30:04.0541 4604 TabletInputService - ok
12:30:04.0557 4604 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:30:04.0572 4604 TapiSrv - ok
12:30:04.0619 4604 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys
12:30:04.0635 4604 tbhsd - ok
12:30:04.0650 4604 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:30:04.0666 4604 TBS - ok
12:30:04.0759 4604 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:30:04.0775 4604 Tcpip - ok
12:30:04.0931 4604 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:30:04.0931 4604 TCPIP6 - ok
12:30:05.0056 4604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:30:05.0056 4604 tcpipreg - ok
12:30:05.0134 4604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:30:05.0134 4604 TDPIPE - ok
12:30:05.0149 4604 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:30:05.0149 4604 TDTCP - ok
12:30:05.0181 4604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:30:05.0181 4604 tdx - ok
12:30:05.0196 4604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:30:05.0212 4604 TermDD - ok
12:30:05.0243 4604 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:30:05.0243 4604 TermService - ok
12:30:05.0259 4604 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:30:05.0259 4604 Themes - ok
12:30:05.0274 4604 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:30:05.0274 4604 THREADORDER - ok
12:30:05.0290 4604 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:30:05.0290 4604 TrkWks - ok
12:30:05.0321 4604 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:30:05.0321 4604 TrustedInstaller - ok
12:30:05.0337 4604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:30:05.0337 4604 tssecsrv - ok
12:30:05.0399 4604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:30:05.0415 4604 TsUsbFlt - ok
12:30:05.0430 4604 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:30:05.0430 4604 TsUsbGD - ok
12:30:05.0555 4604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:30:05.0571 4604 tunnel - ok
12:30:05.0586 4604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:30:05.0586 4604 uagp35 - ok
12:30:05.0617 4604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:30:05.0633 4604 udfs - ok
12:30:05.0680 4604 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:30:05.0680 4604 UI0Detect - ok
12:30:05.0711 4604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:30:05.0711 4604 uliagpkx - ok
12:30:05.0773 4604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:30:05.0773 4604 umbus - ok
12:30:05.0789 4604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:30:05.0789 4604 UmPass - ok
12:30:05.0805 4604 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:30:05.0820 4604 upnphost - ok
12:30:05.0883 4604 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
12:30:05.0883 4604 USBAAPL64 - ok
12:30:05.0961 4604 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:30:05.0961 4604 usbaudio - ok
12:30:05.0992 4604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:30:05.0992 4604 usbccgp - ok
12:30:06.0039 4604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:30:06.0039 4604 usbcir - ok
12:30:06.0054 4604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:30:06.0070 4604 usbehci - ok
12:30:06.0085 4604 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
12:30:06.0085 4604 usbfilter - ok
12:30:06.0101 4604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:30:06.0101 4604 usbhub - ok
12:30:06.0117 4604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:30:06.0117 4604 usbohci - ok
12:30:06.0179 4604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:30:06.0179 4604 usbprint - ok
12:30:06.0195 4604 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:30:06.0195 4604 usbscan - ok
12:30:06.0210 4604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:30:06.0210 4604 USBSTOR - ok
12:30:06.0226 4604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:30:06.0226 4604 usbuhci - ok
12:30:06.0257 4604 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:30:06.0257 4604 UxSms - ok
12:30:06.0273 4604 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:06.0273 4604 VaultSvc - ok
12:30:06.0288 4604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:30:06.0288 4604 vdrvroot - ok
12:30:06.0319 4604 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:30:06.0319 4604 vds - ok
12:30:06.0335 4604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:30:06.0351 4604 vga - ok
12:30:06.0366 4604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:30:06.0366 4604 VgaSave - ok
12:30:06.0382 4604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:30:06.0382 4604 vhdmp - ok
12:30:06.0491 4604 VIAHdAudAddService (d4944dbf92e07f1f641cb512065966e6) C:\Windows\system32\drivers\viahduaa.sys
12:30:06.0507 4604 VIAHdAudAddService - ok
12:30:06.0663 4604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:30:06.0663 4604 viaide - ok
12:30:06.0678 4604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:30:06.0678 4604 volmgr - ok
12:30:06.0694 4604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:30:06.0694 4604 volmgrx - ok
12:30:06.0709 4604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:30:06.0725 4604 volsnap - ok
12:30:06.0772 4604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:30:06.0772 4604 vsmraid - ok
12:30:06.0834 4604 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:30:06.0865 4604 VSS - ok
12:30:06.0928 4604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:30:06.0928 4604 vwifibus - ok
12:30:06.0975 4604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:30:06.0990 4604 vwififlt - ok
12:30:07.0021 4604 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:30:07.0021 4604 W32Time - ok
12:30:07.0068 4604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:30:07.0068 4604 WacomPen - ok
12:30:07.0099 4604 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:07.0115 4604 WANARP - ok
12:30:07.0115 4604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:07.0115 4604 Wanarpv6 - ok
12:30:07.0271 4604 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:30:07.0287 4604 WatAdminSvc - ok
12:30:07.0333 4604 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:30:07.0365 4604 wbengine - ok
12:30:07.0396 4604 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:30:07.0411 4604 WbioSrvc - ok
12:30:07.0427 4604 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:30:07.0427 4604 wcncsvc - ok
12:30:07.0443 4604 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:30:07.0443 4604 WcsPlugInService - ok
12:30:07.0458 4604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:30:07.0474 4604 Wd - ok
12:30:07.0505 4604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:30:07.0521 4604 Wdf01000 - ok
12:30:07.0536 4604 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:30:07.0536 4604 WdiServiceHost - ok
12:30:07.0536 4604 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:30:07.0536 4604 WdiSystemHost - ok
12:30:07.0552 4604 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:30:07.0552 4604 WebClient - ok
12:30:07.0583 4604 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:30:07.0583 4604 Wecsvc - ok
12:30:07.0599 4604 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:30:07.0599 4604 wercplsupport - ok
12:30:07.0645 4604 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:30:07.0645 4604 WerSvc - ok
12:30:07.0708 4604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:30:07.0708 4604 WfpLwf - ok
12:30:07.0723 4604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:30:07.0739 4604 WIMMount - ok
12:30:07.0817 4604 WinDefend - ok
12:30:07.0833 4604 WinHttpAutoProxySvc - ok
12:30:07.0895 4604 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:30:07.0895 4604 Winmgmt - ok
12:30:07.0957 4604 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:30:07.0989 4604 WinRM - ok
12:30:08.0176 4604 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:30:08.0176 4604 WinUsb - ok
12:30:08.0238 4604 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:30:08.0238 4604 Wlansvc - ok
12:30:08.0332 4604 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:30:08.0332 4604 wlcrasvc - ok
12:30:08.0441 4604 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:30:08.0457 4604 wlidsvc - ok
12:30:08.0519 4604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:30:08.0519 4604 WmiAcpi - ok
12:30:08.0550 4604 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:30:08.0550 4604 wmiApSrv - ok
12:30:08.0581 4604 WMPNetworkSvc - ok
12:30:08.0597 4604 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:30:08.0597 4604 WPCSvc - ok
12:30:08.0613 4604 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:30:08.0628 4604 WPDBusEnum - ok
12:30:08.0628 4604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:30:08.0628 4604 ws2ifsl - ok
12:30:08.0691 4604 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:30:08.0691 4604 wscsvc - ok
12:30:08.0706 4604 WSearch - ok
12:30:08.0800 4604 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:30:08.0831 4604 wuauserv - ok
12:30:08.0909 4604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:30:08.0909 4604 WudfPf - ok
12:30:08.0940 4604 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:30:08.0940 4604 WUDFRd - ok
12:30:08.0956 4604 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:30:08.0956 4604 wudfsvc - ok
12:30:08.0971 4604 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:30:08.0987 4604 WwanSvc - ok
12:30:09.0065 4604 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
12:30:09.0065 4604 xusb21 - ok
12:30:09.0190 4604 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0
12:30:09.0361 4604 \Device\Harddisk0\DR0 - ok
12:30:09.0361 4604 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR1
12:30:09.0361 4604 \Device\Harddisk1\DR1 - ok
12:30:09.0502 4604 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR3
12:30:09.0517 4604 \Device\Harddisk2\DR3 - ok
12:30:09.0814 4604 MBR (0x1B8) (3bc86f9b7536621bc20417a8c42cef90) \Device\Harddisk3\DR4
12:30:17.0395 4604 \Device\Harddisk3\DR4 - ok
12:30:17.0395 4604 Boot (0x1200) (c0d856478ad1cb0d4b9f97a8d63aa78f) \Device\Harddisk0\DR0\Partition0
12:30:17.0395 4604 \Device\Harddisk0\DR0\Partition0 - ok
12:30:17.0411 4604 Boot (0x1200) (8c6eac08a36a6f8ea89e19ead9e294af) \Device\Harddisk1\DR1\Partition0
12:30:17.0411 4604 \Device\Harddisk1\DR1\Partition0 - ok
12:30:17.0411 4604 Boot (0x1200) (8e0c9f4b3e8dd626b7894d8f2a31b87f) \Device\Harddisk2\DR3\Partition0
12:30:17.0411 4604 \Device\Harddisk2\DR3\Partition0 - ok
12:30:17.0411 4604 ============================================================
12:30:17.0411 4604 Scan finished
12:30:17.0411 4604 ============================================================
12:30:17.0411 6788 Detected object count: 0
12:30:17.0411 6788 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 12:31:43
-----------------------------
12:31:43.592 OS Version: Windows x64 6.1.7601 Service Pack 1
12:31:43.592 Number of processors: 4 586 0x403
12:31:43.592 ComputerName: UNCONVENTIONAL UserName: Joe
12:31:46.603 Initialize success
12:34:52.889 AVAST engine defs: 12070600
12:35:03.029 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:35:03.029 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
12:35:03.029 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
12:35:03.029 Disk 1 Vendor: WDC_WD10EAVS-00D7B0 01.01A01 Size: 953869MB BusType: 3
12:35:03.044 Disk 0 MBR read successfully
12:35:03.044 Disk 0 MBR scan
12:35:03.044 Disk 0 unknown MBR code
12:35:03.044 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 10024 MB offset 2048
12:35:03.060 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 943842 MB offset 20531200
12:35:03.076 Disk 0 scanning C:\Windows\system32\drivers
12:35:15.119 Service scanning
12:35:21.530 Service FXDrv32 D:\FXDrv64.sys **LOCKED** 21
12:35:33.074 Modules scanning
12:35:33.090 Disk 0 trace - called modules:
12:35:33.106 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:35:33.121 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ad6060]
12:35:33.121 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007951cf0]
12:35:33.121 5 PCTCore64.sys[fffff880010cc720] -> nt!IofCallDriver -> [0xfffffa80079369b0]
12:35:33.121 7 ACPI.sys[fffff88000f357a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a0d060]
12:35:43.386 AVAST engine scan C:\Windows
12:35:46.615 AVAST engine scan C:\Windows\system32
12:37:42.508 AVAST engine scan C:\Windows\system32\drivers
12:37:53.709 AVAST engine scan C:\Users\Joe
12:43:37.190 AVAST engine scan C:\ProgramData
12:45:08.747 Scan finished successfully
12:45:39.728 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
12:45:39.728 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

#6 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 06 July 2012 - 02:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#7 Bones667

New Member

Members
10 posts

Posted 06 July 2012 - 02:50 PM

Everything is running smooth and working as expected.
I have noticed nothing different after following instructions. No problems or symptoms of spyware.

////////////////////////////////////
////////////////////////////////////

ComboFix 12-07-06.02 - Joe 07/06/2012 15:38:55.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5936 [GMT -4:00]
Running from: c:\users\Joe\Desktop\Av Tutorial and programs\BleepingComputerFIX\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 19:44 . 2012-07-06 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 12:56 . 2012-07-06 12:56 181000 ----a-w- c:\windows\system32\drivers\pctplfw64.sys
2012-07-06 12:56 . 2012-07-06 12:56 123808 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2012-07-06 12:53 . 2012-07-06 12:53 -------- d-----w- c:\program files (x86)\uTorrent
2012-07-06 12:52 . 2012-07-06 14:23 -------- d-----w- c:\users\Joe\AppData\Roaming\uTorrent
2012-07-06 12:39 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-06 12:39 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-06 12:39 . 2012-06-14 16:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-06 12:39 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-06 12:39 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-06 12:39 . 2012-05-11 15:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-07-06 12:39 . 2012-05-11 15:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-07-06 12:39 . 2012-05-11 15:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-07-06 12:39 . 2012-05-11 15:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-07-06 12:39 . 2012-07-06 12:39 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-06 12:27 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-07-06 12:27 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-07-06 12:26 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-07-06 12:26 . 2012-07-06 12:55 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-06 12:26 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-06 11:45 . 2012-07-06 12:21 -------- d-----w- c:\program files (x86)\stinger
2012-07-06 10:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-06 10:51 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-06 10:51 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-06 10:51 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-06 10:51 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-06 10:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-07-06 10:50 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-07-06 10:50 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-06 10:50 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-06 10:50 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-07-06 10:50 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-06 10:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-06 10:50 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-06 10:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-06 10:50 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-06 10:50 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 10:49 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-06 10:49 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-06 10:49 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-06 10:49 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-06 10:48 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-06 10:48 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-06 10:48 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-06 10:48 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-06 10:48 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-06 10:47 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-06 10:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-06 10:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-06 10:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-06 10:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-06 10:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-06 10:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-06 10:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-06 10:42 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-06 10:42 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-06 09:52 . 2012-07-06 09:52 328704 ----a-w- c:\windows\system32\services.exe.6AE654C46EB61281
2012-07-06 06:46 . 2012-07-06 06:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 06:46 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 21:12 . 2012-07-06 09:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-05 21:10 . 2012-07-05 21:10 -------- d-----w- c:\program files\CCleaner
2012-07-05 16:27 . 2012-07-05 16:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-05 12:51 . 2012-07-05 12:51 -------- d-----w- c:\users\Joe\AppData\Local\Ventrilo
2012-07-03 18:48 . 2012-07-03 18:48 -------- d-----w- c:\users\Joe\AppData\Local\Macromedia
2012-07-03 18:37 . 2012-07-03 18:37 -------- d-----w- c:\users\Joe\AppData\Roaming\AVG2012
2012-07-03 10:01 . 2012-07-03 10:01 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-03 10:01 . 2012-07-03 10:01 -------- d-----w- C:\$AVG
2012-07-03 10:01 . 2012-07-05 13:27 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-03 10:01 . 2012-07-04 06:45 -------- d-----w- c:\programdata\AVG2012
2012-07-03 10:00 . 2012-07-03 10:00 -------- d-----w- c:\program files (x86)\AVG
2012-07-03 09:56 . 2012-07-03 09:56 -------- d--h--w- c:\programdata\Common Files
2012-07-03 09:56 . 2012-07-06 11:43 -------- d-----w- c:\programdata\MFAData
2012-06-30 06:20 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5D99162-BDF9-40FD-8165-E1288575D272}\mpengine.dll
2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-17 01:16 . 2012-06-17 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 01:16 . 2012-06-17 01:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-13 05:34 . 2012-07-05 21:14 -------- d-----w- c:\users\Joe\AppData\Roaming\Ventrilo
2012-06-13 05:34 . 2012-06-13 05:34 -------- d-----w- c:\program files\Ventrilo
2012-06-13 03:32 . 2012-06-13 07:32 -------- d-----w- c:\users\Joe\AppData\Roaming\Skype
2012-06-13 03:32 . 2012-06-13 03:33 -------- d-----r- c:\program files (x86)\Skype
2012-06-13 03:32 . 2012-06-13 03:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-13 03:32 . 2012-06-27 14:28 -------- d-----w- c:\programdata\Skype
2012-06-06 22:12 . 2012-06-06 22:12 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 22:12 . 2012-06-06 22:12 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 17:58 . 2012-04-09 13:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 17:58 . 2011-09-12 14:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 15:03 . 2012-07-06 12:39 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 15:03 . 2012-07-06 12:39 131 ----a-w- c:\windows\IDB.zip
2012-05-31 20:53 . 2012-02-22 16:25 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-31 20:53 . 2011-12-14 13:11 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-31 08:04 . 2011-12-14 13:11 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-30 21:05 . 2012-05-30 21:05 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-06 20:48 . 2011-12-14 13:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-17 16:07 . 2012-04-17 16:07 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-06_14.00.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-06 15:14 53498 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 15:14 56908 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-12 13:54 . 2012-07-06 15:14 19290 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1919909691-3227023766-3484066574-1000_UserData.bin
+ 2010-11-21 03:09 . 2012-07-06 15:14 53498 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 15:14 56908 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-12 13:54 . 2012-07-06 15:14 19290 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1919909691-3227023766-3484066574-1000_UserData.bin
- 2012-07-06 13:59 . 2012-07-06 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-06 15:13 . 2012-07-06 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 13:59 . 2012-07-06 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-06 15:13 . 2012-07-06 15:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-15 16:31 . 2012-07-06 13:48 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-15 16:31 . 2012-07-06 15:13 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-07-06 15:13 770048 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-06 13:48 770048 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-06 12:09 674422 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 15:15 674422 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-07-06 12:09 125630 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-06 15:15 125630 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-07-06 12:09 674422 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 15:15 674422 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-06 12:09 125630 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-06 15:15 125630 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-06 15:08 487636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-06 13:58 487636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-12 19:23 . 2012-07-06 15:08 2451384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-12 19:23 . 2012-07-06 13:16 2451384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 04:54 . 2012-07-06 15:13 10829824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-06 13:48 10829824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-06 15:13 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-06 13:48 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-12 14:06 . 2012-07-06 15:08 31740768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1919909691-3227023766-3484066574-1000-8192.dat
- 2011-09-12 14:06 . 2012-07-06 13:59 31740768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1919909691-3227023766-3484066574-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-11-10 234040]
R3 ALSysIO;ALSysIO;c:\users\Joe\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 FoxAwdWINFLASH;FoxAwdWINFLASH;c:\program files (x86)\Foxconn\Fox DMI\FoxAwdWINFLASH64.sys [2008-12-19 17808]
R3 FXDrv32;FXDrv32;D:\FXDrv64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-20 702976]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896]
R3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys [2011-07-13 45160]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-02-14 350096]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-14 575448]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 79225884
*NewlyCreated* - ASWMBR
*Deregistered* - 79225884
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 13:28]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 13:28]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919909691-3227023766-3484066574-1000Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 16:48]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919909691-3227023766-3484066574-1000UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 16:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 9642528]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
xfactorae1
w200mdfl
epson_pm_rpcv2_02
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\l54ld9kz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a4,f6,5a,1a,24,58,cd,01
.
[HKEY_USERS\S-1-5-21-1919909691-3227023766-3484066574-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,91,01,99,7f,af,c1,af,5c,80,ed,31,e3,66,be,76,45,b4,66,50,f7,
40,3e,e3,d8,8b,d1,6b,0f,e3,f1,e3,ca,63,bb,97,7b,6a,47,64,f5,02,0b,bf,5d,5c,\
"rkeysecu"=hex:c1,de,3a,7d,5c,b8,ea,fa,88,92,83,f2,95,ca,03,3c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:04,bb,1a,dd,d2,45,25,2b,97,5a,b7,07,f0,53,da,ed,41,14,d5,0c,ce,
1c,10,b8,c2,c9,50,bf,10,1a,4e,6d,2b,17,cb,da,6d,54,20,25,81,a6,67,89,4a,06,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:04,bb,1a,dd,d2,45,25,2b,97,5a,b7,07,f0,53,da,ed,41,14,d5,0c,ce,
1c,10,b8,c2,c9,50,bf,10,1a,4e,6d,2b,17,cb,da,6d,54,20,25,81,a6,67,89,4a,06,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-06 15:45:54
ComboFix-quarantined-files.txt 2012-07-06 19:45
ComboFix2.txt 2012-07-06 14:05
.
Pre-Run: 827,241,713,664 bytes free
Post-Run: 827,280,670,720 bytes free
.
- - End Of File - - 6A1CCB62931A6B79E77B41691B21DE27

#8 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 07 July 2012 - 12:09 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

click ok

copy and paste the report into this topic for me to review

Gringo

#9 Bones667

New Member

Members
10 posts

Posted 07 July 2012 - 06:52 AM

Update for Microsoft Office 2007 (KB2508958)
µTorrent
4500_G510gm_Help_Web
4500G510gm_Software_Min
4500G510gm_web
Add or Remove Adobe Premiere Pro CS5
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Audition CS5.5
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Photoshop CS5.1
Adobe Reader X (10.1.1) MUI
Adobe Widget Browser
AI Manager
AIDA64 Extreme Edition v1.85
AMD USB Filter Driver
AMD VISION Engine Control Center
APB Reloaded
Apple Application Support
Apple Software Update
Arma 2 BAF + PMC Uninstall
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
ASUS Backup Wizard
ASUSUpdate
AsusVibe2.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.2.6
Audacity 1.3.13 (Unicode)
Belarc Advisor 8.2
Best Buy pc app
bl
Browser Guard 4.0
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Combined Community Codec Pack 2011-07-30
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
D3DX10
Dropbox
EPU-4 Engine
Fallout 3
Fallout Mod Manager 0.13.21
Fallout New Vegas
Fallout: New Vegas
FastStone Photo Resizer 3.0
Final Draft
Fox DMI
FOX LiveUpdate
FOX ONE
Fraps (remove only)
Galerie de photos Windows Live
Galería fotográfica de Windows Live
GamersFirst LIVE!
Google Talk Plugin
Google Update Helper
Grand Theft Auto IV
HTC BMP USB Driver
HTC Driver Installer
Hunt The Thing
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Loadout Editor For ArmA2 Combined Operations & ACE 2 version 1.0, build 1.0.34
Magic Bullet Looks
Magic Bullet Looks PPro
Magic Bullet Looks Vegas
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA PhysX
PC Tools Internet Security
PDF Settings CS5
PDF Settings CS6
ph
Platform
PowerISO
PunkBuster Services
PxMergeModule
QuickTime
Rainmeter
Ralink RT2860 Wireless LAN Card
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
Spotify
Spybot - Search & Destroy
Steam
System Requirements Lab CYRI
TexView 2 Uninstall
Toolbox
Ubisoft Game Launcher
Uninstall Mystical
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.7
Watermark Factory 2
WebReg
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xfire (remove only)

#10 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 07 July 2012 - 06:56 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 29
[/list]

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM
Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

#11 Bones667

New Member

Members
10 posts

Posted 07 July 2012 - 09:45 AM

My computer is doing fine so far. No problems.

||||||||||||||||||||||||||||
MBAM LOG
|||||||||||||||||||||||||||

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: UNCONVENTIONAL [administrator]

Protection: Disabled

7/7/2012 10:24:39 AM
mbam-log-2012-07-07 (10-24-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219005
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

|||||||||||||||||||||||||||
hijack this log
||||||||||||||||||||||||||||

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:32 AM, on 7/7/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Joe\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Joe\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12583 bytes

#12 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 07 July 2012 - 10:53 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
- O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
  O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
  O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
  O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the add/on to be installed
- Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found
click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish
close program
copy and paste the report here

Gringo

#13 Bones667

New Member

Members
10 posts

Posted 07 July 2012 - 01:22 PM

I could not get the online scanner to work through IE. It kept giving me errors about resending information. Therefor I used Firefox, and am able to run the scanner.

While searching for ESET online scanner, I had a redirected page to some "click ad" site.

I have a few trainers for some pc games, therefor are scanned as a threat.

ESET found Threats:

C:\Documents and Settings\Joe\AppData\Local\Application Data\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Documents and Settings\Joe\AppData\Local\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Documents and Settings\Joe\Documents\Games\Red Faction\Red Faction Guerrilla Trainer.exe a variant of Win32/GameHack.F application
C:\Documents and Settings\Joe\Local Settings\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{85ee5870-1a9f-6932-c3ce-887557e65d78}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
C:\TDSSKiller_Quarantine\05.07.2012_17.09.01\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\05.07.2012_17.09.01\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\05.07.2012_17.09.01\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0004.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0010.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\06.07.2012_05.25.40\tdlfs0001\tsk0014.dta a variant of Win32/Olmarik.AYI trojan
C:\Users\Joe\AppData\Local\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\Joe\Documents\Games\Red Faction\Red Faction Guerrilla Trainer.exe a variant of Win32/GameHack.F application
C:\Users\Joe\Local Settings\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
E:\Software\Misc Good Software\coretemp_1236.exe a variant of Win32/InstallIQ application

#14 gringo_pr

Bleepin Gringo

Malware Response Team
120,576 posts

Gender:Male
Location:Puerto rico

Posted 07 July 2012 - 09:55 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Documents and Settings\Joe\AppData\Local\Application Data\{C38327CC-8716-11E1-826D-B8AC6F996F26}
C:\Documents and Settings\Joe\AppData\Local\{C38327CC-8716-11E1-826D-B8AC6F996F26}
C:\Documents and Settings\Joe\Local Settings\{C38327CC-8716-11E1-826D-B8AC6F996F26}
C:\Users\Joe\AppData\Local\{C38327CC-8716-11E1-826D-B8AC6F996F26}
C:\Users\Joe\Local Settings\{C38327CC-8716-11E1-826D-B8AC6F996F26}

File::
E:\Software\Misc Good Software\coretemp_1236.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

#15 Bones667

New Member

Members
10 posts

Posted 08 July 2012 - 02:03 PM

So far I have not noticed any redirectors, and my computer is operating just fine.

ComboFix 12-07-08.01 - Joe 07/08/2012 14:50:56.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6230 [GMT -4:00]
Running from: e:\software\Anti Virus Related\Av Tutorial and programs\BleepingComputerFIX\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"e:\software\Misc Good Software\coretemp_1236.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Joe\AppData\Local\{C38327CC-8716-11E1-826D-B8AC6F996F26}
c:\users\Joe\AppData\Local\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome.manifest
c:\users\Joe\AppData\Local\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul
c:\users\Joe\AppData\Local\{C38327CC-8716-11E1-826D-B8AC6F996F26}\install.rdf
c:\users\Joe\Local Settings\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome.manifest
c:\users\Joe\Local Settings\{C38327CC-8716-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul
c:\users\Joe\Local Settings\{C38327CC-8716-11E1-826D-B8AC6F996F26}\install.rdf
e:\software\Misc Good Software\coretemp_1236.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 18:59 . 2012-07-08 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 14:19 . 2012-07-07 14:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-07 14:19 . 2012-07-07 14:19 -------- d-----w- c:\program files (x86)\Oracle
2012-07-07 14:18 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-07 14:18 . 2012-07-07 14:18 -------- d-----w- c:\program files (x86)\Java
2012-07-07 14:04 . 2012-07-07 14:04 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-07-06 12:56 . 2012-07-06 12:56 181000 ----a-w- c:\windows\system32\drivers\pctplfw64.sys
2012-07-06 12:56 . 2012-07-06 12:56 123808 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2012-07-06 12:39 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-06 12:39 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-06 12:39 . 2012-06-14 16:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-06 12:39 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-06 12:39 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-06 12:39 . 2012-05-11 15:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-07-06 12:39 . 2012-05-11 15:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-07-06 12:39 . 2012-05-11 15:13 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-07-06 12:39 . 2012-05-11 15:14 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-07-06 12:39 . 2012-07-06 12:39 -------- d-----w- c:\program files (x86)\PC Tools
2012-07-06 12:27 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-07-06 12:27 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-07-06 12:26 . 2012-04-23 16:36 426616 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-07-06 12:26 . 2012-07-06 12:55 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-07-06 12:26 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-07-06 11:45 . 2012-07-06 12:21 -------- d-----w- c:\program files (x86)\stinger
2012-07-06 10:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-06 10:51 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-06 10:51 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-06 10:51 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-06 10:51 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-06 10:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-07-06 10:50 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-07-06 10:50 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-06 10:50 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-06 10:50 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-07-06 10:50 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-06 10:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-06 10:50 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-07-06 10:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-06 10:50 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-06 10:50 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 10:49 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-06 10:49 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-06 10:49 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-06 10:49 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-06 10:48 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-07-06 10:48 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-07-06 10:48 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-06 10:48 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-07-06 10:48 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-06 10:47 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-06 10:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-06 10:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-06 10:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-06 10:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-06 10:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-06 10:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-06 10:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-06 10:42 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-06 10:42 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-06 09:52 . 2012-07-06 09:52 328704 ----a-w- c:\windows\system32\services.exe.6AE654C46EB61281
2012-07-06 06:46 . 2012-07-06 06:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 06:46 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 21:12 . 2012-07-06 09:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-05 21:10 . 2012-07-07 14:22 -------- d-----w- c:\program files\CCleaner
2012-07-05 16:27 . 2012-07-05 16:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-05 12:51 . 2012-07-05 12:51 -------- d-----w- c:\users\Joe\AppData\Local\Ventrilo
2012-07-03 18:48 . 2012-07-03 18:48 -------- d-----w- c:\users\Joe\AppData\Local\Macromedia
2012-07-03 18:37 . 2012-07-03 18:37 -------- d-----w- c:\users\Joe\AppData\Roaming\AVG2012
2012-07-03 10:01 . 2012-07-03 10:01 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-03 10:01 . 2012-07-03 10:01 -------- d-----w- C:\$AVG
2012-07-03 10:01 . 2012-07-08 13:20 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-03 10:01 . 2012-07-04 06:45 -------- d-----w- c:\programdata\AVG2012
2012-07-03 10:00 . 2012-07-03 10:00 -------- d-----w- c:\program files (x86)\AVG
2012-07-03 09:56 . 2012-07-03 09:56 -------- d--h--w- c:\programdata\Common Files
2012-07-03 09:56 . 2012-07-08 13:20 -------- d-----w- c:\programdata\MFAData
2012-06-30 06:20 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5D99162-BDF9-40FD-8165-E1288575D272}\mpengine.dll
2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-17 01:16 . 2012-06-17 01:16 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-17 01:16 . 2012-06-17 01:16 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-06-13 05:34 . 2012-07-05 21:14 -------- d-----w- c:\users\Joe\AppData\Roaming\Ventrilo
2012-06-13 05:34 . 2012-06-13 05:34 -------- d-----w- c:\program files\Ventrilo
2012-06-13 03:32 . 2012-06-13 07:32 -------- d-----w- c:\users\Joe\AppData\Roaming\Skype
2012-06-13 03:32 . 2012-06-13 03:33 -------- d-----r- c:\program files (x86)\Skype
2012-06-13 03:32 . 2012-06-13 03:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-13 03:32 . 2012-06-27 14:28 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 17:58 . 2012-04-09 13:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 17:58 . 2011-09-12 14:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 15:03 . 2012-07-06 12:39 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 15:03 . 2012-07-06 12:39 131 ----a-w- c:\windows\IDB.zip
2012-05-31 20:53 . 2012-02-22 16:25 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-31 20:53 . 2011-12-14 13:11 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-31 08:04 . 2011-12-14 13:11 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-30 21:05 . 2012-05-30 21:05 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-06 20:48 . 2011-12-14 13:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-04 23:29 . 2011-09-22 22:49 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-17 16:07 . 2012-04-17 16:07 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-06_14.00.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-06 15:14 53498 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-08 18:46 56948 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-12 13:54 . 2012-07-08 18:46 19370 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1919909691-3227023766-3484066574-1000_UserData.bin
+ 2010-11-21 03:09 . 2012-07-06 15:14 53498 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-08 18:46 56948 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-12 13:54 . 2012-07-08 18:46 19370 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1919909691-3227023766-3484066574-1000_UserData.bin
- 2012-07-06 13:59 . 2012-07-06 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-06 15:13 . 2012-07-08 18:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-06 15:13 . 2012-07-08 18:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-06 13:59 . 2012-07-06 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-07 14:18 . 2012-05-04 23:29 227720 c:\windows\SysWOW64\javaws.exe
+ 2012-07-07 14:18 . 2012-07-07 14:18 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-07-07 14:18 . 2012-07-07 14:18 174064 c:\windows\SysWOW64\java.exe
- 2012-04-15 16:31 . 2012-07-06 13:48 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-15 16:31 . 2012-07-08 18:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-07-06 13:48 770048 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-08 18:44 770048 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-07-06 15:15 674422 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-07-06 12:09 674422 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-07-06 12:09 125630 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-06 15:15 125630 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-07-06 12:09 674422 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 15:15 674422 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 15:15 125630 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-06 12:09 125630 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-06 13:58 487636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-06 15:08 487636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-07 14:19 . 2012-07-07 14:19 179200 c:\windows\Installer\4f46ccf.msi
+ 2012-07-07 14:18 . 2012-07-07 14:18 461312 c:\windows\Installer\4f46cc7.msi
- 2012-07-06 09:54 . 2012-07-06 11:38 5041472 c:\windows\system64\FNTCACHE.DAT
+ 2012-07-08 18:43 . 2012-07-08 18:44 5041472 c:\windows\system64\FNTCACHE.DAT
+ 2012-07-08 18:43 . 2012-07-08 18:44 5041472 c:\windows\system32\FNTCACHE.DAT
- 2012-07-06 09:54 . 2012-07-06 11:38 5041472 c:\windows\system32\FNTCACHE.DAT
+ 2011-09-12 19:23 . 2012-07-06 15:08 2451384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-12 19:23 . 2012-07-06 13:16 2451384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 04:54 . 2012-07-06 13:48 10829824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-08 18:44 10829824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-06 13:48 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-08 18:44 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-12 14:06 . 2012-07-06 13:59 31740768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1919909691-3227023766-3484066574-1000-8192.dat
+ 2011-09-12 14:06 . 2012-07-06 15:08 31740768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1919909691-3227023766-3484066574-1000-8192.dat
+ 2012-07-07 14:17 . 2012-07-07 14:17 17379328 c:\windows\Installer\4f46cc3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Joe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-29 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-11-10 234040]
R3 ALSysIO;ALSysIO;c:\users\Joe\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 FoxAwdWINFLASH;FoxAwdWINFLASH;c:\program files (x86)\Foxconn\Fox DMI\FoxAwdWINFLASH64.sys [2008-12-19 17808]
R3 FXDrv32;FXDrv32;D:\FXDrv64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-20 702976]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896]
R3 rsvcdwdr;rsvcdwdr;c:\windows\system32\DRIVERS\rsvcdwdr.sys [2011-07-13 45160]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-02-14 350096]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-14 575448]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-14 85224]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 13:28]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 13:28]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919909691-3227023766-3484066574-1000Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 16:48]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1919909691-3227023766-3484066574-1000UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 16:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-03 9642528]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
xfactorae1
w200mdfl
epson_pm_rpcv2_02
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\l54ld9kz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a4,f6,5a,1a,24,58,cd,01
.
[HKEY_USERS\S-1-5-21-1919909691-3227023766-3484066574-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,91,01,99,7f,af,c1,af,5c,80,ed,31,e3,66,be,76,45,b4,66,50,f7,
40,3e,e3,d8,8b,d1,6b,0f,e3,f1,e3,ca,63,bb,97,7b,6a,47,64,f5,02,0b,bf,5d,5c,\
"rkeysecu"=hex:c1,de,3a,7d,5c,b8,ea,fa,88,92,83,f2,95,ca,03,3c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:04,bb,1a,dd,d2,45,25,2b,97,5a,b7,07,f0,53,da,ed,41,14,d5,0c,ce,
1c,10,b8,c2,c9,50,bf,10,1a,4e,6d,2b,17,cb,da,6d,54,20,25,81,a6,67,89,4a,06,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:04,bb,1a,dd,d2,45,25,2b,97,5a,b7,07,f0,53,da,ed,41,14,d5,0c,ce,
1c,10,b8,c2,c9,50,bf,10,1a,4e,6d,2b,17,cb,da,6d,54,20,25,81,a6,67,89,4a,06,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-08 15:01:16
ComboFix-quarantined-files.txt 2012-07-08 19:01
ComboFix2.txt 2012-07-06 19:45
ComboFix3.txt 2012-07-06 14:05
.
Pre-Run: 288,617,234,432 bytes free
Post-Run: 288,579,391,488 bytes free
.
- - End Of File - - 82D823390DBD064D35C102B262814BDE