Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.AB, M and W Infection


  • This topic is locked This topic is locked
25 replies to this topic

#1 userid48348754

userid48348754

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 03 August 2012 - 11:03 PM

Microsoft Security Essentials detected Sirefef.AB, M, and W trojans before I had to uninstall it. (If running, I would get a "Windows has encountered a critical error and will automatically close in one minute" message within a few minutes of starting the computer.) Windows Firewall has also been turned off and I can't turn it back on.

The following is my DDS log. Thank you in advance for any help.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by Admin at 21:42:20 on 2012-08-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.33.1033.18.3894.2615 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\.\globalroot\systemroot\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\U
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: HP SimplePass Identity Protection Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 64.59.135.145 64.59.128.114
TCP: Interfaces\{250DA9DC-3007-4A68-B16A-C26DA65B4D32} : DhcpNameServer = 64.59.135.145 64.59.128.114
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO-X64: HP SimplePass Identity Protection Extension - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pfud24ei.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: network.proxy.http - 203.183.237.19
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2011-6-6 43704]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-4 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 S3DSvc32;S3D Service (Win32);C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [2011-6-6 360960]
R2 S3DSvc64;S3D Service (Win64);C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [2011-6-6 480768]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-1-18 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-1-18 528760]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-6-8 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-26 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-26 136176]
S3 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-04 03:27:37 328704 ----a-w- C:\Windows\System32\services.exe.386DCD8E67608842
2012-08-04 03:23:51 328704 ----a-w- C:\Windows\System32\services.exe.BFFC4CEFF6072915
2012-08-04 03:20:02 328704 ----a-w- C:\Windows\System32\services.exe.998E999918F584F7
2012-08-03 22:15:51 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-29 20:04:02 -------- d-----w- C:\Users\Admin\AppData\Roaming\.minecraft
2012-07-20 04:54:53 -------- d-----w- C:\Adobe Photoshop CS6 Extended
2012-07-15 07:15:05 -------- d-----w- C:\Users\Admin\AppData\Local\Zachtronics Industries
2012-07-12 23:43:26 -------- d-----w- C:\Program Files (x86)\Avi2Dvd
2012-07-12 23:34:40 -------- d-----w- C:\Program Files (x86)\Steam
.
==================== Find3M ====================
.
2012-07-31 22:36:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 22:36:59 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 19:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 21:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 21:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 21:42:52.02 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 06 August 2012 - 03:04 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 userid48348754

userid48348754
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 06 August 2012 - 05:40 AM

Hello,

Thank you for responding.

Here is the Security Check log:

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 21
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

I had no idea I had so many things out of date; I will have to do some updating.

Here is the Combofix log:


ComboFix 12-08-05.02 - Admin 06/08/2012 3:17.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3894.2200 [GMT -6:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\@
c:\windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\U\00000001.@
c:\windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\U\80000000.@
c:\windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\U\800000cb.@
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
c:\windows\system32\services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 09:27 . 2012-08-06 09:27 -------- d-----w- c:\users\Work\AppData\Local\temp
2012-08-06 09:27 . 2012-08-06 09:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-06 09:27 . 2012-08-06 09:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 03:27 . 2012-08-04 03:27 328704 ----a-w- c:\windows\system32\services.exe.386DCD8E67608842
2012-08-04 03:23 . 2012-08-04 03:23 328704 ----a-w- c:\windows\system32\services.exe.BFFC4CEFF6072915
2012-08-04 03:20 . 2012-08-04 03:20 328704 ----a-w- c:\windows\system32\services.exe.998E999918F584F7
2012-08-03 22:15 . 2012-08-03 22:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-29 20:04 . 2012-07-29 20:04 -------- d-----w- c:\users\Admin\AppData\Roaming\.minecraft
2012-07-20 05:01 . 2012-07-20 05:09 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-20 03:21 . 2012-07-20 03:21 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-15 07:15 . 2012-07-15 07:15 -------- d-----w- c:\users\Admin\AppData\Local\Zachtronics Industries
2012-07-12 23:43 . 2012-07-12 23:44 -------- d-----w- c:\program files (x86)\Avi2Dvd
2012-07-12 23:34 . 2012-07-15 07:37 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 22:36 . 2012-04-01 20:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 22:36 . 2011-05-24 22:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 19:46 . 2012-04-02 00:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-20 23:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-20 23:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-20 23:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-20 23:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-20 23:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-20 23:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-20 23:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-20 23:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-20 23:59 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\services.exe
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 014A9CB92514E27C0107614DF764BC06 . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_09.18.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-20 05:03 . 2011-02-20 05:03 51024 c:\windows\SysWOW64\vcomp100.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 81744 c:\windows\SysWOW64\mfcm100.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 64336 c:\windows\SysWOW64\mfc100fra.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 64336 c:\windows\SysWOW64\mfc100fra.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 64336 c:\windows\SysWOW64\mfc100deu.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2009-07-14 04:54 . 2012-06-19 01:42 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-06 00:11 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-01 20:07 . 2012-08-05 00:51 64086 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-06 09:30 42752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-21 23:55 . 2012-08-06 09:30 18826 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-8015424-1862617799-1635857064-1001_UserData.bin
+ 2011-02-20 04:51 . 2011-02-20 04:51 57168 c:\windows\system32\vcomp100.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 93008 c:\windows\system32\mfcm100u.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 93008 c:\windows\system32\mfcm100.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 60752 c:\windows\system32\mfc100rus.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 43344 c:\windows\system32\mfc100kor.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 62288 c:\windows\system32\mfc100ita.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 64336 c:\windows\system32\mfc100fra.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 63824 c:\windows\system32\mfc100esn.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 55120 c:\windows\system32\mfc100enu.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 64336 c:\windows\system32\mfc100deu.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 36176 c:\windows\system32\mfc100cht.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 36176 c:\windows\system32\mfc100chs.dll
+ 2012-08-03 22:34 . 2012-08-06 09:01 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-06 09:16 . 2012-08-06 09:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012080620120807\index.dat
+ 2012-08-06 09:16 . 2012-08-06 09:16 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012073020120806\index.dat
+ 2012-08-03 22:15 . 2012-08-03 22:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-08-03 22:15 . 2012-08-06 09:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-08-03 22:15 . 2012-08-06 09:16 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-08-22 05:45 . 2012-06-19 08:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-22 05:45 . 2012-08-02 22:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-07-23 21:26 80184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-08-22 05:45 . 2012-06-19 08:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-22 05:45 . 2012-08-02 22:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-22 05:45 . 2012-06-19 08:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-22 05:45 . 2012-08-02 22:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-21 22:52 . 2012-06-19 08:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-21 22:52 . 2012-08-06 09:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-21 22:52 . 2012-08-06 09:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-21 22:52 . 2012-06-19 08:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-16 06:50 . 2012-05-16 06:50 41472 c:\windows\Installer\fdc97c.msi
+ 2012-07-16 17:53 . 2012-07-16 17:53 25600 c:\windows\Installer\143422.msi
- 2010-11-15 04:29 . 2010-11-15 04:29 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2012-07-20 05:00 . 2012-07-20 05:00 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2012-07-20 05:00 . 2012-07-20 05:00 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
- 2010-11-15 04:29 . 2010-11-15 04:29 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2010-11-15 07:02 . 2012-07-03 09:35 1744 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-29 17:03 . 2012-08-04 03:27 5076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-8015424-1862617799-1635857064-1005_UserData.bin
- 2012-06-19 09:17 . 2012-06-19 09:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 09:28 . 2012-08-06 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 09:28 . 2012-08-06 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-19 09:17 . 2012-06-19 09:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-19 06:40 . 2011-02-19 06:40 773968 c:\windows\SysWOW64\msvcr100.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 421200 c:\windows\SysWOW64\msvcp100.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 421200 c:\windows\SysWOW64\msvcp100.dll
- 2010-03-05 17:13 . 2010-03-05 17:13 947472 c:\windows\SysWOW64\msjava.dll
+ 2012-03-13 02:56 . 2012-03-13 02:56 947472 c:\windows\SysWOW64\msjava.dll
+ 2012-07-31 22:36 . 2012-07-31 22:36 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-04-01 20:05 . 2012-07-31 22:36 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:54 . 2012-08-06 00:11 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-19 01:42 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-20 05:03 . 2011-02-20 05:03 138056 c:\windows\SysWOW64\atl100.dll
- 2010-03-18 16:15 . 2010-03-18 16:15 138056 c:\windows\SysWOW64\atl100.dll
+ 2010-08-22 20:50 . 2012-08-05 22:33 368414 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-08-04 03:34 607190 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-04 03:34 103568 c:\windows\system32\perfc009.dat
+ 2011-02-19 06:52 . 2011-02-19 06:52 829264 c:\windows\system32\msvcr100.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 608080 c:\windows\system32\msvcp100.dll
+ 2012-07-31 22:36 . 2012-07-31 22:36 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2009-07-14 05:12 . 2012-08-03 23:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-06-06 21:57 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-21 22:46 . 2012-08-06 09:16 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-06 09:16 557056 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-18 16:36 . 2010-03-18 16:36 158536 c:\windows\system32\atl100.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 158536 c:\windows\system32\atl100.dll
+ 2009-07-14 05:01 . 2012-08-06 09:28 469596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-20 04:57 . 2011-02-20 04:57 177664 c:\windows\Installer\99c6f.msi
+ 2011-02-20 05:08 . 2011-02-20 05:08 163840 c:\windows\Installer\8a530.msi
+ 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-06-06 23:58 . 2012-06-18 23:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-06-06 23:58 . 2012-06-18 23:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-06-06 23:58 . 2012-06-18 23:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-06-06 23:58 . 2012-06-18 23:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2011-02-20 05:03 . 2011-02-20 05:03 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-02-20 05:03 . 2011-02-20 05:03 4397384 c:\windows\SysWOW64\mfc100.dll
+ 2012-07-31 22:36 . 2012-07-31 22:36 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-07-31 22:36 . 2012-07-31 22:36 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
- 2009-07-14 04:54 . 2012-06-19 01:42 1425408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-06 00:11 1425408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-20 04:51 . 2011-02-20 04:51 5601616 c:\windows\system32\mfc100u.dll
+ 2011-02-20 04:51 . 2011-02-20 04:51 5574472 c:\windows\system32\mfc100.dll
+ 2009-07-14 04:45 . 2012-07-20 19:14 5043376 c:\windows\system32\FNTCACHE.DAT
+ 2010-08-21 22:46 . 2012-08-06 09:16 2441216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-07-20 19:17 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-07 00:01 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-06-08 10:24 . 2012-08-06 09:28 1470672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-05-25 08:01 . 2012-08-04 02:49 9207555 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-8015424-1862617799-1635857064-1005-8192.dat
+ 2011-04-16 06:14 . 2011-04-16 06:14 3186176 c:\windows\Installer\b921c.msi
+ 2012-04-06 02:22 . 2012-04-06 02:22 2259968 c:\windows\Installer\b9214.msi
+ 2011-04-16 14:44 . 2011-04-16 14:44 2770944 c:\windows\Installer\99c59.msi
+ 2012-04-06 02:23 . 2012-04-06 02:23 1997312 c:\windows\Installer\8a516.msi
+ 2012-04-06 02:23 . 2012-04-06 02:23 2211328 c:\windows\Installer\8a50d.msi
+ 2012-07-12 23:33 . 2012-07-12 23:33 1606656 c:\windows\Installer\3f9909.msi
- 2009-07-14 02:34 . 2012-06-19 09:13 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-03 22:22 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-31 22:36 . 2012-07-31 22:36 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2010-08-22 05:38 . 2012-08-06 09:28 38803724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-8015424-1862617799-1635857064-1001-8192.dat
+ 2012-07-20 03:20 . 2012-07-20 03:20 53218816 c:\windows\Installer\fdc985.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775d}]
2009-11-25 18:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c9a6357b-25cc-4bcf-96c1-78736985d414}"= "mscoree.dll" [2009-11-25 297808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 136176]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-22 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-14 503352]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-07 43704]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-04 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-10 203264]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-25 360960]
S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-25 480768]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-10 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-10 279040]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-29 10610400]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 21:38]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 21:38]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8015424-1862617799-1635857064-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 00:56]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8015424-1862617799-1635857064-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 00:56]
.
2012-08-06 c:\windows\Tasks\HPCeeScheduleForAdmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
2011-07-13 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files (x86)\NCH Swift Sound\Scribe\scribe.exe [2011-06-16 21:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-04 487424]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.59.135.145 64.59.128.114
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pfud24ei.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: network.proxy.http - 203.183.237.19
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-8015424-1862617799-1635857064-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):84,ce,e5,e6,fa,bb,01,26,86,b1,a4,b9,6c,ca,b6,c0,d2,1d,50,35,1e,
9e,e1,fc,5b,15,4d,9f,89,80,ef,71,a6,a0,ea,55,9e,73,c5,8d,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-8015424-1862617799-1635857064-1001_Classes\Wow6432Node\CLSID\{80a6471f-9e79-4174-8cb6-f4216f9841f3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015c
"Therad"=dword:0000002a
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,d2,2d,77,d8,5c,2e,75,92,1b,e4,72,4e,b5,f0,26,6c,43,a9,47,e4,05,be,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-06 03:44:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 09:44
ComboFix2.txt 2012-06-19 09:23
.
Pre-Run: 66,019,414,016 bytes free
Post-Run: 65,867,083,776 bytes free
.
- - End Of File - - 618F32867FB7C5758097BFD28FF2B1AF

*******************************************************************************************************

Current Status:


Windows Firewall appears to be back up! I tried reinstalling Microsoft Security Essentials, but I still get the "Windows has encountered a critical error and will restart in one minute" message and forced restart shortly after the program loads. Before that happens, it was still detecting Sirefef.AB and W and attempting to clean them. I have once again uninstalled MSE so I can use this computer.

Thank you for your help so far.

Edited by userid48348754, 06 August 2012 - 05:49 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 06 August 2012 - 12:42 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 userid48348754

userid48348754
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 06 August 2012 - 03:13 PM

Hi again,

Here is the FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 06-08-2012 13:35:36
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-09-03] (IDT, Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-28] (Intel Corporation)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-01-27] ()
HKU\Work\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-01-22] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.59.135.145 64.59.128.114
Lsa: [Notification Packages] DPPassFilter
scecli
Startup: C:\Users\Work\Start Menu\Programs\Startup\????® ???·????·??????·???? 2.0.lnk
ShortcutTarget: ????® ???·????·??????·???? 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc)
2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [444680 2009-12-30] (DigitalPersona, Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-02-08] (DeviceVM, Inc.)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 S3DSvc32; C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [360960 2010-10-24] (iZ3D Inc.)
2 S3DSvc64; C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [480768 2010-10-24] (iZ3D Inc.)
2 TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [6583160 2011-09-08] (Wacom Technology, Corp.)
2 TouchServicePen; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [528760 2011-09-08] (Wacom Technology, Corp.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-17] (Intel Corporation)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [2184496 2010-01-06] (Validity Sensors, Inc.)
2 vcsFPService; C:\Windows\SysWow64\vcsFPService.exe [1791280 2010-01-05] (Validity Sensors, Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe" [x]

========================== Drivers (Whitelisted) =============

1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2010-01-29] (DeviceVM, Inc.)
3 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [145008 2011-07-06] (Tonec Inc.)
1 iZ3DInjectionDriver; \??\C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [43704 2010-10-06] ()
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [232992 2010-01-11] (Realtek Semiconductor Corp.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-01-13] (Duplex Secure Ltd.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel® Corporation)
3 wacmoumonitor; C:\Windows\System32\Drivers\wacmoumonitor.sys [13312 2011-09-08] (Wacom Technology)
3 wacommousefilter; C:\Windows\System32\Drivers\wacommousefilter.sys [12848 2010-10-05] (Wacom Technology)
3 wacomvhid; C:\Windows\System32\Drivers\wacomvhid.sys [16168 2010-10-05] (Wacom Technology)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-06 02:28 - 2012-08-06 02:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E01ADDE57A74696C
2012-08-06 02:25 - 2012-08-06 02:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5CF88CD8FAA2741B
2012-08-06 02:22 - 2012-08-06 02:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F43D23BE5134EBA6
2012-08-06 02:22 - 2012-08-06 02:22 - 00000000 __SHD C:\Config.Msi
2012-08-06 02:19 - 2012-08-06 02:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4DF62AD0CCBF4C0
2012-08-06 02:17 - 2012-08-06 02:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E3473C2C1F02C7E
2012-08-06 02:14 - 2012-08-06 02:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.23AE28A2C95D1D9B
2012-08-06 02:13 - 2012-08-06 02:13 - 00000000 __SHD C:\$RECYCLE.BIN
2012-08-06 02:11 - 2012-08-06 02:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3236D46D6605435A
2012-08-06 02:08 - 2012-08-06 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63C8364DC1FFE154
2012-08-06 02:05 - 2012-08-06 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E908E3AFFFBEE17F
2012-08-06 01:58 - 2012-08-06 02:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-06 01:48 - 2012-08-06 01:57 - 00036955 ____A C:\Users\Admin\Desktop\ComboFix.txt
2012-08-06 01:44 - 2012-08-06 01:44 - 00037187 ____A C:\ComboFix.txt
2012-08-06 00:53 - 2012-08-06 00:53 - 00001211 ____A C:\Users\Admin\Desktop\checkup.txt
2012-08-06 00:49 - 2012-08-06 00:49 - 00881494 ____A C:\Users\Admin\Desktop\SecurityCheck.exe
2012-08-04 20:32 - 2012-08-04 20:32 - 00001650 ____A C:\Users\Admin\Desktop\Photoshop.exe - Shortcut.lnk
2012-08-03 19:44 - 2012-08-03 19:50 - 00021156 ____A C:\Users\Admin\Desktop\DDS.txt
2012-08-03 19:44 - 2012-08-03 19:44 - 00009783 ____A C:\Users\Admin\Desktop\Attach.txt
2012-08-03 19:41 - 2012-08-03 19:41 - 00607260 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2012-08-03 19:27 - 2012-08-03 19:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.386DCD8E67608842
2012-08-03 19:23 - 2012-08-03 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFFC4CEFF6072915
2012-08-03 19:20 - 2012-08-03 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.998E999918F584F7
2012-08-03 14:15 - 2012-08-03 14:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-02 15:03 - 2012-08-02 15:03 - 00012777 ____A C:\Users\Work\Desktop\Nslsc.docx
2012-07-29 12:04 - 2012-07-29 12:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2012-07-25 11:44 - 2012-07-25 11:44 - 04566315 ____A C:\Users\Admin\Desktop\Untitled-1.psd
2012-07-23 15:35 - 2012-07-22 17:59 - 53118689 ____A C:\Users\Public\Documents\TFRBots - Count-Down - part 1.flv
2012-07-23 13:38 - 2012-07-22 18:20 - 75775230 ____A C:\Users\Public\Documents\TFRBots - Count-Down - part 2.flv
2012-07-19 21:15 - 2012-07-19 21:15 - 00000000 ____D C:\Users\Admin\Documents\Adobe
2012-07-19 21:01 - 2012-07-19 21:09 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-07-19 19:21 - 2012-07-19 19:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-07-19 19:19 - 2012-07-19 19:19 - 13083592 ____A (Microsoft Corporation) C:\Users\Public\Documents\Silverlight_x64.exe
2012-07-14 23:15 - 2012-07-14 23:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Zachtronics Industries
2012-07-14 18:40 - 2012-07-14 18:40 - 00174363 ____A C:\Users\Public\Documents\Fonts1.zip
2012-07-14 18:40 - 2012-07-14 18:40 - 00000000 ____D C:\Users\Public\Documents\Fonts1
2012-07-12 16:05 - 2012-07-12 16:05 - 00000219 ____A C:\Users\Admin\Desktop\Portal.url
2012-07-12 15:55 - 2012-07-12 15:55 - 00000221 ____A C:\Users\Admin\Desktop\SpaceChem.url
2012-07-12 15:43 - 2012-07-12 15:44 - 00000000 ____D C:\Program Files (x86)\Avi2Dvd
2012-07-12 15:43 - 2012-07-12 15:43 - 00000947 ____A C:\Users\Work\Desktop\Avi2Dvd.lnk
2012-07-12 15:43 - 2012-07-12 15:43 - 00000947 ____A C:\Users\Admin\Desktop\Avi2Dvd.lnk
2012-07-12 15:41 - 2012-07-12 15:42 - 37203147 ____A C:\Users\Public\Documents\Avi2Dvd_Setup_064.exe
2012-07-12 15:34 - 2012-07-14 23:37 - 00000000 ____D C:\Program Files (x86)\Steam
2012-07-12 15:34 - 2012-07-12 15:34 - 00000877 ____A C:\Users\Public\Desktop\Steam.lnk

============ 3 Months Modified Files and Folders =============

2012-08-06 13:35 - 2012-06-18 22:41 - 00000000 ____D C:\FRST
2012-08-06 11:33 - 2010-06-08 01:45 - 01123728 ____A C:\Windows\WindowsUpdate.log
2012-08-06 10:58 - 2012-01-26 13:38 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-06 10:53 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-06 10:53 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-06 10:46 - 2012-01-26 13:38 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-06 10:45 - 2010-08-21 14:46 - 4083007488 __ASH C:\pagefile.sys
2012-08-06 10:45 - 2010-06-08 01:36 - 3062255616 __ASH C:\hiberfil.sys
2012-08-06 10:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-06 10:45 - 2009-07-13 20:51 - 00130736 ____A C:\Windows\setupact.log
2012-08-06 08:42 - 2011-04-28 16:56 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8015424-1862617799-1635857064-1001UA.job
2012-08-06 04:02 - 2010-08-21 22:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\foobar2000
2012-08-06 02:30 - 2012-08-06 01:58 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-06 02:30 - 2012-06-06 15:58 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-06 02:30 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)
2012-08-06 02:28 - 2012-08-06 02:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E01ADDE57A74696C
2012-08-06 02:25 - 2012-08-06 02:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5CF88CD8FAA2741B
2012-08-06 02:22 - 2012-08-06 02:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F43D23BE5134EBA6
2012-08-06 02:22 - 2012-08-06 02:22 - 00000000 __SHD C:\Config.Msi
2012-08-06 02:19 - 2012-08-06 02:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4DF62AD0CCBF4C0
2012-08-06 02:18 - 2012-06-18 17:21 - 00815380 ____A C:\Windows\ntbtlog.txt
2012-08-06 02:17 - 2012-08-06 02:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E3473C2C1F02C7E
2012-08-06 02:14 - 2012-08-06 02:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.23AE28A2C95D1D9B
2012-08-06 02:13 - 2012-08-06 02:13 - 00000000 __SHD C:\$RECYCLE.BIN
2012-08-06 02:11 - 2012-08-06 02:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3236D46D6605435A
2012-08-06 02:08 - 2012-08-06 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63C8364DC1FFE154
2012-08-06 02:05 - 2012-08-06 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E908E3AFFFBEE17F
2012-08-06 02:03 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-06 01:58 - 2011-06-16 19:46 - 00722628 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-06 01:58 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
2012-08-06 01:57 - 2012-08-06 01:48 - 00036955 ____A C:\Users\Admin\Desktop\ComboFix.txt
2012-08-06 01:45 - 2012-08-06 01:45 - 00037187 ____A C:\Users\Admin\Desktop\combofixlog.txt
2012-08-06 01:44 - 2012-08-06 01:44 - 00037187 ____A C:\ComboFix.txt
2012-08-06 01:44 - 2012-06-18 21:46 - 00000000 ____D C:\Qoobox
2012-08-06 01:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2012-08-06 01:29 - 2012-07-01 16:29 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForAdmin.job
2012-08-06 01:29 - 2012-06-18 21:46 - 00000000 ____D C:\Windows\erdnt
2012-08-06 01:29 - 2009-07-13 18:34 - 00000241 ____A C:\Windows\system.ini
2012-08-06 01:29 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-08-06 01:28 - 2010-06-08 01:49 - 00231606 ____A C:\Windows\PFRO.log
2012-08-06 01:16 - 2010-03-01 12:00 - 00000000 __SHD C:\System Volume Information
2012-08-06 01:13 - 2012-06-19 00:55 - 04725168 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2012-08-06 00:53 - 2012-08-06 00:53 - 00001211 ____A C:\Users\Admin\Desktop\checkup.txt
2012-08-06 00:49 - 2012-08-06 00:49 - 00881494 ____A C:\Users\Admin\Desktop\SecurityCheck.exe
2012-08-05 16:11 - 2010-08-22 16:13 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-05 15:42 - 2011-04-28 16:56 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8015424-1862617799-1635857064-1001Core.job
2012-08-05 14:34 - 2010-08-30 00:24 - 00000297 ____A C:\Users\Admin\Documents\dates.txt
2012-08-04 20:32 - 2012-08-04 20:32 - 00001650 ____A C:\Users\Admin\Desktop\Photoshop.exe - Shortcut.lnk
2012-08-04 17:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-08-03 23:24 - 2010-08-21 15:56 - 00116480 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-03 19:50 - 2012-08-03 19:44 - 00021156 ____A C:\Users\Admin\Desktop\DDS.txt
2012-08-03 19:44 - 2012-08-03 19:44 - 00009783 ____A C:\Users\Admin\Desktop\Attach.txt
2012-08-03 19:41 - 2012-08-03 19:41 - 00607260 ____R (Swearware) C:\Users\Admin\Desktop\dds.com
2012-08-03 19:34 - 2009-07-13 21:13 - 00713714 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 19:27 - 2012-08-03 19:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.386DCD8E67608842
2012-08-03 19:23 - 2012-08-03 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFFC4CEFF6072915
2012-08-03 19:23 - 2009-07-13 15:22 - 00000000 __SHD C:\Users\Admin\AppData\Local\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}
2012-08-03 19:20 - 2012-08-03 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.998E999918F584F7
2012-08-03 19:13 - 2012-06-06 15:48 - 12621696 ____A (Microsoft Corporation) C:\Users\Public\Documents\mseinstall.exe
2012-08-03 18:58 - 2012-06-06 15:35 - 00001065 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-03 18:58 - 2012-04-01 16:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-03 14:15 - 2012-08-03 14:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-02 18:27 - 2012-06-18 17:57 - 00000000 ____D C:\Users\Work\AppData\Roaming\DivX
2012-08-02 15:03 - 2012-08-02 15:03 - 00012777 ____A C:\Users\Work\Desktop\Nslsc.docx
2012-08-01 16:33 - 2012-05-24 23:46 - 00000000 ____D C:\Users\Work\AppData\Local\Adobe
2012-08-01 15:43 - 2012-05-24 23:44 - 00000000 ____D C:\Users\Work\AppData\Roaming\Adobe
2012-07-31 19:46 - 2012-05-27 13:16 - 00000000 ____D C:\Users\Work\AppData\Roaming\foobar2000
2012-07-31 14:36 - 2012-04-01 12:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-31 14:36 - 2011-05-24 14:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-29 12:04 - 2012-07-29 12:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2012-07-25 11:44 - 2012-07-25 11:44 - 04566315 ____A C:\Users\Admin\Desktop\Untitled-1.psd
2012-07-22 18:29 - 2010-08-21 15:54 - 00000000 ____D C:\users\Admin
2012-07-22 18:20 - 2012-07-23 13:38 - 75775230 ____A C:\Users\Public\Documents\TFRBots - Count-Down - part 2.flv
2012-07-22 17:59 - 2012-07-23 15:35 - 53118689 ____A C:\Users\Public\Documents\TFRBots - Count-Down - part 1.flv
2012-07-21 18:03 - 2012-05-24 23:42 - 00116480 ____A C:\Users\Work\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-20 11:14 - 2009-07-13 20:45 - 05043376 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-19 21:15 - 2012-07-19 21:15 - 00000000 ____D C:\Users\Admin\Documents\Adobe
2012-07-19 21:15 - 2010-08-21 21:12 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2012-07-19 21:09 - 2012-07-19 21:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-07-19 21:09 - 2010-11-14 20:37 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-07-19 21:08 - 2010-11-14 20:33 - 00000000 ____D C:\Program Files\Adobe
2012-07-19 21:07 - 2010-03-01 13:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-07-19 21:04 - 2010-03-01 13:30 - 00000000 ____D C:\Users\All Users\Adobe
2012-07-19 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-07-19 20:58 - 2010-08-25 18:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2012-07-19 19:21 - 2012-07-19 19:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-07-19 19:21 - 2010-03-01 14:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-07-19 19:19 - 2012-07-19 19:19 - 13083592 ____A (Microsoft Corporation) C:\Users\Public\Documents\Silverlight_x64.exe
2012-07-18 15:05 - 2012-04-25 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-18 12:50 - 2010-08-21 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-07-14 23:37 - 2012-07-12 15:34 - 00000000 ____D C:\Program Files (x86)\Steam
2012-07-14 23:15 - 2012-07-14 23:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Zachtronics Industries
2012-07-14 18:40 - 2012-07-14 18:40 - 00174363 ____A C:\Users\Public\Documents\Fonts1.zip
2012-07-14 18:40 - 2012-07-14 18:40 - 00000000 ____D C:\Users\Public\Documents\Fonts1
2012-07-12 16:05 - 2012-07-12 16:05 - 00000219 ____A C:\Users\Admin\Desktop\Portal.url
2012-07-12 15:55 - 2012-07-12 15:55 - 00000221 ____A C:\Users\Admin\Desktop\SpaceChem.url
2012-07-12 15:44 - 2012-07-12 15:43 - 00000000 ____D C:\Program Files (x86)\Avi2Dvd
2012-07-12 15:43 - 2012-07-12 15:43 - 00000947 ____A C:\Users\Work\Desktop\Avi2Dvd.lnk
2012-07-12 15:43 - 2012-07-12 15:43 - 00000947 ____A C:\Users\Admin\Desktop\Avi2Dvd.lnk
2012-07-12 15:42 - 2012-07-12 15:41 - 37203147 ____A C:\Users\Public\Documents\Avi2Dvd_Setup_064.exe
2012-07-12 15:34 - 2012-07-12 15:34 - 00000877 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-08 15:15 - 2010-12-04 23:46 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-07-03 11:46 - 2012-04-01 16:07 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 23:25 - 2012-07-02 23:25 - 00000000 ____D C:\Users\Public\Documents\__
2012-07-02 23:25 - 2012-07-02 23:24 - 00972503 ____A C:\Users\Public\Documents\??.zip
2012-06-29 09:35 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-25 00:07 - 2012-06-25 00:07 - 32938975 ____A C:\Users\Public\Documents\episode 01 part 2.flv
2012-06-25 00:07 - 2011-07-03 19:35 - 00000000 ____D C:\Users\Admin\AppData\Roaming\avidemux
2012-06-25 00:03 - 2012-06-25 00:03 - 18646705 ____A C:\Users\Public\Documents\episode 01 part 1.flv
2012-06-24 23:52 - 2012-06-24 23:52 - 51388197 ____A C:\Users\Public\Documents\episode 2.flv
2012-06-24 23:45 - 2012-06-24 23:45 - 00000842 ____A C:\Users\Public\Desktop\Avidemux 2.6.lnk
2012-06-24 23:45 - 2012-06-24 23:45 - 00000000 ____D C:\Program Files\Avidemux 2.6
2012-06-24 23:45 - 2012-06-24 23:42 - 13171235 ____A C:\Users\Public\Documents\avidemux_2.6_r8020_win64.exe
2012-06-24 23:31 - 2012-06-24 23:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\FLV Extract
2012-06-24 23:31 - 2012-06-24 23:30 - 00000000 ____D C:\Users\Public\Documents\FLV_Extract162
2012-06-24 23:30 - 2012-06-24 23:30 - 00082097 ____A C:\Users\Public\Documents\FLV_Extract162.zip
2012-06-24 22:19 - 2012-06-24 22:14 - 12267433 ____A C:\Users\Public\Documents\avidemux_2.5.6_win64.exe
2012-06-24 18:30 - 2012-06-24 18:21 - 00000000 ____D C:\Users\Public\Documents\flvmdi
2012-06-24 17:38 - 2012-06-24 17:38 - 00001090 ____A C:\Users\Work\Desktop\Riva FLV Encoder.lnk
2012-06-24 17:38 - 2012-06-24 17:38 - 00001090 ____A C:\Users\Admin\Desktop\Riva FLV Encoder.lnk
2012-06-24 17:38 - 2012-06-24 17:38 - 00001085 ____A C:\Users\Work\Desktop\Riva FLV Player.lnk
2012-06-24 17:38 - 2012-06-24 17:38 - 00001085 ____A C:\Users\Admin\Desktop\Riva FLV Player.lnk
2012-06-24 17:19 - 2012-06-24 17:19 - 00000000 ____D C:\Program Files (x86)\Riva
2012-06-24 17:18 - 2012-06-24 17:18 - 00463080 ____A (CNET Download.com) C:\Users\Public\Documents\cnet2_RivaEncoderSetup_exe.exe
2012-06-24 16:35 - 2012-06-24 16:35 - 49081564 ____A C:\Users\Public\Documents\sm16926927 - ??! ????????????????? ?3?.flv
2012-06-24 16:35 - 2012-06-24 16:35 - 00086226 ____A C:\Users\Public\Documents\sm16926927 - ??! ????????????????? ?3?.xml
2012-06-24 16:35 - 2012-06-24 16:35 - 00005528 ____A C:\Users\Public\Documents\sm16926927 - ??! ????????????????? ?3?[ThumbImg].jpeg
2012-06-24 16:33 - 2012-06-24 16:33 - 00057819 ____A C:\Users\Public\Documents\sm17029013 - ??! ????????????????? ?4?.xml
2012-06-24 16:33 - 2012-06-24 16:33 - 00003842 ____A C:\Users\Public\Documents\sm17029013 - ??! ????????????????? ?4?[ThumbImg].jpeg
2012-06-24 16:33 - 2012-06-24 16:13 - 92127106 ____A C:\Users\Public\Documents\sm17029013 - ??! ????????????????? ?4?.flv
2012-06-24 16:18 - 2012-06-24 16:18 - 00001258 ____A C:\Users\Public\Desktop\Moyea Software Gallery.lnk
2012-06-24 16:18 - 2012-06-24 16:18 - 00001053 ____A C:\Users\Public\Desktop\Moyea FLV Editor Lite.lnk
2012-06-24 16:18 - 2012-06-24 16:18 - 00000000 ____D C:\Users\Admin\Documents\Moyea
2012-06-24 16:18 - 2012-06-24 16:18 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Moyea
2012-06-24 16:17 - 2012-06-24 16:17 - 00000000 ____D C:\Program Files (x86)\Moyea
2012-06-24 16:17 - 2012-06-24 16:16 - 13541464 ____A (Moyea Software Co., LTD ) C:\Users\Public\Documents\FlvEditor_Lite.exe
2012-06-24 16:03 - 2012-06-24 16:03 - 02102739 ____A C:\Users\Public\Documents\sm1171606 - ??! ????????????????? ?3?.mp4
2012-06-24 16:03 - 2012-06-24 16:03 - 00173843 ____A C:\Users\Public\Documents\sm1171606 - ??! ????????????????? ?3?.xml
2012-06-24 16:03 - 2012-06-24 16:03 - 00004079 ____A C:\Users\Public\Documents\sm1171606 - ??! ????????????????? ?3?[ThumbImg].jpeg
2012-06-24 16:02 - 2012-06-24 16:02 - 02102739 ____A C:\Users\Public\Documents\sm1204069 - ??! ????????????????? ?1? 2/2.mp4
2012-06-24 16:02 - 2012-06-24 16:02 - 00170894 ____A C:\Users\Public\Documents\sm1204069 - ??! ????????????????? ?1? 2/2.xml
2012-06-24 16:02 - 2012-06-24 16:02 - 00004079 ____A C:\Users\Public\Documents\sm1204069 - ??! ????????????????? ?1? 2/2[ThumbImg].jpeg
2012-06-24 15:31 - 2012-06-24 15:31 - 00114497 ____A C:\Users\Public\Documents\sm16921257 - ??! ????????????????? ?1?.xml
2012-06-24 15:31 - 2012-06-24 15:31 - 00004657 ____A C:\Users\Public\Documents\sm16921257 - ??! ????????????????? ?1?[ThumbImg].jpeg
2012-06-24 15:31 - 2012-06-24 15:12 - 54594525 ____A C:\Users\Public\Documents\sm16921257 - 01.flv
2012-06-24 15:11 - 2012-06-24 15:11 - 02102739 ____A C:\Users\Public\Documents\sm1202590 - ??! ????????????????? ?1? 1/2.mp4
2012-06-24 15:11 - 2012-06-24 15:11 - 00172131 ____A C:\Users\Public\Documents\sm1202590 - ??! ????????????????? ?1? 1/2.xml
2012-06-24 15:11 - 2012-06-24 15:11 - 00004079 ____A C:\Users\Public\Documents\sm1202590 - ??! ????????????????? ?1? 1/2[ThumbImg].jpeg
2012-06-24 03:20 - 2012-06-24 03:20 - 00463080 ____A (CNET Download.com) C:\Users\Public\Documents\cnet2_FlvEditor_Lite_exe.exe
2012-06-24 03:10 - 2012-06-24 03:10 - 02102739 ____A C:\Users\Public\Documents\sm1169155 - ??! ????????????????? ?2?.mp4
2012-06-24 03:10 - 2012-06-24 03:10 - 00177442 ____A C:\Users\Public\Documents\sm16944709 - ??! ????????????????? ?2?.xml
2012-06-24 03:10 - 2012-06-24 03:10 - 00004079 ____A C:\Users\Public\Documents\sm1169155 - ??! ????????????????? ?2?[ThumbImg].jpeg
2012-06-24 02:29 - 2012-06-24 02:29 - 00111638 ____A C:\Users\Public\Documents\sm1694470967 - ??! ????????????????? ?2?.xml
2012-06-24 02:29 - 2012-06-24 02:29 - 00005545 ____A C:\Users\Public\Documents\sm16944709 - ??! ????????????????? ?2?[ThumbImg].jpeg
2012-06-24 01:58 - 2012-06-24 01:38 - 54519338 ____A C:\Users\Public\Documents\??!????????????????? ?2?.flv
2012-06-24 01:25 - 2012-06-24 01:25 - 00000013 ____A C:\Users\Public\Documents\smile.txt
2012-06-22 23:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-22 14:41 - 2012-06-22 14:40 - 00000000 ____D C:\Users\Work\Documents\My PSP Files
2012-06-22 14:41 - 2012-06-22 14:40 - 00000000 ____D C:\Users\Work\AppData\Local\Corel
2012-06-22 14:40 - 2012-06-22 14:40 - 00000000 ____D C:\Users\Work\Documents\Mes diaporamas Corel
2012-06-22 14:40 - 2012-06-22 14:40 - 00000000 ____D C:\Users\Work\AppData\Roaming\Corel
2012-06-19 01:23 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-18 23:16 - 2012-06-18 23:28 - 00041766 ____A C:\FRST.txt
2012-06-18 23:16 - 2012-06-18 23:16 - 00041766 ____A C:\Users\Admin\Desktop\FRST.txt
2012-06-18 21:17 - 2012-06-18 21:17 - 00002042 ____A C:\Users\Admin\Desktop\RKreport[1].txt
2012-06-18 21:17 - 2012-06-18 21:16 - 00000000 ____D C:\Users\Admin\Desktop\RK_Quarantine
2012-06-18 21:16 - 2012-06-18 21:16 - 01521152 ____A C:\Users\Admin\Desktop\RogueKiller.exe
2012-06-18 21:15 - 2012-06-18 21:08 - 02109032 ____A C:\Users\Admin\Desktop\tdsskiller.zip
2012-06-18 21:11 - 2012-06-18 21:09 - 00137672 ____A C:\TDSSKiller.2.7.40.0_18.06.2012_23.09.20_log.txt
2012-06-18 20:24 - 2012-06-18 20:24 - 01404927 ____A C:\Users\Work\Downloads\FRST64.exe
2012-06-18 17:57 - 2012-06-18 17:57 - 00000000 ____D C:\Users\Work\AppData\Roaming\Media Player Classic
2012-06-18 17:56 - 2012-06-18 17:56 - 00000000 ____D C:\Users\Work\AppData\Roaming\Apple Computer
2012-06-18 17:56 - 2012-06-18 17:56 - 00000000 ____D C:\Users\Work\AppData\Local\Apple Computer
2012-06-17 12:23 - 2012-02-20 11:44 - 00000000 ____D C:\Users\Admin\Documents\Bus Driver
2012-06-15 18:04 - 2012-06-15 18:01 - 248756103 ____A C:\Users\Admin\Documents\videoplayback-{01baa15e-724b-4e31-8a3d-b68faceab88f}.dtapart
2012-06-15 15:12 - 2012-06-15 15:12 - 00000000 ____D C:\Users\Work\AppData\Roaming\Malwarebytes
2012-06-15 13:15 - 2012-06-18 21:08 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\TDSSKiller.exe
2012-06-14 00:20 - 2011-10-31 15:46 - 00027648 ____A C:\Users\Admin\Documents\BoM Orchestration.doc
2012-06-11 14:57 - 2012-06-11 14:57 - 00000000 ____D C:\Users\Work\AppData\Local\Macromedia
2012-06-11 13:47 - 2012-06-11 13:47 - 00000000 ____D C:\Users\Admin\AppData\Local\Macromedia
2012-06-07 13:54 - 2012-06-07 13:54 - 00001986 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-06-06 22:22 - 2012-06-06 22:22 - 00000000 ____D C:\Users\Work\Documents\New folder
2012-06-06 15:54 - 2010-08-21 21:06 - 00000000 ____D C:\Program Files\Alwil Software
2012-06-06 15:52 - 2010-08-21 21:06 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-06 15:51 - 2012-06-06 15:51 - 00324880 ____A (AVAST Software) C:\Users\Public\Documents\aswclear.exe
2012-06-06 15:35 - 2012-06-06 15:34 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Public\Documents\mbam-setup-1.61.0.1400.exe
2012-06-06 15:17 - 2012-06-06 15:17 - 00000000 ____D C:\Windows\Sun
2012-06-06 13:52 - 2012-06-06 13:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Corporation
2012-06-06 13:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-06 13:44 - 2012-06-06 13:44 - 00791712 ____A (Microsoft Corporation) C:\Users\Work\Downloads\BOIE8_ENUS_WIN764L.EXE
2012-06-06 13:44 - 2012-06-06 13:42 - 00002180 ____A C:\Windows\ie8_main.log
2012-06-06 13:41 - 2012-06-06 13:40 - 25492336 ____A (Microsoft Corporation) C:\Users\Work\Downloads\IE8-WindowsVista-x64-ENU.exe
2012-06-05 13:11 - 2012-06-05 12:59 - 00008205 ____A C:\Windows\IE9_main.log
2012-06-05 13:01 - 2012-06-05 12:59 - 00000134 ____A C:\Users\Admin\Desktop\Internet Explorer Troubleshooting.url
2012-06-05 12:57 - 2012-06-05 12:57 - 36380976 ____A (Microsoft Corporation) C:\Users\Public\Documents\IE9-Windows7-x64-enu.exe
2012-06-05 12:52 - 2012-06-05 12:52 - 18124080 ____A (Microsoft Corporation) C:\Users\Public\Documents\IE9-Windows7-x86-enu.exe
2012-06-02 14:19 - 2012-06-20 15:59 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 15:59 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 15:59 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 15:59 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 15:59 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 15:59 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 15:59 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:19 - 2012-06-20 15:59 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 13:15 - 2012-06-20 15:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-29 18:42 - 2012-05-29 18:42 - 00000000 ____D C:\Users\Work\AppData\Roaming\Opera
2012-05-29 18:42 - 2012-05-29 18:42 - 00000000 ____D C:\Users\Work\AppData\Local\Opera
2012-05-28 09:47 - 2012-06-06 22:37 - 70668620 ____A C:\Users\Admin\Documents\[720P] ???-???? MV.mp4
2012-05-27 17:20 - 2012-05-27 17:18 - 00000000 ____D C:\Users\Work\Documents\Bus Driver
2012-05-27 17:19 - 2012-05-24 23:41 - 00000000 ____D C:\Users\Work\AppData\Roaming\WTablet
2012-05-27 12:05 - 2012-05-27 12:05 - 00001195 ____A C:\Users\Public\Desktop\Bus Driver.lnk
2012-05-27 12:05 - 2012-05-27 12:05 - 00000000 ____D C:\Users\All Users\Trymedia
2012-05-27 12:05 - 2012-05-27 12:04 - 00000000 ____D C:\Program Files (x86)\Bus Driver
2012-05-27 12:05 - 2009-07-13 19:20 - 00000000 ____D C:\ProgramData
2012-05-27 12:04 - 2012-05-27 12:04 - 00000000 ____D C:\Users\Public\Documents\bd_setup_1_5
2012-05-27 12:04 - 2012-05-27 11:58 - 81810435 ____A C:\Users\Public\Documents\bd_setup_1_5.zip
2012-05-27 11:50 - 2012-05-26 17:45 - 00002514 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2012-05-26 19:14 - 2011-10-09 00:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Real
2012-05-26 17:51 - 2012-02-20 11:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\WildTangent
2012-05-26 17:47 - 2010-06-08 02:10 - 00000000 ____D C:\Users\All Users\WildTangent
2012-05-26 17:45 - 2012-05-26 17:45 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2012-05-26 17:45 - 2010-06-08 02:10 - 00000000 ____D C:\Program Files (x86)\HP Games
2012-05-26 12:57 - 2012-05-26 12:26 - 00031232 ____A C:\Users\Admin\Documents\Notes.doc
2012-05-25 16:22 - 2012-03-02 20:16 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-05-24 23:45 - 2012-05-24 23:45 - 00000000 ____D C:\Users\Work\AppData\Roaming\Mozilla
2012-05-24 23:45 - 2012-05-24 23:45 - 00000000 ____D C:\Users\Work\AppData\Local\Mozilla
2012-05-24 23:42 - 2012-05-24 23:42 - 00000000 ____D C:\Users\Work\AppData\Roaming\ATI
2012-05-24 23:42 - 2012-05-24 23:42 - 00000000 ____D C:\Users\Work\AppData\Local\Hewlett-Packard
2012-05-24 23:42 - 2012-05-24 23:42 - 00000000 ____D C:\Users\Work\AppData\Local\ATI
2012-05-24 23:41 - 2012-05-24 23:41 - 00001439 ____A C:\Users\Work\Desktop\Internet Explorer 32-bit.lnk
2012-05-24 23:41 - 2012-05-24 23:41 - 00000020 ___SH C:\Users\Work\ntuser.ini
2012-05-24 23:41 - 2012-05-24 23:41 - 00000000 ____D C:\Users\Work\AppData\Roaming\Hewlett-Packard
2012-05-24 23:41 - 2012-05-24 23:41 - 00000000 ____D C:\Users\Work\AppData\Roaming\DigitalPersona
2012-05-24 23:41 - 2012-05-24 23:41 - 00000000 ____D C:\Users\Work\AppData\Local\VirtualStore
2012-05-24 23:41 - 2012-05-24 23:41 - 00000000 ____D C:\Users\Work\AppData\Local\DigitalPersona
2012-05-24 23:41 - 2012-05-24 23:41 - 00000000 ____D C:\users\Work
2012-05-24 23:41 - 2009-07-13 19:20 - 00000000 ___RD C:\Users
2012-05-24 23:39 - 2011-01-06 16:02 - 00000000 ____D C:\Users\Admin\Documents\My RoboForm Data
2012-05-24 23:38 - 2012-05-24 23:37 - 06677264 ____A (Adobe Systems Inc.) C:\Users\Public\Documents\Shockwave_Installer_Slim.exe
2012-05-24 23:15 - 2012-05-24 23:10 - 02869264 ____A (Microsoft Corporation) C:\Users\Public\Documents\dotnetfx35setup.exe
2012-05-24 22:57 - 2012-05-24 22:57 - 00027648 ____A C:\Users\Public\Documents\Hi All.doc
2012-05-24 22:57 - 2012-05-24 22:57 - 00027648 ____A C:\Users\Admin\Documents\Hi All.doc
2012-05-24 10:29 - 2012-05-24 10:29 - 00000031 ____A C:\Users\Public\Documents\webmail.txt
2012-05-24 10:22 - 2010-03-01 12:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-05-24 10:18 - 2010-12-05 19:13 - 00000000 ____D C:\Users\Admin\Tracing
2012-05-24 10:17 - 2012-05-24 10:17 - 00000665 ____A C:\Users\Public\Documents\launch.rtc
2012-05-24 10:16 - 2011-04-28 16:56 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2012-05-24 10:16 - 2010-08-21 21:14 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2012-05-23 08:57 - 2012-05-23 08:56 - 02885456 ____A (Microsoft Corporation) C:\Users\Public\Documents\EASetup.exe
2012-05-22 19:53 - 2012-05-22 19:53 - 00018919 ____A C:\Users\Public\Documents\practiceset1results.html
2012-05-22 12:01 - 2012-05-22 11:36 - 00000000 ____D C:\Users\Public\Documents\Toolbar
2012-05-21 22:51 - 2012-05-21 22:51 - 00000000 ____D C:\Users\Public\Documents\1
2012-05-21 22:50 - 2012-05-21 22:49 - 03985322 ____A C:\Users\Public\Documents\1.rar
2012-05-21 22:22 - 2010-08-28 01:01 - 00000000 ____D C:\Users\Admin\AppData\Local\Corel
2012-05-21 22:21 - 2010-08-28 01:01 - 00000000 ____D C:\Users\Admin\Documents\My PSP Files
2012-05-21 14:54 - 2012-05-21 14:54 - 00022645 ____A C:\Users\Public\Documents\Results.pdf
2012-05-21 14:50 - 2012-05-21 14:50 - 00007741 ____A C:\Users\Public\Documents\Results.mht
2012-05-19 19:24 - 2012-05-19 19:24 - 00000000 ____D C:\Users\Admin\Documents\My Meetings
2012-05-19 19:22 - 2012-05-19 19:22 - 17267464 ____A (Microsoft Corporation) C:\Users\Public\Documents\LMSetup.exe
2012-05-19 19:22 - 2012-05-19 19:22 - 00000000 ____D C:\Users\All Users\Applications
2012-05-19 14:07 - 2010-08-22 11:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Media Player Classic
2012-05-19 14:05 - 2012-05-19 14:05 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2012-05-19 14:04 - 2012-05-19 13:56 - 09889896 ____A (CCCP Project ) C:\Users\Public\Documents\Combined-Community-Codec-Pack-2011-11-11.exe
2012-05-16 22:19 - 2011-03-22 02:00 - 00000000 ____D C:\Users\All Users\DivX
2012-05-16 22:16 - 2012-05-16 22:16 - 00932704 ____A (DivX, LLC) C:\Users\Public\Documents\DivXInstaller.exe
2012-05-16 22:04 - 2010-10-06 17:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2012-05-16 09:34 - 2010-03-01 12:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-16 09:32 - 2012-04-16 20:41 - 00000000 ____D C:\Users\Admin\Documents\My Games
2012-05-09 17:16 - 2011-08-02 19:47 - 00000000 ____D C:\Users\Admin\Documents\aug 2011
2012-05-09 09:10 - 2012-04-26 20:19 - 00016028 ____A C:\Users\Public\Documents\POINTS FAQ.pdf

ZeroAccess:
C:\Windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}
C:\Windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\L
C:\Windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\U

ZeroAccess:
C:\Users\Admin\AppData\Local\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}
C:\Users\Admin\AppData\Local\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\@
C:\Users\Admin\AppData\Local\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\L
C:\Users\Admin\AppData\Local\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3161.77 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3152.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:442.16 GB) (Free:61.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:23.31 GB) (Free:3.38 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive h: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 983 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 442 GB 200 MB
Partition 3 Primary 23 GB 442 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 442 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 23 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 982 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT Removable 982 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-07-28 15:13

======================= End Of Log ==========================


Here is the Search.txt:


Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 2012-08-06 13:37:04
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-08-06 02:03] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\erdnt\cache64\services.exe
[2012-06-19 01:21] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\FRST\Quarantine\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 06 August 2012 - 05:36 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\erdnt\cache64\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}
C:\Users\Admin\AppData\Local\{1613b7c2-eebb-ded6-0e28-5b5d7723c895}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 userid48348754

userid48348754
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 06 August 2012 - 08:14 PM

Hello,

Here is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 04
Ran by SYSTEM at 2012-08-06 18:58:50 Run:3
Running from H:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\erdnt\cache64\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{1613b7c2-eebb-ded6-0e28-5b5d7723c895} moved successfully.
C:\Users\Admin\AppData\Local\{1613b7c2-eebb-ded6-0e28-5b5d7723c895} moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 06 August 2012 - 09:19 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

RegLock::
[HKEY_USERS\S-1-5-21-8015424-1862617799-1635857064-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-8015424-1862617799-1635857064-1001_Classes\Wow6432Node\CLSID\{80a6471f-9e79-4174-8cb6-f4216f9841f3}]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 userid48348754

userid48348754
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 06 August 2012 - 10:21 PM

Hello,

The computer seems to be running ok, except now I can't reinstall Microsoft Security Essentials (error code 0x80070643). I can't install Windows Updates either (error code: 80246008).


Here is the ComboFix log:


ComboFix 12-08-05.02 - Admin 06/08/2012 20:34:33.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3894.2325 [GMT -6:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 02:41 . 2012-08-07 02:41 -------- d-----w- c:\users\Work\AppData\Local\temp
2012-08-07 02:41 . 2012-08-07 02:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-07 02:41 . 2012-08-07 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 02:17 . 2012-08-07 02:26 -------- d-----w- c:\programdata\MFAData
2012-08-07 02:17 . 2012-08-07 02:17 -------- d--h--w- c:\programdata\Common Files
2012-08-06 10:28 . 2012-08-06 10:28 328704 ----a-w- c:\windows\system32\services.exe.E01ADDE57A74696C
2012-08-06 10:25 . 2012-08-06 10:25 328704 ----a-w- c:\windows\system32\services.exe.5CF88CD8FAA2741B
2012-08-06 10:22 . 2012-08-06 10:22 328704 ----a-w- c:\windows\system32\services.exe.F43D23BE5134EBA6
2012-08-06 10:19 . 2012-08-06 10:19 328704 ----a-w- c:\windows\system32\services.exe.A4DF62AD0CCBF4C0
2012-08-06 10:17 . 2012-08-06 10:17 328704 ----a-w- c:\windows\system32\services.exe.8E3473C2C1F02C7E
2012-08-06 10:14 . 2012-08-06 10:14 328704 ----a-w- c:\windows\system32\services.exe.23AE28A2C95D1D9B
2012-08-06 10:11 . 2012-08-06 10:11 328704 ----a-w- c:\windows\system32\services.exe.3236D46D6605435A
2012-08-06 10:08 . 2012-08-06 10:08 328704 ----a-w- c:\windows\system32\services.exe.63C8364DC1FFE154
2012-08-06 10:05 . 2012-08-06 10:05 328704 ----a-w- c:\windows\system32\services.exe.E908E3AFFFBEE17F
2012-08-06 09:58 . 2012-08-07 02:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-04 03:27 . 2012-08-04 03:27 328704 ----a-w- c:\windows\system32\services.exe.386DCD8E67608842
2012-08-04 03:23 . 2012-08-04 03:23 328704 ----a-w- c:\windows\system32\services.exe.BFFC4CEFF6072915
2012-08-04 03:20 . 2012-08-04 03:20 328704 ----a-w- c:\windows\system32\services.exe.998E999918F584F7
2012-08-03 22:15 . 2012-08-03 22:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-29 20:04 . 2012-07-29 20:04 -------- d-----w- c:\users\Admin\AppData\Roaming\.minecraft
2012-07-20 05:01 . 2012-07-20 05:09 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-20 03:21 . 2012-07-20 03:21 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-15 07:15 . 2012-07-15 07:15 -------- d-----w- c:\users\Admin\AppData\Local\Zachtronics Industries
2012-07-12 23:43 . 2012-07-12 23:44 -------- d-----w- c:\program files (x86)\Avi2Dvd
2012-07-12 23:34 . 2012-07-15 07:37 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 22:36 . 2012-04-01 20:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 22:36 . 2011-05-24 22:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 19:46 . 2012-04-02 00:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-20 23:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-20 23:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-20 23:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-20 23:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-20 23:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-20 23:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-20 23:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-20 23:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-20 23:59 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-06_09.29.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 20:07 . 2012-08-07 02:44 65202 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-06 09:30 42752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-07 02:44 42752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-21 23:55 . 2012-08-07 02:44 19070 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-8015424-1862617799-1635857064-1001_UserData.bin
+ 2012-03-21 02:44 . 2012-03-21 02:44 98688 c:\windows\system32\drivers\NisDrvWFP.sys
- 2010-08-21 22:52 . 2012-08-06 09:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-21 22:52 . 2012-08-07 02:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-21 22:52 . 2012-08-06 09:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-21 22:52 . 2012-08-07 02:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-15 07:02 . 2012-08-06 17:09 2254 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-06 09:28 . 2012-08-06 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 02:42 . 2012-08-07 02:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 02:42 . 2012-08-07 02:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-06 09:28 . 2012-08-06 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-08-07 02:15 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-07 02:15 104568 c:\windows\system32\perfc009.dat
+ 2012-03-21 02:44 . 2012-03-21 02:44 203888 c:\windows\system32\drivers\MpFilter.sys
- 2010-08-21 22:46 . 2012-08-06 09:16 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-21 22:46 . 2012-08-07 02:21 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-07 02:21 557056 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-06 09:16 557056 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-08-07 02:42 469596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-06 09:28 469596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-06 23:58 . 2012-08-06 09:58 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-08-06 09:58 . 2012-08-06 09:58 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
- 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-06-06 23:58 . 2012-08-06 09:58 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-06-06 23:58 . 2012-08-06 09:58 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-06-06 23:58 . 2012-08-06 09:58 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2010-08-21 22:46 . 2012-08-07 02:21 2441216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-21 22:46 . 2012-08-06 09:16 2441216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-05 22:16 . 2012-08-07 02:26 3520196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-8015424-1862617799-1635857064-1001-12288.dat
+ 2012-08-07 02:17 . 2012-08-07 02:17 8452608 c:\windows\Installer\23aa9.msi
+ 2012-08-07 02:19 . 2012-08-07 02:19 2871808 c:\windows\Installer\23aa5.msi
+ 2012-08-07 02:19 . 2012-08-07 02:19 8544256 c:\windows\Installer\23aa1.msi
+ 2012-03-27 01:21 . 2012-03-27 01:21 7622656 c:\windows\Installer\1b124e.msi
+ 2009-07-14 02:34 . 2012-08-07 02:40 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-03 22:22 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-22 05:38 . 2012-08-07 02:42 39101012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-8015424-1862617799-1635857064-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775d}]
2009-11-25 18:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c9a6357b-25cc-4bcf-96c1-78736985d414}"= "mscoree.dll" [2009-11-25 297808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 136176]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-22 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-14 503352]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-07 43704]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-04 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-10 203264]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-25 360960]
S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-25 480768]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-10 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-10 279040]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-29 10610400]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 21:38]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 21:38]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8015424-1862617799-1635857064-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 00:56]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8015424-1862617799-1635857064-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 00:56]
.
2012-08-06 c:\windows\Tasks\HPCeeScheduleForAdmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
2011-07-13 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files (x86)\NCH Swift Sound\Scribe\scribe.exe [2011-06-16 21:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-04 487424]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.59.135.145 64.59.128.114
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pfud24ei.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: network.proxy.http - 203.183.237.19
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-06 20:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 02:47
ComboFix2.txt 2012-08-06 09:44
ComboFix3.txt 2012-06-19 09:23
.
Pre-Run: 64,388,358,144 bytes free
Post-Run: 64,311,640,064 bytes free
.
- - End Of File - - 9B32BA63DD676AA4CA81E2B64B0DA227

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 06 August 2012 - 10:29 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 userid48348754

userid48348754
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 06 August 2012 - 11:19 PM

Hello,

Here's the TDSSKiller Log:

21:34:17.0719 5044 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:34:18.0109 5044 ============================================================
21:34:18.0109 5044 Current date / time: 2012/08/06 21:34:18.0109
21:34:18.0109 5044 SystemInfo:
21:34:18.0109 5044
21:34:18.0109 5044 OS Version: 6.1.7600 ServicePack: 0.0
21:34:18.0109 5044 Product type: Workstation
21:34:18.0109 5044 ComputerName: Admin-PC
21:34:18.0109 5044 UserName: Admin
21:34:18.0109 5044 Windows directory: C:\Windows
21:34:18.0109 5044 System windows directory: C:\Windows
21:34:18.0109 5044 Running under WOW64
21:34:18.0109 5044 Processor architecture: Intel x64
21:34:18.0109 5044 Number of processors: 4
21:34:18.0109 5044 Page size: 0x1000
21:34:18.0109 5044 Boot type: Normal boot
21:34:18.0109 5044 ============================================================
21:34:18.0515 5044 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:18.0515 5044 ============================================================
21:34:18.0515 5044 \Device\Harddisk0\DR0:
21:34:18.0515 5044 MBR partitions:
21:34:18.0515 5044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:34:18.0515 5044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37450000
21:34:18.0515 5044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x374B4000, BlocksNum 0x2E9E000
21:34:18.0515 5044 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
21:34:18.0515 5044 ============================================================
21:34:18.0546 5044 C: <-> \Device\Harddisk0\DR0\Partition1
21:34:18.0593 5044 D: <-> \Device\Harddisk0\DR0\Partition2
21:34:18.0593 5044 E: <-> \Device\Harddisk0\DR0\Partition3
21:34:18.0593 5044 ============================================================
21:34:18.0593 5044 Initialize success
21:34:18.0593 5044 ============================================================
21:34:22.0040 3080 ============================================================
21:34:22.0040 3080 Scan started
21:34:22.0040 3080 Mode: Manual;
21:34:22.0040 3080 ============================================================
21:34:22.0430 3080 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:34:22.0430 3080 !SASCORE - ok
21:34:22.0664 3080 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:34:22.0664 3080 1394ohci - ok
21:34:22.0696 3080 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:34:22.0696 3080 Accelerometer - ok
21:34:22.0852 3080 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:34:22.0852 3080 ACDaemon - ok
21:34:22.0914 3080 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:34:22.0930 3080 ACPI - ok
21:34:22.0945 3080 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:34:22.0961 3080 AcpiPmi - ok
21:34:23.0039 3080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:34:23.0039 3080 adp94xx - ok
21:34:23.0117 3080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:34:23.0117 3080 adpahci - ok
21:34:23.0148 3080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:34:23.0164 3080 adpu320 - ok
21:34:23.0195 3080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:34:23.0195 3080 AeLookupSvc - ok
21:34:23.0288 3080 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
21:34:23.0288 3080 AESTFilters - ok
21:34:23.0382 3080 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
21:34:23.0382 3080 AFD - ok
21:34:23.0429 3080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:34:23.0429 3080 agp440 - ok
21:34:23.0959 3080 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
21:34:23.0959 3080 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
21:34:23.0975 3080 Akamai ( HiddenFile.Multi.Generic ) - warning
21:34:23.0975 3080 Akamai - detected HiddenFile.Multi.Generic (1)
21:34:24.0162 3080 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:34:24.0162 3080 ALG - ok
21:34:24.0209 3080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:34:24.0209 3080 aliide - ok
21:34:24.0287 3080 AMD External Events Utility (48619a29f9c9c3cfeb66718dd03d8057) C:\Windows\system32\atiesrxx.exe
21:34:24.0287 3080 AMD External Events Utility - ok
21:34:24.0302 3080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:34:24.0302 3080 amdide - ok
21:34:24.0334 3080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:34:24.0334 3080 AmdK8 - ok
21:34:24.0864 3080 amdkmdag (06bf0785de714637eba9bb1084b28626) C:\Windows\system32\DRIVERS\atikmdag.sys
21:34:24.0926 3080 amdkmdag - ok
21:34:25.0082 3080 amdkmdap (2dec3274589ff6889ab05adceeb0f642) C:\Windows\system32\DRIVERS\atikmpag.sys
21:34:25.0082 3080 amdkmdap - ok
21:34:25.0114 3080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:34:25.0114 3080 AmdPPM - ok
21:34:25.0160 3080 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:34:25.0160 3080 amdsata - ok
21:34:25.0207 3080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:34:25.0207 3080 amdsbs - ok
21:34:25.0238 3080 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:34:25.0238 3080 amdxata - ok
21:34:25.0270 3080 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:34:25.0270 3080 AppID - ok
21:34:25.0301 3080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:34:25.0301 3080 AppIDSvc - ok
21:34:25.0332 3080 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:34:25.0332 3080 Appinfo - ok
21:34:25.0426 3080 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:34:25.0426 3080 Apple Mobile Device - ok
21:34:25.0488 3080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:34:25.0504 3080 arc - ok
21:34:25.0519 3080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:34:25.0519 3080 arcsas - ok
21:34:25.0566 3080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:34:25.0566 3080 AsyncMac - ok
21:34:25.0597 3080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:34:25.0597 3080 atapi - ok
21:34:25.0660 3080 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
21:34:25.0660 3080 AtiHdmiService - ok
21:34:25.0738 3080 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:34:25.0738 3080 AudioEndpointBuilder - ok
21:34:25.0738 3080 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:34:25.0753 3080 AudioSrv - ok
21:34:25.0769 3080 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:34:25.0769 3080 AxInstSV - ok
21:34:25.0847 3080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:34:25.0847 3080 b06bdrv - ok
21:34:25.0894 3080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:34:25.0894 3080 b57nd60a - ok
21:34:26.0128 3080 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:34:26.0143 3080 BCM43XX - ok
21:34:26.0252 3080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:34:26.0268 3080 BDESVC - ok
21:34:26.0299 3080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:34:26.0299 3080 Beep - ok
21:34:26.0377 3080 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:34:26.0393 3080 BFE - ok
21:34:26.0440 3080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:34:26.0440 3080 blbdrive - ok
21:34:26.0549 3080 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:34:26.0549 3080 Bonjour Service - ok
21:34:26.0564 3080 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
21:34:26.0580 3080 bowser - ok
21:34:26.0611 3080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:34:26.0611 3080 BrFiltLo - ok
21:34:26.0627 3080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:34:26.0627 3080 BrFiltUp - ok
21:34:26.0658 3080 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:34:26.0674 3080 BridgeMP - ok
21:34:26.0720 3080 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:34:26.0720 3080 Browser - ok
21:34:26.0752 3080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:34:26.0752 3080 Brserid - ok
21:34:26.0783 3080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:34:26.0783 3080 BrSerWdm - ok
21:34:26.0814 3080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:34:26.0814 3080 BrUsbMdm - ok
21:34:26.0830 3080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:34:26.0830 3080 BrUsbSer - ok
21:34:26.0845 3080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:34:26.0845 3080 BTHMODEM - ok
21:34:26.0892 3080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:34:26.0892 3080 bthserv - ok
21:34:26.0908 3080 catchme - ok
21:34:26.0923 3080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:34:26.0923 3080 cdfs - ok
21:34:26.0970 3080 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:34:26.0970 3080 cdrom - ok
21:34:27.0017 3080 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:34:27.0017 3080 CertPropSvc - ok
21:34:27.0032 3080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:34:27.0032 3080 circlass - ok
21:34:27.0079 3080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:34:27.0079 3080 CLFS - ok
21:34:27.0142 3080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:34:27.0142 3080 clr_optimization_v2.0.50727_32 - ok
21:34:27.0188 3080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:34:27.0188 3080 clr_optimization_v2.0.50727_64 - ok
21:34:27.0204 3080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:34:27.0204 3080 CmBatt - ok
21:34:27.0220 3080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:34:27.0220 3080 cmdide - ok
21:34:27.0282 3080 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:34:27.0282 3080 CNG - ok
21:34:27.0313 3080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:34:27.0313 3080 Compbatt - ok
21:34:27.0344 3080 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:34:27.0344 3080 CompositeBus - ok
21:34:27.0344 3080 COMSysApp - ok
21:34:27.0376 3080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:34:27.0376 3080 crcdisk - ok
21:34:27.0422 3080 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:34:27.0422 3080 CryptSvc - ok
21:34:27.0469 3080 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:34:27.0485 3080 DcomLaunch - ok
21:34:27.0500 3080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:34:27.0516 3080 defragsvc - ok
21:34:27.0532 3080 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
21:34:27.0532 3080 DfsC - ok
21:34:27.0563 3080 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:34:27.0578 3080 Dhcp - ok
21:34:27.0594 3080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:34:27.0594 3080 discache - ok
21:34:27.0641 3080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:34:27.0641 3080 Disk - ok
21:34:27.0656 3080 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
21:34:27.0656 3080 Dnscache - ok
21:34:27.0703 3080 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:34:27.0703 3080 dot3svc - ok
21:34:27.0781 3080 DpHost (8cbe9eb5088e36db88013d9d5858b87f) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
21:34:27.0781 3080 DpHost - ok
21:34:27.0812 3080 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:34:27.0812 3080 DPS - ok
21:34:27.0828 3080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:34:27.0828 3080 drmkaud - ok
21:34:27.0859 3080 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
21:34:27.0859 3080 DVMIO - ok
21:34:27.0953 3080 DvmMDES (291a3dee24999ee4618ed0c7a9a8db7a) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
21:34:27.0953 3080 DvmMDES - ok
21:34:28.0046 3080 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:34:28.0062 3080 DXGKrnl - ok
21:34:28.0078 3080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:34:28.0078 3080 EapHost - ok
21:34:28.0312 3080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:34:28.0343 3080 ebdrv - ok
21:34:28.0452 3080 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:34:28.0452 3080 EFS - ok
21:34:28.0546 3080 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
21:34:28.0561 3080 ehRecvr - ok
21:34:28.0577 3080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:34:28.0577 3080 ehSched - ok
21:34:28.0670 3080 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:34:28.0670 3080 ElbyCDIO - ok
21:34:28.0748 3080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:34:28.0748 3080 elxstor - ok
21:34:28.0780 3080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:34:28.0780 3080 ErrDev - ok
21:34:28.0842 3080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:34:28.0842 3080 EventSystem - ok
21:34:28.0873 3080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:34:28.0873 3080 exfat - ok
21:34:28.0904 3080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:34:28.0904 3080 fastfat - ok
21:34:28.0998 3080 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:34:28.0998 3080 Fax - ok
21:34:29.0045 3080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:34:29.0045 3080 fdc - ok
21:34:29.0076 3080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:34:29.0076 3080 fdPHost - ok
21:34:29.0092 3080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:34:29.0092 3080 FDResPub - ok
21:34:29.0092 3080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:34:29.0092 3080 FileInfo - ok
21:34:29.0107 3080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:34:29.0107 3080 Filetrace - ok
21:34:29.0138 3080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:34:29.0138 3080 flpydisk - ok
21:34:29.0170 3080 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:34:29.0170 3080 FltMgr - ok
21:34:29.0294 3080 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
21:34:29.0294 3080 FontCache - ok
21:34:29.0372 3080 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:34:29.0372 3080 FontCache3.0.0.0 - ok
21:34:29.0404 3080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:34:29.0404 3080 FsDepends - ok
21:34:29.0419 3080 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:34:29.0419 3080 Fs_Rec - ok
21:34:29.0450 3080 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
21:34:29.0450 3080 fvevol - ok
21:34:29.0482 3080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:34:29.0482 3080 gagp30kx - ok
21:34:29.0591 3080 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:34:29.0591 3080 GamesAppService - ok
21:34:29.0622 3080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:34:29.0622 3080 GEARAspiWDM - ok
21:34:29.0716 3080 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:34:29.0731 3080 gpsvc - ok
21:34:29.0840 3080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:34:29.0840 3080 gupdate - ok
21:34:29.0856 3080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:34:29.0856 3080 gupdatem - ok
21:34:29.0887 3080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:34:29.0887 3080 hcw85cir - ok
21:34:29.0950 3080 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:34:29.0950 3080 HdAudAddService - ok
21:34:29.0981 3080 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:34:29.0981 3080 HDAudBus - ok
21:34:30.0012 3080 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:34:30.0012 3080 HECIx64 - ok
21:34:30.0043 3080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:34:30.0043 3080 HidBatt - ok
21:34:30.0059 3080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:34:30.0074 3080 HidBth - ok
21:34:30.0090 3080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:34:30.0106 3080 HidIr - ok
21:34:30.0121 3080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:34:30.0121 3080 hidserv - ok
21:34:30.0137 3080 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:34:30.0137 3080 HidUsb - ok
21:34:30.0168 3080 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:34:30.0168 3080 hkmsvc - ok
21:34:30.0215 3080 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:34:30.0215 3080 HomeGroupListener - ok
21:34:30.0246 3080 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:34:30.0246 3080 HomeGroupProvider - ok
21:34:30.0340 3080 HP Health Check Service (c84bcc03858daeac4db1e95efcce1934) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
21:34:30.0340 3080 HP Health Check Service - ok
21:34:30.0418 3080 HP Wireless Assistant Service (a2de0a67c77ebc6dfad3d55232790add) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
21:34:30.0418 3080 HP Wireless Assistant Service - ok
21:34:30.0433 3080 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:34:30.0433 3080 hpdskflt - ok
21:34:30.0464 3080 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:34:30.0480 3080 hpqwmiex - ok
21:34:30.0511 3080 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:34:30.0511 3080 HpSAMD - ok
21:34:30.0542 3080 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
21:34:30.0542 3080 hpsrv - ok
21:34:30.0589 3080 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
21:34:30.0589 3080 HPWMISVC - ok
21:34:30.0652 3080 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:34:30.0667 3080 HTTP - ok
21:34:30.0683 3080 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:34:30.0683 3080 hwpolicy - ok
21:34:30.0714 3080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:34:30.0714 3080 i8042prt - ok
21:34:30.0761 3080 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\DRIVERS\iaStor.sys
21:34:30.0776 3080 iaStor - ok
21:34:30.0823 3080 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:34:30.0823 3080 iaStorV - ok
21:34:30.0870 3080 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
21:34:30.0870 3080 IDMWFP - ok
21:34:30.0995 3080 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:34:31.0010 3080 idsvc - ok
21:34:31.0759 3080 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:34:31.0946 3080 igfx - ok
21:34:32.0071 3080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:34:32.0071 3080 iirsp - ok
21:34:32.0180 3080 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:34:32.0180 3080 IKEEXT - ok
21:34:32.0212 3080 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:34:32.0227 3080 Impcd - ok
21:34:32.0243 3080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:34:32.0243 3080 intelide - ok
21:34:33.0007 3080 intelkmd (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdpmd64.sys
21:34:33.0148 3080 intelkmd - ok
21:34:33.0272 3080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:34:33.0272 3080 intelppm - ok
21:34:33.0319 3080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:34:33.0319 3080 IPBusEnum - ok
21:34:33.0350 3080 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:34:33.0350 3080 IpFilterDriver - ok
21:34:33.0460 3080 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:34:33.0460 3080 iphlpsvc - ok
21:34:33.0491 3080 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:34:33.0491 3080 IPMIDRV - ok
21:34:33.0522 3080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:34:33.0522 3080 IPNAT - ok
21:34:33.0647 3080 iPod Service (844b87302d856f8eb32a38c35969734a) C:\Program Files\iPod\bin\iPodService.exe
21:34:33.0647 3080 iPod Service - ok
21:34:33.0678 3080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:34:33.0678 3080 IRENUM - ok
21:34:33.0709 3080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:34:33.0709 3080 isapnp - ok
21:34:33.0740 3080 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:34:33.0740 3080 iScsiPrt - ok
21:34:33.0896 3080 iZ3DInjectionDriver (ae72046ad733d2764d5de373de0cc180) C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys
21:34:33.0896 3080 iZ3DInjectionDriver - ok
21:34:33.0928 3080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:34:33.0928 3080 kbdclass - ok
21:34:33.0959 3080 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:34:33.0959 3080 kbdhid - ok
21:34:34.0006 3080 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:34:34.0006 3080 KeyIso - ok
21:34:34.0037 3080 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:34:34.0037 3080 KSecDD - ok
21:34:34.0068 3080 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:34:34.0068 3080 KSecPkg - ok
21:34:34.0084 3080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:34:34.0084 3080 ksthunk - ok
21:34:34.0130 3080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:34:34.0130 3080 KtmRm - ok
21:34:34.0177 3080 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:34:34.0177 3080 LanmanServer - ok
21:34:34.0208 3080 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:34:34.0208 3080 LanmanWorkstation - ok
21:34:34.0286 3080 LightScribeService (3503f257b3203f824b1567238ebe17e2) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:34:34.0286 3080 LightScribeService - ok
21:34:34.0318 3080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:34:34.0318 3080 lltdio - ok
21:34:34.0364 3080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:34:34.0364 3080 lltdsvc - ok
21:34:34.0380 3080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:34:34.0380 3080 lmhosts - ok
21:34:34.0442 3080 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:34:34.0458 3080 LMS - ok
21:34:34.0505 3080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:34:34.0505 3080 LSI_FC - ok
21:34:34.0536 3080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:34:34.0536 3080 LSI_SAS - ok
21:34:34.0567 3080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:34:34.0567 3080 LSI_SAS2 - ok
21:34:34.0598 3080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:34:34.0614 3080 LSI_SCSI - ok
21:34:34.0630 3080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:34:34.0630 3080 luafv - ok
21:34:34.0676 3080 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:34:34.0676 3080 Mcx2Svc - ok
21:34:34.0708 3080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:34:34.0708 3080 megasas - ok
21:34:34.0754 3080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:34:34.0754 3080 MegaSR - ok
21:34:34.0770 3080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:34:34.0786 3080 MMCSS - ok
21:34:34.0786 3080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:34:34.0801 3080 Modem - ok
21:34:34.0817 3080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:34:34.0817 3080 monitor - ok
21:34:34.0848 3080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:34:34.0848 3080 mouclass - ok
21:34:34.0864 3080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:34:34.0864 3080 mouhid - ok
21:34:34.0879 3080 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:34:34.0879 3080 mountmgr - ok
21:34:34.0973 3080 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:34:34.0973 3080 MozillaMaintenance - ok
21:34:35.0004 3080 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:34:35.0004 3080 mpio - ok
21:34:35.0020 3080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:34:35.0035 3080 mpsdrv - ok
21:34:35.0129 3080 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:34:35.0129 3080 MpsSvc - ok
21:34:35.0160 3080 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:34:35.0160 3080 MRxDAV - ok
21:34:35.0191 3080 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:34:35.0191 3080 mrxsmb - ok
21:34:35.0207 3080 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:34:35.0207 3080 mrxsmb10 - ok
21:34:35.0222 3080 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:34:35.0238 3080 mrxsmb20 - ok
21:34:35.0254 3080 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:34:35.0254 3080 msahci - ok
21:34:35.0285 3080 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:34:35.0285 3080 msdsm - ok
21:34:35.0316 3080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:34:35.0316 3080 MSDTC - ok
21:34:35.0332 3080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:34:35.0332 3080 Msfs - ok
21:34:35.0347 3080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:34:35.0347 3080 mshidkmdf - ok
21:34:35.0363 3080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:34:35.0363 3080 msisadrv - ok
21:34:35.0410 3080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:34:35.0410 3080 MSiSCSI - ok
21:34:35.0410 3080 msiserver - ok
21:34:35.0441 3080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:34:35.0441 3080 MSKSSRV - ok
21:34:35.0472 3080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:34:35.0472 3080 MSPCLOCK - ok
21:34:35.0488 3080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:34:35.0488 3080 MSPQM - ok
21:34:35.0519 3080 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:34:35.0534 3080 MsRPC - ok
21:34:35.0550 3080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:34:35.0550 3080 mssmbios - ok
21:34:35.0550 3080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:34:35.0566 3080 MSTEE - ok
21:34:35.0581 3080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:34:35.0581 3080 MTConfig - ok
21:34:35.0581 3080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:34:35.0597 3080 Mup - ok
21:34:35.0644 3080 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:34:35.0644 3080 napagent - ok
21:34:35.0690 3080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:34:35.0690 3080 NativeWifiP - ok
21:34:35.0768 3080 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:34:35.0784 3080 NDIS - ok
21:34:35.0800 3080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:34:35.0800 3080 NdisCap - ok
21:34:35.0815 3080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:34:35.0815 3080 NdisTapi - ok
21:34:35.0846 3080 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:34:35.0846 3080 Ndisuio - ok
21:34:35.0862 3080 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:34:35.0862 3080 NdisWan - ok
21:34:35.0893 3080 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:34:35.0893 3080 NDProxy - ok
21:34:35.0909 3080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:34:35.0909 3080 NetBIOS - ok
21:34:35.0940 3080 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:34:35.0940 3080 NetBT - ok
21:34:35.0971 3080 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:34:35.0971 3080 Netlogon - ok
21:34:36.0049 3080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:34:36.0049 3080 Netman - ok
21:34:36.0096 3080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:34:36.0112 3080 netprofm - ok
21:34:36.0205 3080 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:34:36.0205 3080 NetTcpPortSharing - ok
21:34:36.0611 3080 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:34:36.0658 3080 netw5v64 - ok
21:34:36.0782 3080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:34:36.0782 3080 nfrd960 - ok
21:34:36.0845 3080 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:34:36.0845 3080 NisDrv - ok
21:34:36.0892 3080 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:34:36.0892 3080 NlaSvc - ok
21:34:36.0938 3080 NMSAccess - ok
21:34:36.0970 3080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:34:36.0970 3080 Npfs - ok
21:34:36.0985 3080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:34:36.0985 3080 nsi - ok
21:34:37.0001 3080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:34:37.0001 3080 nsiproxy - ok
21:34:37.0126 3080 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
21:34:37.0141 3080 Ntfs - ok
21:34:37.0235 3080 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:34:37.0235 3080 NuidFltr - ok
21:34:37.0250 3080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:34:37.0250 3080 Null - ok
21:34:37.0282 3080 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:34:37.0297 3080 nvraid - ok
21:34:37.0328 3080 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:34:37.0328 3080 nvstor - ok
21:34:37.0360 3080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:34:37.0360 3080 nv_agp - ok
21:34:37.0391 3080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:34:37.0391 3080 ohci1394 - ok
21:34:37.0500 3080 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:34:37.0500 3080 ose - ok
21:34:37.0921 3080 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:34:37.0968 3080 osppsvc - ok
21:34:38.0093 3080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:34:38.0093 3080 p2pimsvc - ok
21:34:38.0140 3080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:34:38.0140 3080 p2psvc - ok
21:34:38.0186 3080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:34:38.0186 3080 Parport - ok
21:34:38.0218 3080 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:34:38.0218 3080 partmgr - ok
21:34:38.0233 3080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:34:38.0249 3080 PcaSvc - ok
21:34:38.0264 3080 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:34:38.0264 3080 pci - ok
21:34:38.0296 3080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:34:38.0296 3080 pciide - ok
21:34:38.0327 3080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:34:38.0327 3080 pcmcia - ok
21:34:38.0342 3080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:34:38.0342 3080 pcw - ok
21:34:38.0405 3080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:34:38.0405 3080 PEAUTH - ok
21:34:38.0498 3080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:34:38.0498 3080 PerfHost - ok
21:34:38.0670 3080 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:34:38.0686 3080 pla - ok
21:34:38.0732 3080 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
21:34:38.0748 3080 PlugPlay - ok
21:34:38.0764 3080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:34:38.0764 3080 PNRPAutoReg - ok
21:34:38.0795 3080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:34:38.0795 3080 PNRPsvc - ok
21:34:38.0857 3080 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:34:38.0857 3080 PolicyAgent - ok
21:34:38.0888 3080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:34:38.0888 3080 Power - ok
21:34:38.0935 3080 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:34:38.0935 3080 PptpMiniport - ok
21:34:38.0966 3080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:34:38.0966 3080 Processor - ok
21:34:38.0998 3080 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:34:38.0998 3080 ProfSvc - ok
21:34:39.0029 3080 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:34:39.0029 3080 ProtectedStorage - ok
21:34:39.0044 3080 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:34:39.0044 3080 Psched - ok
21:34:39.0185 3080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:34:39.0200 3080 ql2300 - ok
21:34:39.0325 3080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:34:39.0325 3080 ql40xx - ok
21:34:39.0356 3080 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:34:39.0356 3080 QWAVE - ok
21:34:39.0372 3080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:34:39.0372 3080 QWAVEdrv - ok
21:34:39.0388 3080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:34:39.0388 3080 RasAcd - ok
21:34:39.0419 3080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:34:39.0419 3080 RasAgileVpn - ok
21:34:39.0450 3080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:34:39.0450 3080 RasAuto - ok
21:34:39.0481 3080 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:34:39.0481 3080 Rasl2tp - ok
21:34:39.0528 3080 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:34:39.0528 3080 RasMan - ok
21:34:39.0544 3080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:34:39.0544 3080 RasPppoe - ok
21:34:39.0559 3080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:34:39.0559 3080 RasSstp - ok
21:34:39.0606 3080 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:34:39.0606 3080 rdbss - ok
21:34:39.0622 3080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:34:39.0622 3080 rdpbus - ok
21:34:39.0637 3080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:34:39.0637 3080 RDPCDD - ok
21:34:39.0653 3080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:34:39.0653 3080 RDPENCDD - ok
21:34:39.0668 3080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:34:39.0668 3080 RDPREFMP - ok
21:34:39.0700 3080 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:34:39.0700 3080 RDPWD - ok
21:34:39.0746 3080 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:34:39.0746 3080 rdyboost - ok
21:34:39.0778 3080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:34:39.0778 3080 RemoteAccess - ok
21:34:39.0793 3080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:34:39.0809 3080 RemoteRegistry - ok
21:34:39.0824 3080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:34:39.0824 3080 RpcEptMapper - ok
21:34:39.0856 3080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:34:39.0856 3080 RpcLocator - ok
21:34:39.0918 3080 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:34:39.0918 3080 RpcSs - ok
21:34:39.0949 3080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:34:39.0949 3080 rspndr - ok
21:34:39.0996 3080 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
21:34:39.0996 3080 RSUSBSTOR - ok
21:34:40.0043 3080 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:34:40.0043 3080 RTL8167 - ok
21:34:40.0168 3080 S3DSvc32 (36422150134f1a6950b9759246965b0b) C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe
21:34:40.0168 3080 S3DSvc32 - ok
21:34:40.0261 3080 S3DSvc64 (403e539e9d804b3f1d9f2536b618f68f) C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe
21:34:40.0261 3080 S3DSvc64 - ok
21:34:40.0292 3080 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:34:40.0292 3080 SamSs - ok
21:34:40.0355 3080 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:34:40.0355 3080 SASDIFSV - ok
21:34:40.0370 3080 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:34:40.0370 3080 SASKUTIL - ok
21:34:40.0402 3080 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:34:40.0402 3080 sbp2port - ok
21:34:40.0448 3080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:34:40.0448 3080 SCardSvr - ok
21:34:40.0480 3080 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:34:40.0480 3080 scfilter - ok
21:34:40.0589 3080 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:34:40.0589 3080 Schedule - ok
21:34:40.0620 3080 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:34:40.0620 3080 SCPolicySvc - ok
21:34:40.0651 3080 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
21:34:40.0651 3080 sdbus - ok
21:34:40.0667 3080 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:34:40.0667 3080 SDRSVC - ok
21:34:40.0698 3080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:34:40.0698 3080 secdrv - ok
21:34:40.0714 3080 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:34:40.0714 3080 seclogon - ok
21:34:40.0745 3080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:34:40.0745 3080 SENS - ok
21:34:40.0745 3080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:34:40.0745 3080 SensrSvc - ok
21:34:40.0776 3080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:34:40.0776 3080 Serenum - ok
21:34:40.0807 3080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:34:40.0807 3080 Serial - ok
21:34:40.0838 3080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:34:40.0838 3080 sermouse - ok
21:34:40.0870 3080 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:34:40.0885 3080 SessionEnv - ok
21:34:40.0901 3080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:34:40.0901 3080 sffdisk - ok
21:34:40.0916 3080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:34:40.0916 3080 sffp_mmc - ok
21:34:40.0932 3080 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:34:40.0932 3080 sffp_sd - ok
21:34:40.0948 3080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:34:40.0948 3080 sfloppy - ok
21:34:41.0010 3080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:34:41.0010 3080 SharedAccess - ok
21:34:41.0057 3080 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:34:41.0057 3080 ShellHWDetection - ok
21:34:41.0072 3080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:34:41.0088 3080 SiSRaid2 - ok
21:34:41.0104 3080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:34:41.0104 3080 SiSRaid4 - ok
21:34:41.0150 3080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:34:41.0150 3080 Smb - ok
21:34:41.0182 3080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:34:41.0182 3080 SNMPTRAP - ok
21:34:41.0197 3080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:34:41.0197 3080 spldr - ok
21:34:41.0260 3080 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:34:41.0275 3080 Spooler - ok
21:34:41.0509 3080 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:34:41.0556 3080 sppsvc - ok
21:34:41.0650 3080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:34:41.0650 3080 sppuinotify - ok
21:34:41.0759 3080 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
21:34:41.0759 3080 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
21:34:41.0759 3080 sptd ( LockedFile.Multi.Generic ) - warning
21:34:41.0759 3080 sptd - detected LockedFile.Multi.Generic (1)
21:34:41.0806 3080 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
21:34:41.0821 3080 srv - ok
21:34:41.0868 3080 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
21:34:41.0868 3080 srv2 - ok
21:34:41.0915 3080 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:34:41.0915 3080 SrvHsfHDA - ok
21:34:42.0024 3080 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:34:42.0040 3080 SrvHsfV92 - ok
21:34:42.0196 3080 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:34:42.0211 3080 SrvHsfWinac - ok
21:34:42.0242 3080 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
21:34:42.0242 3080 srvnet - ok
21:34:42.0274 3080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:34:42.0289 3080 SSDPSRV - ok
21:34:42.0305 3080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:34:42.0305 3080 SstpSvc - ok
21:34:42.0383 3080 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
21:34:42.0383 3080 STacSV - ok
21:34:42.0461 3080 Steam Client Service - ok
21:34:42.0492 3080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:34:42.0492 3080 stexstor - ok
21:34:42.0554 3080 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
21:34:42.0554 3080 STHDA - ok
21:34:42.0617 3080 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:34:42.0617 3080 stisvc - ok
21:34:42.0648 3080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:34:42.0648 3080 swenum - ok
21:34:42.0742 3080 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:34:42.0742 3080 SwitchBoard - ok
21:34:42.0788 3080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:34:42.0804 3080 swprv - ok
21:34:42.0882 3080 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
21:34:42.0882 3080 SynTP - ok
21:34:43.0007 3080 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:34:43.0022 3080 SysMain - ok
21:34:43.0132 3080 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:34:43.0132 3080 TabletInputService - ok
21:34:43.0662 3080 TabletServicePen (c4c20cfa4f42e9b7454e895c5c47bcd3) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
21:34:43.0724 3080 TabletServicePen - ok
21:34:43.0865 3080 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
21:34:43.0865 3080 taphss - ok
21:34:43.0927 3080 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:34:43.0927 3080 TapiSrv - ok
21:34:43.0943 3080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:34:43.0958 3080 TBS - ok
21:34:44.0099 3080 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
21:34:44.0114 3080 Tcpip - ok
21:34:44.0333 3080 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
21:34:44.0348 3080 TCPIP6 - ok
21:34:44.0442 3080 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:34:44.0442 3080 tcpipreg - ok
21:34:44.0458 3080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:34:44.0458 3080 TDPIPE - ok
21:34:44.0473 3080 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:34:44.0473 3080 TDTCP - ok
21:34:44.0504 3080 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:34:44.0504 3080 tdx - ok
21:34:44.0520 3080 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:34:44.0520 3080 TermDD - ok
21:34:44.0582 3080 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:34:44.0582 3080 TermService - ok
21:34:44.0598 3080 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:34:44.0614 3080 Themes - ok
21:34:44.0629 3080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:34:44.0629 3080 THREADORDER - ok
21:34:44.0785 3080 TouchServicePen (7625dcf246e488e523dc1f64c38abda2) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
21:34:44.0801 3080 TouchServicePen - ok
21:34:44.0816 3080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:34:44.0832 3080 TrkWks - ok
21:34:44.0863 3080 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:34:44.0863 3080 TrustedInstaller - ok
21:34:44.0910 3080 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:34:44.0910 3080 tssecsrv - ok
21:34:44.0941 3080 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:34:44.0941 3080 tunnel - ok
21:34:44.0988 3080 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
21:34:44.0988 3080 TurboB - ok
21:34:45.0019 3080 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:34:45.0019 3080 TurboBoost - ok
21:34:45.0050 3080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:34:45.0050 3080 uagp35 - ok
21:34:45.0097 3080 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
21:34:45.0097 3080 udfs - ok
21:34:45.0113 3080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:34:45.0128 3080 UI0Detect - ok
21:34:45.0144 3080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:34:45.0144 3080 uliagpkx - ok
21:34:45.0191 3080 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:34:45.0191 3080 umbus - ok
21:34:45.0206 3080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:34:45.0222 3080 UmPass - ok
21:34:45.0456 3080 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:34:45.0472 3080 UNS - ok
21:34:45.0581 3080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:34:45.0581 3080 upnphost - ok
21:34:45.0628 3080 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
21:34:45.0628 3080 USBAAPL64 - ok
21:34:45.0674 3080 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:34:45.0674 3080 usbaudio - ok
21:34:45.0706 3080 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:34:45.0706 3080 usbccgp - ok
21:34:45.0737 3080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:34:45.0737 3080 usbcir - ok
21:34:45.0768 3080 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
21:34:45.0768 3080 usbehci - ok
21:34:45.0815 3080 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
21:34:45.0830 3080 usbhub - ok
21:34:45.0846 3080 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:34:45.0846 3080 usbohci - ok
21:34:45.0877 3080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:34:45.0877 3080 usbprint - ok
21:34:45.0893 3080 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:34:45.0893 3080 usbscan - ok
21:34:45.0924 3080 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:34:45.0924 3080 USBSTOR - ok
21:34:45.0940 3080 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:34:45.0940 3080 usbuhci - ok
21:34:45.0971 3080 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
21:34:45.0971 3080 usbvideo - ok
21:34:45.0986 3080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:34:46.0002 3080 UxSms - ok
21:34:46.0018 3080 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:34:46.0018 3080 VaultSvc - ok
21:34:46.0064 3080 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
21:34:46.0064 3080 VClone - ok
21:34:46.0236 3080 vcsFPService (8159f83408230045f731c6c7799a7d44) C:\Windows\system32\vcsFPService.exe
21:34:46.0252 3080 vcsFPService - ok
21:34:46.0376 3080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:34:46.0376 3080 vdrvroot - ok
21:34:46.0439 3080 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:34:46.0439 3080 vds - ok
21:34:46.0470 3080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:34:46.0470 3080 vga - ok
21:34:46.0470 3080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:34:46.0470 3080 VgaSave - ok
21:34:46.0517 3080 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:34:46.0517 3080 vhdmp - ok
21:34:46.0532 3080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:34:46.0532 3080 viaide - ok
21:34:46.0548 3080 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:34:46.0564 3080 volmgr - ok
21:34:46.0595 3080 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:34:46.0595 3080 volmgrx - ok
21:34:46.0642 3080 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:34:46.0642 3080 volsnap - ok
21:34:46.0673 3080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:34:46.0673 3080 vsmraid - ok
21:34:46.0798 3080 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:34:46.0813 3080 VSS - ok
21:34:46.0922 3080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:34:46.0922 3080 vwifibus - ok
21:34:46.0938 3080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:34:46.0938 3080 vwififlt - ok
21:34:46.0985 3080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:34:46.0985 3080 W32Time - ok
21:34:47.0032 3080 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
21:34:47.0032 3080 wacmoumonitor - ok
21:34:47.0047 3080 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
21:34:47.0047 3080 wacommousefilter - ok
21:34:47.0078 3080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:34:47.0078 3080 WacomPen - ok
21:34:47.0094 3080 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
21:34:47.0094 3080 wacomvhid - ok
21:34:47.0141 3080 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:34:47.0141 3080 WANARP - ok
21:34:47.0141 3080 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:34:47.0141 3080 Wanarpv6 - ok
21:34:47.0266 3080 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:34:47.0281 3080 WatAdminSvc - ok
21:34:47.0406 3080 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:34:47.0422 3080 wbengine - ok
21:34:47.0531 3080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:34:47.0531 3080 WbioSrvc - ok
21:34:47.0578 3080 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
21:34:47.0578 3080 wcncsvc - ok
21:34:47.0593 3080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:34:47.0593 3080 WcsPlugInService - ok
21:34:47.0624 3080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:34:47.0624 3080 Wd - ok
21:34:47.0687 3080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:34:47.0702 3080 Wdf01000 - ok
21:34:47.0718 3080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:34:47.0718 3080 WdiServiceHost - ok
21:34:47.0718 3080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:34:47.0718 3080 WdiSystemHost - ok
21:34:47.0749 3080 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
21:34:47.0765 3080 WebClient - ok
21:34:47.0780 3080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:34:47.0780 3080 Wecsvc - ok
21:34:47.0812 3080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:34:47.0812 3080 wercplsupport - ok
21:34:47.0843 3080 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:34:47.0843 3080 WerSvc - ok
21:34:47.0874 3080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:34:47.0874 3080 WfpLwf - ok
21:34:47.0890 3080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:34:47.0890 3080 WIMMount - ok
21:34:47.0968 3080 WinDefend - ok
21:34:47.0968 3080 WinHttpAutoProxySvc - ok
21:34:48.0030 3080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:34:48.0030 3080 Winmgmt - ok
21:34:48.0186 3080 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:34:48.0202 3080 WinRM - ok
21:34:48.0311 3080 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
21:34:48.0311 3080 WinUSB - ok
21:34:48.0389 3080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:34:48.0404 3080 Wlansvc - ok
21:34:48.0623 3080 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:34:48.0654 3080 wlidsvc - ok
21:34:48.0779 3080 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
21:34:48.0779 3080 WmBEnum - ok
21:34:48.0826 3080 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
21:34:48.0826 3080 WmFilter - ok
21:34:48.0857 3080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:34:48.0857 3080 WmiAcpi - ok
21:34:48.0919 3080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:34:48.0919 3080 wmiApSrv - ok
21:34:48.0950 3080 WMPNetworkSvc - ok
21:34:48.0982 3080 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
21:34:48.0982 3080 WmVirHid - ok
21:34:48.0997 3080 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
21:34:48.0997 3080 WmXlCore - ok
21:34:49.0013 3080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:34:49.0013 3080 WPCSvc - ok
21:34:49.0028 3080 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:34:49.0044 3080 WPDBusEnum - ok
21:34:49.0060 3080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:34:49.0060 3080 ws2ifsl - ok
21:34:49.0106 3080 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:34:49.0106 3080 wscsvc - ok
21:34:49.0106 3080 WSearch - ok
21:34:49.0309 3080 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:34:49.0340 3080 wuauserv - ok
21:34:49.0450 3080 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:34:49.0450 3080 WudfPf - ok
21:34:49.0481 3080 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:34:49.0496 3080 WUDFRd - ok
21:34:49.0512 3080 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:34:49.0528 3080 wudfsvc - ok
21:34:49.0543 3080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:34:49.0543 3080 WwanSvc - ok
21:34:49.0606 3080 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:34:49.0606 3080 yukonw7 - ok
21:34:49.0637 3080 MBR (0x1B8) (97331405e2ec979df9cb8e9d33dc5677) \Device\Harddisk0\DR0
21:34:49.0933 3080 \Device\Harddisk0\DR0 - ok
21:34:49.0933 3080 Boot (0x1200) (605510a0dc7f9c6770f849cec3738acf) \Device\Harddisk0\DR0\Partition0
21:34:49.0933 3080 \Device\Harddisk0\DR0\Partition0 - ok
21:34:49.0949 3080 Boot (0x1200) (1dd2d96683aa0be4663d3b9a0f8d0a87) \Device\Harddisk0\DR0\Partition1
21:34:49.0949 3080 \Device\Harddisk0\DR0\Partition1 - ok
21:34:49.0980 3080 Boot (0x1200) (6ce44c2f63a6c8634b8d2a076735c8c6) \Device\Harddisk0\DR0\Partition2
21:34:49.0980 3080 \Device\Harddisk0\DR0\Partition2 - ok
21:34:49.0996 3080 Boot (0x1200) (3344628c408761002abf41d91e01f7b9) \Device\Harddisk0\DR0\Partition3
21:34:49.0996 3080 \Device\Harddisk0\DR0\Partition3 - ok
21:34:49.0996 3080 ============================================================
21:34:49.0996 3080 Scan finished
21:34:49.0996 3080 ============================================================
21:34:50.0011 2464 Detected object count: 2
21:34:50.0011 2464 Actual detected object count: 2
21:35:10.0057 2464 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:35:10.0057 2464 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:35:10.0057 2464 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:35:10.0057 2464 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:35:18.0559 3396 Deinitialize success

Here's the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 21:38:41
-----------------------------
21:38:41.612 OS Version: Windows x64 6.1.7600
21:38:41.612 Number of processors: 4 586 0x2502
21:38:41.612 ComputerName: Admin-PC UserName: Admin
21:38:43.125 Initialize success
21:40:29.571 AVAST engine defs: 12080601
21:40:38.385 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:40:38.385 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
21:40:38.401 Disk 0 MBR read successfully
21:40:38.401 Disk 0 MBR scan
21:40:38.401 Disk 0 unknown MBR code
21:40:38.416 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:40:38.432 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 452768 MB offset 409600
21:40:38.463 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 23868 MB offset 927678464
21:40:38.479 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
21:40:38.510 Disk 0 scanning C:\Windows\system32\drivers
21:40:48.260 Service scanning
21:41:10.209 Modules scanning
21:41:10.209 Disk 0 trace - called modules:
21:41:10.802 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys sptd.sys hal.dll
21:41:10.802 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007035060]
21:41:10.818 3 CLASSPNP.SYS[fffff88001c7143f] -> nt!IofCallDriver -> [0xfffffa800515cb10]
21:41:10.818 5 hpdskflt.sys[fffff8800181d289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005039050]
21:41:12.331 AVAST engine scan C:\Windows
21:41:15.232 AVAST engine scan C:\Windows\system32
21:43:11.078 AVAST engine scan C:\Windows\system32\drivers
21:43:21.078 AVAST engine scan C:\Users\Admin
22:02:00.614 AVAST engine scan C:\ProgramData
22:06:38.074 Scan finished successfully
22:12:58.235 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
22:12:58.240 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 06 August 2012 - 11:26 PM

Greetings


are you located in japan or canada?


Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 userid48348754

userid48348754
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 06 August 2012 - 11:36 PM

Hello,

I'm in Canada.

Here is the log:


Windows IP Configuration

Host Name . . . . . . . . . . . . : Admin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cg.shawcable.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : cg.shawcable.net
Description . . . . . . . . . . . : Broadcom 4313 802.11b/g/n
Physical Address. . . . . . . . . : 00-26-82-6F-F9-F9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1c8b:fd09:38a9:7d3c%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.50.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : August-06-12 8:42:44 PM
Lease Expires . . . . . . . . . . : August-07-12 8:46:12 PM
Default Gateway . . . . . . . . . : 192.168.50.1
DHCP Server . . . . . . . . . . . : 192.168.50.1
DHCPv6 IAID . . . . . . . . . . . : 318776962
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-9F-C7-C6-C8-0A-A9-D7-CF-AD
DNS Servers . . . . . . . . . . . : 64.59.135.145
64.59.128.114
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.cg.shawcable.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cg.shawcable.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:71:32be:3f57:cd9b(Preferred)
Link-local IPv6 Address . . . . . : fe80::71:32be:3f57:cd9b%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: nsc4.so.cg.shawcable.net
Address: 64.59.135.145

Name: google.com
Addresses: 2607:f8b0:400a:800::1000
173.194.33.3
173.194.33.7
173.194.33.6
173.194.33.14
173.194.33.1
173.194.33.9
173.194.33.0
173.194.33.4
173.194.33.2
173.194.33.5
173.194.33.8

Server: nsc4.so.cg.shawcable.net
Address: 64.59.135.145

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging google.com [173.194.33.3] with 32 bytes of data:
Reply from 173.194.33.3: bytes=32 time=51ms TTL=56
Reply from 173.194.33.3: bytes=32 time=29ms TTL=56

Ping statistics for 173.194.33.3:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 51ms, Average = 40ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=154ms TTL=50
Reply from 98.139.183.24: bytes=32 time=172ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 154ms, Maximum = 172ms, Average = 163ms
===========================================================================
Interface List
13...00 26 82 6f f9 f9 ......Broadcom 4313 802.11b/g/n
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.50.1 192.168.50.100 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.50.0 255.255.255.0 On-link 192.168.50.100 281
192.168.50.100 255.255.255.255 On-link 192.168.50.100 281
192.168.50.255 255.255.255.255 On-link 192.168.50.100 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.50.100 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.50.100 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:71:32be:3f57:cd9b/128
On-link
13 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::71:32be:3f57:cd9b/128
On-link
13 281 fe80::1c8b:fd09:38a9:7d3c/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 AM

Posted 06 August 2012 - 11:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

FireFox::
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pfud24ei.default\
FF - prefs.js: network.proxy.http - 203.183.237.19

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 userid48348754

userid48348754
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 07 August 2012 - 12:16 AM

Hi,

Everything seems to be normal, except I still can't install Microsoft Security Essentials or any Windows updates.


Combofix log:


ComboFix 12-08-05.02 - Admin 06/08/2012 22:53:29.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3894.2013 [GMT -6:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 04:58 . 2012-08-07 04:58 -------- d-----w- c:\users\Work\AppData\Local\temp
2012-08-07 04:58 . 2012-08-07 04:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-07 04:58 . 2012-08-07 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 02:17 . 2012-08-07 02:26 -------- d-----w- c:\programdata\MFAData
2012-08-07 02:17 . 2012-08-07 02:17 -------- d--h--w- c:\programdata\Common Files
2012-08-06 10:28 . 2012-08-06 10:28 328704 ----a-w- c:\windows\system32\services.exe.E01ADDE57A74696C
2012-08-06 10:25 . 2012-08-06 10:25 328704 ----a-w- c:\windows\system32\services.exe.5CF88CD8FAA2741B
2012-08-06 10:22 . 2012-08-06 10:22 328704 ----a-w- c:\windows\system32\services.exe.F43D23BE5134EBA6
2012-08-06 10:19 . 2012-08-06 10:19 328704 ----a-w- c:\windows\system32\services.exe.A4DF62AD0CCBF4C0
2012-08-06 10:17 . 2012-08-06 10:17 328704 ----a-w- c:\windows\system32\services.exe.8E3473C2C1F02C7E
2012-08-06 10:14 . 2012-08-06 10:14 328704 ----a-w- c:\windows\system32\services.exe.23AE28A2C95D1D9B
2012-08-06 10:11 . 2012-08-06 10:11 328704 ----a-w- c:\windows\system32\services.exe.3236D46D6605435A
2012-08-06 10:08 . 2012-08-06 10:08 328704 ----a-w- c:\windows\system32\services.exe.63C8364DC1FFE154
2012-08-06 10:05 . 2012-08-06 10:05 328704 ----a-w- c:\windows\system32\services.exe.E908E3AFFFBEE17F
2012-08-06 09:58 . 2012-08-07 03:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-04 03:27 . 2012-08-04 03:27 328704 ----a-w- c:\windows\system32\services.exe.386DCD8E67608842
2012-08-04 03:23 . 2012-08-04 03:23 328704 ----a-w- c:\windows\system32\services.exe.BFFC4CEFF6072915
2012-08-04 03:20 . 2012-08-04 03:20 328704 ----a-w- c:\windows\system32\services.exe.998E999918F584F7
2012-08-03 22:15 . 2012-08-03 22:15 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-29 20:04 . 2012-07-29 20:04 -------- d-----w- c:\users\Admin\AppData\Roaming\.minecraft
2012-07-20 05:01 . 2012-07-20 05:09 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-20 03:21 . 2012-07-20 03:21 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-15 07:15 . 2012-07-15 07:15 -------- d-----w- c:\users\Admin\AppData\Local\Zachtronics Industries
2012-07-12 23:43 . 2012-07-12 23:44 -------- d-----w- c:\program files (x86)\Avi2Dvd
2012-07-12 23:34 . 2012-07-15 07:37 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 22:36 . 2012-04-01 20:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 22:36 . 2011-05-24 22:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 19:46 . 2012-04-02 00:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-20 23:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-20 23:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-20 23:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-20 23:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-20 23:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-20 23:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-20 23:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-20 23:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-20 23:59 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-06_09.29.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 20:07 . 2012-08-07 02:44 65202 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-06 09:30 42752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-07 05:05 42752 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-21 23:55 . 2012-08-07 05:05 19274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-8015424-1862617799-1635857064-1001_UserData.bin
+ 2012-03-21 02:44 . 2012-03-21 02:44 98688 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2009-07-14 04:46 . 2012-08-07 03:07 80504 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-08-21 22:52 . 2012-08-06 09:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-21 22:52 . 2012-08-07 05:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-21 22:52 . 2012-08-06 09:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-21 22:52 . 2012-08-07 05:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-15 07:02 . 2012-08-07 04:58 2254 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-08-07 04:59 . 2012-08-07 04:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-06 09:28 . 2012-08-06 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-06 09:28 . 2012-08-06 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-07 04:59 . 2012-08-07 04:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-08-07 03:17 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-07 03:17 104568 c:\windows\system32\perfc009.dat
+ 2012-03-21 02:44 . 2012-03-21 02:44 203888 c:\windows\system32\drivers\MpFilter.sys
- 2010-08-21 22:46 . 2012-08-06 09:16 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-21 22:46 . 2012-08-07 03:56 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-07 03:56 557056 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-06 09:16 557056 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-08-07 04:58 469596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-06 09:28 469596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-06-06 23:58 . 2012-08-06 09:58 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-08-06 09:58 . 2012-08-06 09:58 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-06-06 23:58 . 2012-08-06 09:58 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-06-06 23:58 . 2012-08-06 09:58 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-06-06 23:58 . 2012-08-04 03:13 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-06-06 23:58 . 2012-08-06 09:58 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2010-08-21 22:46 . 2012-08-07 03:56 2441216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-21 22:46 . 2012-08-06 09:16 2441216 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-05 22:16 . 2012-08-07 04:58 3520196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-8015424-1862617799-1635857064-1001-12288.dat
+ 2012-08-07 02:19 . 2012-08-07 02:19 8544256 c:\windows\Installer\23aa1.msi
+ 2012-03-27 01:21 . 2012-03-27 01:21 7622656 c:\windows\Installer\1b124e.msi
+ 2009-07-14 02:34 . 2012-08-07 04:06 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-03 22:22 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-22 05:38 . 2012-08-07 04:58 39129800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-8015424-1862617799-1635857064-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775d}]
2009-11-25 18:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c9a6357b-25cc-4bcf-96c1-78736985d414}"= "mscoree.dll" [2009-11-25 297808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 136176]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-22 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-14 503352]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-07 43704]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-04 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-10 203264]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-25 360960]
S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-25 480768]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-10 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-10 279040]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-29 10610400]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 21:38]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 21:38]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8015424-1862617799-1635857064-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 00:56]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8015424-1862617799-1635857064-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-29 00:56]
.
2012-08-06 c:\windows\Tasks\HPCeeScheduleForAdmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
2011-07-13 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files (x86)\NCH Swift Sound\Scribe\scribe.exe [2011-06-16 21:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-04 487424]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.59.135.145 64.59.128.114
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pfud24ei.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-08-06 23:08:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 05:08
ComboFix2.txt 2012-08-07 02:47
ComboFix3.txt 2012-08-06 09:44
ComboFix4.txt 2012-06-19 09:23
.
Pre-Run: 63,971,856,384 bytes free
Post-Run: 63,665,692,672 bytes free
.
- - End Of File - - 2C649515F9144C7E66F70DF1BFE044D2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users