Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect / IExplore random start / random music


  • This topic is locked This topic is locked
82 replies to this topic

#1 mariodr

mariodr

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 01 November 2011 - 03:14 AM

Hi, I was recently infected with the System Restore trojan. After taking the proper steps to remove it, I believe I'm left with a rootkit that came with it.

Right now, I have
- google search results redirecting
- "iexplore.exe -Embedding" starting seemingly at random
- odd music playing infrequently

also, during a followup system scan by aswMBR, consrv.dll was tagged with having win32:Malware-gen, but I left it alone before posting this request for help.

I'm running Windows 7, 64 bit.
I'll paste my DDS log below.

Thanks in advance for any help you can give.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17
Run by Jelani at 3:52:19 on 2011-11-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8088.5271 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Spybot - Search & Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Windows\system32\dlbccoms.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\RssReader\RssReader.exe
C:\Users\Jelani\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\GetRight\GetRight.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
c:\program files (x86)\lenovo\system update\suservice.exe
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Jelani\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelani\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelani\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jelani\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - C:\Program Files (x86)\GetRight\xx2gr.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RssReader] C:\Program Files (x86)\RssReader\RssReader.exe
uRun: [MusicManager] "C:\Users\Jelani\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
StartupFolder: C:\Users\Jelani\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GetRight.lnk - C:\Program Files (x86)\GetRight\GetRight.exe
StartupFolder: C:\Users\Jelani\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: dapreview.net\www
DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/63.16/uploader2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://50.22.132.160:4643/vz/ssh/wodTelnetDLX.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{21B8E8C8-D41E-4053-9068-7C88C745BA4E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{21B8E8C8-D41E-4053-9068-7C88C745BA4E}\2656C6B696E6E233265323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{21B8E8C8-D41E-4053-9068-7C88C745BA4E}\26572626C6977716475627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{21B8E8C8-D41E-4053-9068-7C88C745BA4E}\342756164756 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{21B8E8C8-D41E-4053-9068-7C88C745BA4E}\759687C4F657E67656 : DhcpNameServer = 24.29.99.35 24.29.99.36 192.168.1.1
TCP: Interfaces\{21B8E8C8-D41E-4053-9068-7C88C745BA4E}\759687C4F657E67656D27657563747 : DhcpNameServer = 24.29.99.35 24.29.99.36 192.168.33.1
TCP: Interfaces\{21B8E8C8-D41E-4053-9068-7C88C745BA4E}\8423841573 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{DE6A6553-CF4D-41B2-9FC3-3433E2BE7A36} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: IE to GetRight Helper: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jelani\AppData\Roaming\Mozilla\Firefox\Profiles\vc7xa072.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Jelani\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jelani\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jelani\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe -service --> C:\Windows\system32\dlbccoms.exe -service [?]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-6-25 50536]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-6-25 74088]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-1-14 2477304]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-1-6 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-1-6 487280]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-6-25 63928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-6-25 2058776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-10 136824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-6-25 45496]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-6-25 164200]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-6-25 75112]
S3 Red5;Red5;C:\Program Files (x86)\Red5\wrapper.exe [2009-11-21 233984]
S3 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-8-24 130976]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-8-24 1082800]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-8-24 1149864]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-8-24 169624]
.
=============== Created Last 30 ================
.
2011-11-01 06:11:42 -------- d-s---w- C:\ComboFix
2011-11-01 05:50:44 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-31 22:01:18 -------- d-----w- C:\Users\Jelani\AppData\Local\{E0343307-6570-425C-AF04-FD74187FB120}
2011-10-31 22:01:02 -------- d-----w- C:\Users\Jelani\AppData\Local\{655BDDEF-9E61-4699-A4D2-A2EC0C46CA61}
2011-10-31 09:58:44 -------- d-----w- C:\Users\Jelani\AppData\Local\{9201A356-C1CB-4578-992B-A38EE95BFC61}
2011-10-31 09:58:33 -------- d-----w- C:\Users\Jelani\AppData\Local\{E757C1F7-6660-4908-96C3-F5204E20BE98}
2011-10-31 09:58:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{A71CE42E-7A11-487E-A9C6-DBE5BDC31B36}
2011-10-31 09:57:49 -------- d-----w- C:\Users\Jelani\AppData\Local\{4BC9AFF0-B707-42F7-A1F3-80D8DC27BBB4}
2011-10-30 21:57:32 -------- d-----w- C:\Users\Jelani\AppData\Local\{692502C1-569E-412A-931F-32F1F2EE8448}
2011-10-30 21:57:21 -------- d-----w- C:\Users\Jelani\AppData\Local\{ED4AB036-CC0F-4030-9662-695967D8E93F}
2011-10-30 21:57:10 -------- d-----w- C:\Users\Jelani\AppData\Local\{8227681A-3C84-4DF6-826C-C6C2BCD2FD73}
2011-10-30 21:56:36 -------- d-----w- C:\Users\Jelani\AppData\Local\{7526682E-1131-435D-801F-8BDBC47681DB}
2011-10-30 09:56:21 -------- d-----w- C:\Users\Jelani\AppData\Local\{0D4119F5-D167-4C82-9073-E804C57E3055}
2011-10-30 09:56:11 -------- d-----w- C:\Users\Jelani\AppData\Local\{B26B4C41-2E58-45EF-8613-F5C19E072ECF}
2011-10-30 09:56:00 -------- d-----w- C:\Users\Jelani\AppData\Local\{F7EBB0C4-3AF2-47A4-BAEC-CC5D1BAE5E8A}
2011-10-30 09:55:26 -------- d-----w- C:\Users\Jelani\AppData\Local\{42C928DF-F078-49DB-B6CD-4246474B9452}
2011-10-29 21:55:11 -------- d-----w- C:\Users\Jelani\AppData\Local\{F2CFCE2F-83FF-4009-BAEF-18F625CA8331}
2011-10-29 21:55:00 -------- d-----w- C:\Users\Jelani\AppData\Local\{6E481CAA-231F-4CFE-8A53-B43BB195AEEE}
2011-10-29 21:54:50 -------- d-----w- C:\Users\Jelani\AppData\Local\{7A9DEB97-954A-445B-96C0-1EDA4D905393}
2011-10-29 21:54:16 -------- d-----w- C:\Users\Jelani\AppData\Local\{3D3C67A8-2244-4A91-9AD6-3A67831C9CD6}
2011-10-29 09:53:59 -------- d-----w- C:\Users\Jelani\AppData\Local\{1801D22F-52F0-47B0-B2DD-BCD34D4EFA8D}
2011-10-29 09:53:48 -------- d-----w- C:\Users\Jelani\AppData\Local\{249DB2D1-FE4B-4C53-8060-46EB44C8CC4A}
2011-10-29 09:53:37 -------- d-----w- C:\Users\Jelani\AppData\Local\{EF4DF601-B398-4082-9A2D-A15B81150060}
2011-10-29 09:53:03 -------- d-----w- C:\Users\Jelani\AppData\Local\{F0D8C1B1-1376-4CDE-B304-A122C62649D9}
2011-10-28 21:52:47 -------- d-----w- C:\Users\Jelani\AppData\Local\{668ADC15-1FE7-4E65-BF02-F1BC6505926D}
2011-10-28 21:52:35 -------- d-----w- C:\Users\Jelani\AppData\Local\{7DE7DD03-1E9D-4D06-BE3A-E2775DE68635}
2011-10-28 21:52:24 -------- d-----w- C:\Users\Jelani\AppData\Local\{4BE82A92-8694-43D5-930D-001168DF985B}
2011-10-28 21:51:50 -------- d-----w- C:\Users\Jelani\AppData\Local\{5ECBD7F2-CEBF-40CE-AB1B-E258EEC8D64D}
2011-10-28 09:51:35 -------- d-----w- C:\Users\Jelani\AppData\Local\{4A0F49E2-6C44-491C-9260-B30366877400}
2011-10-28 09:51:24 -------- d-----w- C:\Users\Jelani\AppData\Local\{9DA5D95A-94CD-4455-A3D2-FD64A61E7185}
2011-10-28 09:51:13 -------- d-----w- C:\Users\Jelani\AppData\Local\{0295669A-20D6-4A9F-95DB-8004E4760F72}
2011-10-28 09:50:39 -------- d-----w- C:\Users\Jelani\AppData\Local\{151B374F-5C3D-4F8A-A485-0EAA2F92EF12}
2011-10-27 21:50:20 -------- d-----w- C:\Users\Jelani\AppData\Local\{6219F092-54EC-40A5-9B63-801633E663DE}
2011-10-27 21:50:08 -------- d-----w- C:\Users\Jelani\AppData\Local\{E3726924-031D-4A7D-BCFB-DC0530521C27}
2011-10-27 21:49:57 -------- d-----w- C:\Users\Jelani\AppData\Local\{5231DB67-B2FF-44DE-8837-7B5AB5E244D2}
2011-10-27 21:49:35 -------- d-----w- C:\Users\Jelani\AppData\Local\{B4BEB05F-3739-4508-BBAF-9AD07D5CDA9D}
2011-10-27 09:49:21 -------- d-----w- C:\Users\Jelani\AppData\Local\{C88395D5-B8AC-4CAF-99A7-3BC1F7B8E2FE}
2011-10-27 09:49:10 -------- d-----w- C:\Users\Jelani\AppData\Local\{4A85FB99-BC36-4E37-8894-4361ECBD9627}
2011-10-27 09:48:59 -------- d-----w- C:\Users\Jelani\AppData\Local\{2868EFEC-362F-46E2-8808-5D8418475F09}
2011-10-27 09:48:37 -------- d-----w- C:\Users\Jelani\AppData\Local\{BC6C2013-C471-4023-99CD-5318332EA980}
2011-10-26 21:48:18 -------- d-----w- C:\Users\Jelani\AppData\Local\{C8270125-18A1-484E-96F2-C6E30CF1E1F9}
2011-10-26 21:48:07 -------- d-----w- C:\Users\Jelani\AppData\Local\{C718DE81-AB61-42BE-A253-0D14B5D277B1}
2011-10-26 21:47:55 -------- d-----w- C:\Users\Jelani\AppData\Local\{BD4ABD9B-80EC-4D0E-8F36-F24B2D509A68}
2011-10-26 21:47:33 -------- d-----w- C:\Users\Jelani\AppData\Local\{05D3310C-EF4E-4597-8C75-699BDE365CA1}
2011-10-26 09:47:19 -------- d-----w- C:\Users\Jelani\AppData\Local\{BF2723DE-7BB8-4C8C-93B6-3556C3D33123}
2011-10-26 09:47:08 -------- d-----w- C:\Users\Jelani\AppData\Local\{1AB5A96E-28E2-4164-B80E-EF4FD9B68847}
2011-10-26 09:46:58 -------- d-----w- C:\Users\Jelani\AppData\Local\{E0CEF7FB-2527-4CE8-86D6-FD7A1B49575B}
2011-10-26 09:46:36 -------- d-----w- C:\Users\Jelani\AppData\Local\{1F6DD392-90B9-4BC5-8DAB-A922070D7A82}
2011-10-25 21:46:22 -------- d-----w- C:\Users\Jelani\AppData\Local\{B253DA19-B12C-4D17-8EB6-416AD9190120}
2011-10-25 21:46:11 -------- d-----w- C:\Users\Jelani\AppData\Local\{C649B999-FD2F-4E1B-834A-5CF043A984E0}
2011-10-25 21:46:01 -------- d-----w- C:\Users\Jelani\AppData\Local\{6D9185F3-A84F-4E58-880D-EB59B514571F}
2011-10-25 21:45:39 -------- d-----w- C:\Users\Jelani\AppData\Local\{E971AE90-E0C5-4817-AB02-61325C08A0D9}
2011-10-25 09:45:25 -------- d-----w- C:\Users\Jelani\AppData\Local\{5161330E-99F2-4A58-B807-817E7A1A08C4}
2011-10-25 09:45:14 -------- d-----w- C:\Users\Jelani\AppData\Local\{D9B4FABD-535F-49EC-85F3-33052AA04E61}
2011-10-25 09:45:04 -------- d-----w- C:\Users\Jelani\AppData\Local\{711DC200-E7C4-4CB3-8075-93B90BD51DE2}
2011-10-25 09:44:42 -------- d-----w- C:\Users\Jelani\AppData\Local\{DE0EBFC5-18DB-46BD-85B3-6490028F1640}
2011-10-24 21:44:19 -------- d-----w- C:\Users\Jelani\AppData\Local\{9287F8C5-305F-4154-A5B7-0FE6BBEABC7E}
2011-10-24 21:44:06 -------- d-----w- C:\Users\Jelani\AppData\Local\{7368C9F0-BC47-49B3-952A-612E4566DB41}
2011-10-24 21:43:55 -------- d-----w- C:\Users\Jelani\AppData\Local\{8ADA11BC-2584-4A27-A824-D57DDA153CEB}
2011-10-24 21:43:32 -------- d-----w- C:\Users\Jelani\AppData\Local\{0E9DC229-AAB1-4B31-A7A5-B7CD5380A441}
2011-10-24 09:43:17 -------- d-----w- C:\Users\Jelani\AppData\Local\{8C98EF23-3513-4C69-8A5B-C58FC7D855FB}
2011-10-24 09:43:07 -------- d-----w- C:\Users\Jelani\AppData\Local\{CB8BE7D1-AB67-4D30-9DDC-4DE2EACE7FB9}
2011-10-24 09:42:56 -------- d-----w- C:\Users\Jelani\AppData\Local\{71C709A6-AF86-419F-8D57-84D4E849C2D7}
2011-10-24 09:42:34 -------- d-----w- C:\Users\Jelani\AppData\Local\{2417538A-BEF9-492B-9553-18635DA4B587}
2011-10-23 21:42:19 -------- d-----w- C:\Users\Jelani\AppData\Local\{46A43C54-7B2A-46A8-8E80-A42CED3393BB}
2011-10-23 21:42:08 -------- d-----w- C:\Users\Jelani\AppData\Local\{3435C464-E2EF-4749-A958-5C9F1156C3EA}
2011-10-23 21:41:58 -------- d-----w- C:\Users\Jelani\AppData\Local\{7E0A1D12-4177-42CD-A2BC-11C9BB2C1873}
2011-10-23 21:41:36 -------- d-----w- C:\Users\Jelani\AppData\Local\{5AE1C6D7-5273-4C77-8DBA-68E917E3A137}
2011-10-23 09:41:22 -------- d-----w- C:\Users\Jelani\AppData\Local\{4F771A6E-D8A4-4A0E-B695-7F88C3DF70E3}
2011-10-23 09:41:11 -------- d-----w- C:\Users\Jelani\AppData\Local\{E7631F6C-9E59-4DE3-8C01-89975D419CEF}
2011-10-23 09:41:01 -------- d-----w- C:\Users\Jelani\AppData\Local\{C97241C2-E008-4740-84CA-CF2B06B1AF8B}
2011-10-23 09:40:39 -------- d-----w- C:\Users\Jelani\AppData\Local\{BF8E654F-4B92-4120-97B8-E97180631F2B}
2011-10-22 21:40:21 -------- d-----w- C:\Users\Jelani\AppData\Local\{FDE667F4-0174-4712-BEFC-57169C16A895}
2011-10-22 21:40:09 -------- d-----w- C:\Users\Jelani\AppData\Local\{69BF90E7-6BCB-4E6C-B047-AE1B2E64D265}
2011-10-22 21:39:58 -------- d-----w- C:\Users\Jelani\AppData\Local\{A5133D6D-751D-459F-87C8-FA887720D5DC}
2011-10-22 21:39:36 -------- d-----w- C:\Users\Jelani\AppData\Local\{D296C4CB-A8D0-4301-9990-0D968FB4AFAE}
2011-10-22 09:39:21 -------- d-----w- C:\Users\Jelani\AppData\Local\{3AF4E7A8-9148-42A8-8AFC-8E9250DEB715}
2011-10-22 09:39:10 -------- d-----w- C:\Users\Jelani\AppData\Local\{64C679C5-E76B-4196-8581-0B4AD8013DBC}
2011-10-22 09:38:59 -------- d-----w- C:\Users\Jelani\AppData\Local\{2BD7073A-BA91-4EC5-B8A4-8D1E265334CE}
2011-10-22 09:38:38 -------- d-----w- C:\Users\Jelani\AppData\Local\{AF472868-284F-4987-9F24-14AE4E868D13}
2011-10-21 21:38:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{F90A1642-DC8B-44F7-B73D-70C484B8F406}
2011-10-21 21:38:12 -------- d-----w- C:\Users\Jelani\AppData\Local\{F51F50A4-509A-4165-9A7D-EE1A51DA89FF}
2011-10-21 21:38:01 -------- d-----w- C:\Users\Jelani\AppData\Local\{AAC0B1FC-2DBA-4BF2-A3D8-29312BA01FFC}
2011-10-21 21:37:39 -------- d-----w- C:\Users\Jelani\AppData\Local\{212A896C-5B1A-46A0-909D-2B900DD56BAF}
2011-10-21 09:37:25 -------- d-----w- C:\Users\Jelani\AppData\Local\{8E83196D-4988-4853-994A-1954A710B3A0}
2011-10-21 09:37:15 -------- d-----w- C:\Users\Jelani\AppData\Local\{B16EA466-4B97-4F1D-931E-29F36C407C82}
2011-10-21 09:37:04 -------- d-----w- C:\Users\Jelani\AppData\Local\{A52F9416-3973-49E6-BBA8-61BDD640998A}
2011-10-21 09:36:42 -------- d-----w- C:\Users\Jelani\AppData\Local\{551F55B7-7CAC-4BA2-8620-9B3F01164721}
2011-10-20 21:36:28 -------- d-----w- C:\Users\Jelani\AppData\Local\{8BA7EA32-D3E9-43F3-A804-E4A50E75E74E}
2011-10-20 21:36:18 -------- d-----w- C:\Users\Jelani\AppData\Local\{F91EB321-D5B1-4985-B35A-EA4935EE1223}
2011-10-20 21:36:07 -------- d-----w- C:\Users\Jelani\AppData\Local\{F6C8E2EE-B348-4F13-A053-CE0917FC0033}
2011-10-20 21:35:45 -------- d-----w- C:\Users\Jelani\AppData\Local\{CF7FB1D6-BD54-4036-9716-9040C42EFF2C}
2011-10-20 09:35:27 -------- d-----w- C:\Users\Jelani\AppData\Local\{1B7872F2-61B6-4308-A7AA-87E632724B06}
2011-10-20 09:35:15 -------- d-----w- C:\Users\Jelani\AppData\Local\{044A0F49-B9AC-4534-A5B5-DAA3FA3FB4CF}
2011-10-20 09:35:04 -------- d-----w- C:\Users\Jelani\AppData\Local\{D5E95F4B-339E-458D-BA9C-497023E441DF}
2011-10-20 09:34:40 -------- d-----w- C:\Users\Jelani\AppData\Local\{3C13C283-BAC7-47EA-B277-BC49B5C515D5}
2011-10-19 21:34:24 -------- d-----w- C:\Users\Jelani\AppData\Local\{20A4497C-94FD-4077-8122-B5367EEE2B9A}
2011-10-19 21:34:13 -------- d-----w- C:\Users\Jelani\AppData\Local\{B36B2351-2B5B-4AD6-BB91-2712A1345C18}
2011-10-19 21:34:02 -------- d-----w- C:\Users\Jelani\AppData\Local\{6EF96910-FE42-4359-8F6D-42C1ABD4DB23}
2011-10-19 21:33:51 -------- d-----w- C:\Users\Jelani\AppData\Local\{6EEBA744-D1BA-4697-9821-BB3415D0CAB8}
2011-10-19 09:33:37 -------- d-----w- C:\Users\Jelani\AppData\Local\{EBFAB60B-D04A-4E8D-B782-840A95B2229A}
2011-10-19 09:33:26 -------- d-----w- C:\Users\Jelani\AppData\Local\{A1FC7DF8-BEE4-4873-B30A-59F6077AB02E}
2011-10-19 09:33:16 -------- d-----w- C:\Users\Jelani\AppData\Local\{FB6F5796-F2B6-4F51-9EBE-809C22876DE1}
2011-10-19 09:32:54 -------- d-----w- C:\Users\Jelani\AppData\Local\{09492113-198A-406F-A42B-912C36856D19}
2011-10-18 21:32:40 -------- d-----w- C:\Users\Jelani\AppData\Local\{73487CC6-4557-4180-9FA5-7E3E9DB44BA5}
2011-10-18 21:32:30 -------- d-----w- C:\Users\Jelani\AppData\Local\{34427081-8D0C-4CA2-A6DF-6B35055F93FE}
2011-10-18 21:32:21 -------- d-----w- C:\Users\Jelani\AppData\Local\{E28AA803-7D74-4D85-B6C4-F7ADE1FC18BA}
2011-10-18 21:32:00 -------- d-----w- C:\Users\Jelani\AppData\Local\{A887814A-540D-43F0-A9E2-2D7D920C46E9}
2011-10-18 09:31:45 -------- d-----w- C:\Users\Jelani\AppData\Local\{FB14E634-74A4-4561-8CE7-E0CE2F0D22A5}
2011-10-18 09:31:35 -------- d-----w- C:\Users\Jelani\AppData\Local\{0D0E9942-900C-46BE-8BAA-C8BDC4BEC9B9}
2011-10-18 09:31:12 -------- d-----w- C:\Users\Jelani\AppData\Local\{7BE15A72-5B32-46E4-B4F4-0AAE71842872}
2011-10-17 21:30:47 -------- d-----w- C:\Users\Jelani\AppData\Local\{CB26163D-8EBF-4E06-B7F1-BB1C39601687}
2011-10-17 21:30:36 -------- d-----w- C:\Users\Jelani\AppData\Local\{E9A644C3-D8F7-43A9-B6F4-A72C2EABF527}
2011-10-17 21:30:25 -------- d-----w- C:\Users\Jelani\AppData\Local\{69CDBE55-F689-4437-9C1B-EE8FDE370A22}
2011-10-17 21:30:03 -------- d-----w- C:\Users\Jelani\AppData\Local\{1FB4548E-610B-4A8F-A92D-9447F35532CF}
2011-10-17 09:29:35 -------- d-----w- C:\Users\Jelani\AppData\Local\{39588345-7CB5-4956-AF68-8F6E613AF0A0}
2011-10-17 09:29:24 -------- d-----w- C:\Users\Jelani\AppData\Local\{DFD26820-1578-48F7-BC2F-FC60B9C43400}
2011-10-17 09:29:14 -------- d-----w- C:\Users\Jelani\AppData\Local\{6C555E36-BA27-4767-9F7D-4F3BA63943BA}
2011-10-17 09:28:52 -------- d-----w- C:\Users\Jelani\AppData\Local\{64CF436C-7DA9-453F-9779-8057F99169E4}
2011-10-16 21:28:36 -------- d-----w- C:\Users\Jelani\AppData\Local\{361ACEE5-82AD-4B7F-A2EA-2F29F734DB12}
2011-10-16 21:28:25 -------- d-----w- C:\Users\Jelani\AppData\Local\{9C649779-FECB-4884-BA3F-A7E327C6F1C1}
2011-10-16 21:28:11 -------- d-----w- C:\Users\Jelani\AppData\Local\{82BDBD73-7767-4345-A34E-E2593B3C7190}
2011-10-16 21:27:46 -------- d-----w- C:\Users\Jelani\AppData\Local\{2887D7EF-BAAE-4765-88AD-0140A7FA5D43}
2011-10-16 09:27:31 -------- d-----w- C:\Users\Jelani\AppData\Local\{A0030294-B59C-4688-9CB1-6CB4869B5692}
2011-10-16 09:27:21 -------- d-----w- C:\Users\Jelani\AppData\Local\{55EA7F5E-410D-4182-BE50-E74D0D4B6253}
2011-10-16 09:27:10 -------- d-----w- C:\Users\Jelani\AppData\Local\{8A681940-5933-43D7-B6FA-78A2458915F4}
2011-10-16 09:26:36 -------- d-----w- C:\Users\Jelani\AppData\Local\{D16FD171-8FCF-45E3-9EBB-7323F4143B77}
2011-10-15 21:26:20 -------- d-----w- C:\Users\Jelani\AppData\Local\{623B3379-6EC9-4BF4-BCB7-6217B39B6B44}
2011-10-15 21:26:09 -------- d-----w- C:\Users\Jelani\AppData\Local\{9B2A1CC3-2B8C-4F87-ACC4-AA1C51F5F303}
2011-10-15 21:25:58 -------- d-----w- C:\Users\Jelani\AppData\Local\{B2953290-5987-4BF6-96C4-62995B851A65}
2011-10-15 21:25:24 -------- d-----w- C:\Users\Jelani\AppData\Local\{9527AFEA-4140-4AC6-93C4-611454861020}
2011-10-15 09:24:40 -------- d-----w- C:\Users\Jelani\AppData\Local\{672D60C3-B0E6-4652-8D25-CB90047BD20C}
2011-10-15 09:24:27 -------- d-----w- C:\Users\Jelani\AppData\Local\{D19AEB7F-81F7-471B-ACCD-46BA27938E07}
2011-10-15 09:24:14 -------- d-----w- C:\Users\Jelani\AppData\Local\{4D81790A-02D0-4A6A-A2E7-BC69A009DB9F}
2011-10-15 09:23:37 -------- d-----w- C:\Users\Jelani\AppData\Local\{89F14931-49A0-4ADB-BF26-958B85ADAE7F}
2011-10-14 21:23:20 -------- d-----w- C:\Users\Jelani\AppData\Local\{E296BB41-781A-4BFA-8174-DB9DD1F94690}
2011-10-14 21:23:09 -------- d-----w- C:\Users\Jelani\AppData\Local\{B32FC49A-ED59-4E22-A86D-AB9314A7445D}
2011-10-14 21:22:58 -------- d-----w- C:\Users\Jelani\AppData\Local\{D74B548B-5AB8-480F-B4AE-80543F1A03F9}
2011-10-14 21:22:24 -------- d-----w- C:\Users\Jelani\AppData\Local\{E5EE1C29-320A-4D7F-9D3D-BB5B944BC38C}
2011-10-14 09:22:05 -------- d-----w- C:\Users\Jelani\AppData\Local\{7CCF14E9-27DD-43BB-915E-7D8C2960FE8D}
2011-10-14 09:21:53 -------- d-----w- C:\Users\Jelani\AppData\Local\{C79D391A-2A03-4737-A81D-BAAE960CC48D}
2011-10-14 09:21:42 -------- d-----w- C:\Users\Jelani\AppData\Local\{FE3E7253-9928-441E-95F7-222EDB74F798}
2011-10-14 09:21:07 -------- d-----w- C:\Users\Jelani\AppData\Local\{1301CD1F-CF4B-468E-82CC-AD5D8EE125D9}
2011-10-13 21:20:49 -------- d-----w- C:\Users\Jelani\AppData\Local\{4B7470BE-A6B6-43D6-BECF-809473232842}
2011-10-13 21:20:37 -------- d-----w- C:\Users\Jelani\AppData\Local\{100B86EB-A7A4-4072-9C50-EE67CA99E307}
2011-10-13 21:20:26 -------- d-----w- C:\Users\Jelani\AppData\Local\{767A1868-6474-48C5-9A5C-ECF87DD9D4FF}
2011-10-13 21:19:51 -------- d-----w- C:\Users\Jelani\AppData\Local\{B1B4703E-DCEC-4E9F-A045-63513D631E04}
2011-10-13 09:41:33 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 09:41:28 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 09:41:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 09:41:27 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 09:41:26 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 09:40:33 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 09:40:33 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 09:40:32 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 09:40:32 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 09:19:34 -------- d-----w- C:\Users\Jelani\AppData\Local\{AD103CBF-451E-4EB7-971C-CFF2C98D266D}
2011-10-13 09:19:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{12A40434-3DB8-4E54-BD33-3444623410C5}
2011-10-13 09:19:12 -------- d-----w- C:\Users\Jelani\AppData\Local\{0E0BEA30-21B3-47AE-BC2E-339575021C9D}
2011-10-13 09:18:38 -------- d-----w- C:\Users\Jelani\AppData\Local\{1445CDE5-1CAC-4BF8-B132-8D08B2F4E8C5}
2011-10-12 21:18:12 -------- d-----w- C:\Users\Jelani\AppData\Local\{2E7AD110-00AB-4ED3-B894-6C15425A853F}
2011-10-12 21:18:00 -------- d-----w- C:\Users\Jelani\AppData\Local\{FE7D2395-CFDB-49E7-896E-D6C683D94031}
2011-10-12 21:17:48 -------- d-----w- C:\Users\Jelani\AppData\Local\{BE740BAC-C68C-4A7D-8235-42D9D2AC944F}
2011-10-12 21:17:11 -------- d-----w- C:\Users\Jelani\AppData\Local\{6AFA9E3A-BC20-43D2-B86A-B11C8EB11DBD}
2011-10-12 09:16:56 -------- d-----w- C:\Users\Jelani\AppData\Local\{22A968D4-7D8C-4135-B67E-3F919503D18C}
2011-10-12 09:16:46 -------- d-----w- C:\Users\Jelani\AppData\Local\{86104B21-16D5-4A39-BFE4-C12E0FB0484E}
2011-10-12 09:16:35 -------- d-----w- C:\Users\Jelani\AppData\Local\{7B09DBEC-94BC-4BB9-A55E-18C849598E9F}
2011-10-12 09:16:01 -------- d-----w- C:\Users\Jelani\AppData\Local\{C85CE4D3-F093-48E8-9F9B-0B5FE18F8CD5}
2011-10-11 21:15:39 -------- d-----w- C:\Users\Jelani\AppData\Local\{F82B33DA-9AC4-44F2-BCF7-6BC9CF504663}
2011-10-11 21:15:26 -------- d-----w- C:\Users\Jelani\AppData\Local\{94171660-D4E6-4ECE-8607-C825C6DB0D09}
2011-10-11 21:15:13 -------- d-----w- C:\Users\Jelani\AppData\Local\{A23E0A8E-BCC2-4CAE-8364-64A23910E0E3}
2011-10-11 21:14:48 -------- d-----w- C:\Users\Jelani\AppData\Local\{8B7BFCFD-655A-49E5-A937-EB39C23AD6CC}
2011-10-11 09:14:34 -------- d-----w- C:\Users\Jelani\AppData\Local\{D0EB8A77-360E-48A5-9D65-27D82DC86C7E}
2011-10-11 09:14:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{B14E0A90-E866-419B-B7B6-2C210546F82A}
2011-10-11 09:14:13 -------- d-----w- C:\Users\Jelani\AppData\Local\{E3DE4CA9-2D49-4A1C-9796-7BACAEBB8A16}
2011-10-11 09:13:51 -------- d-----w- C:\Users\Jelani\AppData\Local\{C2E03A08-5EB7-4DC9-B084-ECB5D812D0AC}
2011-10-10 21:13:35 -------- d-----w- C:\Users\Jelani\AppData\Local\{8B636352-BE69-496C-9A4E-1E16A1AB730E}
2011-10-10 21:13:24 -------- d-----w- C:\Users\Jelani\AppData\Local\{7BD9C808-4C1F-4263-8BD1-C3897F5AA09F}
2011-10-10 21:13:12 -------- d-----w- C:\Users\Jelani\AppData\Local\{19BC9CD1-12B7-458D-BD42-78F26270BFA1}
2011-10-10 21:12:46 -------- d-----w- C:\Users\Jelani\AppData\Local\{583D94B0-692F-4FF6-A2F5-EDC0233B1867}
2011-10-10 09:12:31 -------- d-----w- C:\Users\Jelani\AppData\Local\{2B93CBA0-3004-4CFF-AD92-3AD2A17A4173}
2011-10-10 09:12:21 -------- d-----w- C:\Users\Jelani\AppData\Local\{5B6FB2DE-EB9B-4493-B496-BFD53D443FB5}
2011-10-10 09:12:10 -------- d-----w- C:\Users\Jelani\AppData\Local\{F645F297-AEAB-424E-B8B3-C32D25B63FBA}
2011-10-10 09:11:48 -------- d-----w- C:\Users\Jelani\AppData\Local\{CD757CE3-0468-400A-BB1E-2775A39BB820}
2011-10-09 21:11:34 -------- d-----w- C:\Users\Jelani\AppData\Local\{B1578FF7-5EE3-405F-AEE1-27F71BEFCCDC}
2011-10-09 21:11:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{6243EFA0-FB90-4637-B3F7-E2D058E94EB4}
2011-10-09 21:11:13 -------- d-----w- C:\Users\Jelani\AppData\Local\{10E499A3-138A-4E82-9A73-D14E45CA1EA0}
2011-10-09 21:10:51 -------- d-----w- C:\Users\Jelani\AppData\Local\{BF7F69F7-910E-4E08-9705-7762AA2B89D9}
2011-10-09 09:10:28 -------- d-----w- C:\Users\Jelani\AppData\Local\{9DAC21F6-A234-4630-9E06-FF9D6590D414}
2011-10-09 09:10:16 -------- d-----w- C:\Users\Jelani\AppData\Local\{6D223EAA-9F07-41F1-8F34-A76526111B15}
2011-10-09 09:09:55 -------- d-----w- C:\Users\Jelani\AppData\Local\{E7850228-2BD8-41E4-9365-6F378142FCFE}
2011-10-08 08:28:20 -------- d-----w- C:\Users\Jelani\AppData\Local\{A762DD9A-8D01-43BE-90CD-0585908F7D3B}
2011-10-08 08:28:09 -------- d-----w- C:\Users\Jelani\AppData\Local\{7746D4A2-DD2F-4D15-A51B-01B05C4BFC48}
2011-10-08 08:27:59 -------- d-----w- C:\Users\Jelani\AppData\Local\{D7974DEB-B7DC-4406-AA9C-A38992A5A413}
2011-10-08 08:27:37 -------- d-----w- C:\Users\Jelani\AppData\Local\{CC011BEC-EC27-4FFB-BC8C-F756431FBA94}
2011-10-07 20:27:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{4B2F8A49-6D28-4312-BB7D-CCC4EC641320}
2011-10-07 20:27:12 -------- d-----w- C:\Users\Jelani\AppData\Local\{F7895B2D-007B-4CF7-9E5F-3CCE4ADB3466}
2011-10-07 20:27:01 -------- d-----w- C:\Users\Jelani\AppData\Local\{3A366D71-84AC-4821-87CF-E396538A5123}
2011-10-07 08:26:25 -------- d-----w- C:\Users\Jelani\AppData\Local\{6CEBE75B-BEDA-4A5F-9915-CEB48132DC34}
2011-10-07 08:26:14 -------- d-----w- C:\Users\Jelani\AppData\Local\{60F6BAB0-DAFE-471D-A83E-BCB2A1FDE06C}
2011-10-07 08:26:04 -------- d-----w- C:\Users\Jelani\AppData\Local\{0D26B404-21BF-472D-AF2C-E8BC6EF6FD8A}
2011-10-06 20:25:28 -------- d-----w- C:\Users\Jelani\AppData\Local\{F4D8AD56-4FD3-48F9-AC1E-17332CC8BFDD}
2011-10-06 20:25:17 -------- d-----w- C:\Users\Jelani\AppData\Local\{9FB81FAF-A615-459E-A302-80C6955E527C}
2011-10-06 20:25:07 -------- d-----w- C:\Users\Jelani\AppData\Local\{768D55BD-F884-425D-9B70-01AE0DEB25A5}
2011-10-06 20:24:45 -------- d-----w- C:\Users\Jelani\AppData\Local\{A776EBD2-E2E6-453E-A654-F27B100CE281}
2011-10-06 08:24:19 -------- d-----w- C:\Users\Jelani\AppData\Local\{FD564BC6-54CC-4C71-9118-7E6E21320D91}
2011-10-06 08:24:09 -------- d-----w- C:\Users\Jelani\AppData\Local\{49C2FB42-5E02-48C1-8674-0B42FF16419B}
2011-10-06 08:24:00 -------- d-----w- C:\Users\Jelani\AppData\Local\{28F9601E-8F33-4BFC-B004-612CF18C8CCF}
2011-10-06 08:23:39 -------- d-----w- C:\Users\Jelani\AppData\Local\{7EB1282D-702C-4C0C-A5A8-963EA9B4872E}
2011-10-05 20:23:25 -------- d-----w- C:\Users\Jelani\AppData\Local\{47531F04-DBD2-4144-A14E-7D704DB228C8}
2011-10-05 20:23:14 -------- d-----w- C:\Users\Jelani\AppData\Local\{AEF80BA1-090F-4BC8-BBBF-9B678D977AFE}
2011-10-05 20:23:04 -------- d-----w- C:\Users\Jelani\AppData\Local\{D61EC41F-318E-4AE6-B839-DA25F5C622D8}
2011-10-05 08:22:39 -------- d-----w- C:\Users\Jelani\AppData\Local\{9256DD7A-3605-4BA8-AE78-1BDFF51EF236}
2011-10-05 08:22:28 -------- d-----w- C:\Users\Jelani\AppData\Local\{64E25415-BEFA-46DD-86F8-91D544D93788}
2011-10-05 08:21:56 -------- d-----w- C:\Users\Jelani\AppData\Local\{658DBAC7-2835-45B3-95CB-D30839F0161D}
2011-10-04 20:21:42 -------- d-----w- C:\Users\Jelani\AppData\Local\{B1EE12B0-CC42-4953-9162-EE1AF6FDE14C}
2011-10-04 20:21:31 -------- d-----w- C:\Users\Jelani\AppData\Local\{F1B75498-4836-4749-BAF6-60A08EB29CB1}
2011-10-04 20:21:20 -------- d-----w- C:\Users\Jelani\AppData\Local\{9DF82B48-C392-4C42-B6F5-848713833108}
2011-10-04 08:20:45 -------- d-----w- C:\Users\Jelani\AppData\Local\{9736CDD5-B538-44C8-A490-32AAD3422D69}
2011-10-04 08:20:34 -------- d-----w- C:\Users\Jelani\AppData\Local\{F2F43391-DC77-47F3-B1B2-1CACDBBEF78A}
2011-10-04 08:20:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{0976DAA8-581D-480D-97C2-588F8B69CFCC}
2011-10-03 20:19:46 -------- d-----w- C:\Users\Jelani\AppData\Local\{898CC8AC-B0C7-45A8-9665-061AD6D0AC7F}
2011-10-03 20:19:34 -------- d-----w- C:\Users\Jelani\AppData\Local\{5A7AD8E2-8DA9-49F8-B7D5-DCEE93AF07AE}
2011-10-03 20:19:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{C8A5773B-6B41-44E3-8A67-678C9A5197DF}
2011-10-03 08:18:45 -------- d-----w- C:\Users\Jelani\AppData\Local\{99F89B5E-7DC3-456E-8E76-2CC114113DCC}
2011-10-03 08:18:34 -------- d-----w- C:\Users\Jelani\AppData\Local\{F20587A3-F4D1-47AF-B8EF-FFAE9FFCE29A}
2011-10-03 08:18:23 -------- d-----w- C:\Users\Jelani\AppData\Local\{424E1739-5391-4794-99A9-6D570D24FE06}
2011-10-02 20:17:47 -------- d-----w- C:\Users\Jelani\AppData\Local\{F8C03D2A-BE07-4B3D-AE20-A71ED73DFA3B}
2011-10-02 20:17:36 -------- d-----w- C:\Users\Jelani\AppData\Local\{72D81E87-CD40-4DBB-81CF-F7BEFEE90607}
2011-10-02 20:17:25 -------- d-----w- C:\Users\Jelani\AppData\Local\{154FF578-7770-45CC-BB71-5A9244AC2FA8}
2011-10-02 08:16:49 -------- d-----w- C:\Users\Jelani\AppData\Local\{D2DD8E6B-B419-424C-8110-85A29418D974}
2011-10-02 08:16:38 -------- d-----w- C:\Users\Jelani\AppData\Local\{7B6B89E8-B12B-478C-BE79-9BC3ABC4383D}
2011-10-02 08:16:06 -------- d-----w- C:\Users\Jelani\AppData\Local\{E511FA0B-68FF-4BCB-A9C1-1C8AD47FA148}
.
==================== Find3M ====================
.
2011-11-01 07:46:26 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-10-31 21:27:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-04 16:45:19 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 4:03:29.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:47 AM

Posted 05 November 2011 - 07:06 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 mariodr

mariodr
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 05 November 2011 - 07:08 AM

Hi m0le, thanks for taking the time to look into this, I look foward to your help

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:47 AM

Posted 05 November 2011 - 07:09 AM

Please post the aswMBR log for me, mariodr
Posted Image
m0le is a proud member of UNITE

#5 mariodr

mariodr
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 05 November 2011 - 07:20 AM

when i ran aswMBR last time, the screen went blank before the scan completed and i had to hard restart. since then i've disabled the iexplore.exe process by renaming the file to "_iexplore.exe" as I noticed that certain programs would fail once that exe started up. I'm running aswMBR again now, hopefully this time it wont be interrupted.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:47 AM

Posted 05 November 2011 - 07:29 AM

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 mariodr

mariodr
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 05 November 2011 - 01:59 PM

Ok, so aswMBR is taking forever to run and it keeps hanging on random files. Here's the log as of right now. It has yet to finish with the users folder and go onto the program data folder


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 08:16:11
-----------------------------
08:16:11.551 OS Version: Windows x64 6.1.7601 Service Pack 1
08:16:11.552 Number of processors: 2 586 0x1706
08:16:11.555 ComputerName: HUNGRYCHICKEN UserName: Jelani
08:16:20.161 Initialize success
08:18:32.837 AVAST engine defs: 11110502
08:20:01.579 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:20:01.585 Disk 0 Vendor: HITACHI_ DCDZ Size: 152627MB BusType: 3
08:20:01.601 Disk 0 MBR read successfully
08:20:01.608 Disk 0 MBR scan
08:20:01.622 Disk 0 Windows 7 default MBR code
08:20:01.631 Service scanning
08:20:11.701 Modules scanning
08:20:11.711 Disk 0 trace - called modules:
08:20:11.741 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8008ccc334]<<
08:20:11.752 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ca16f0]
08:20:11.762 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8007c8ce40]
08:20:11.772 5 ACPI.sys[fffff88000f377a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007c91050]
08:20:11.785 \Driver\iaStor[0xfffffa8007c849f0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8008ccc334
08:20:14.312 AVAST engine scan C:\Windows
08:20:18.680 AVAST engine scan C:\Windows\system32
08:20:48.974 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
08:25:14.927 AVAST engine scan C:\Windows\system32\drivers
08:25:52.812 AVAST engine scan C:\Users\Jelani
10:34:32.895 File: C:\Users\Jelani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5e8b40e2-22b8fa72 **INFECTED** Win32:Alureon-AJA [Trj]
14:39:08.604 Disk 0 MBR has been saved successfully to "C:\Users\Jelani\Desktop\MBR.dat"
14:39:08.610 The log file has been saved successfully to "C:\Users\Jelani\Desktop\aswMBR.txt"

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:47 AM

Posted 05 November 2011 - 05:08 PM

That's enough information for me. Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 mariodr

mariodr
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 06 November 2011 - 03:53 AM

Ok, here's the log:


ComboFix 11-11-05.03 - Jelani 11/05/2011 19:51:50.6.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8088.4365 [GMT -4:00]
Running from: c:\users\Jelani\Desktop\comfix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Spybot - Search & Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
G:\Autorun.inf
G:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 00:55 . 2011-11-06 00:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-06 00:55 . 2011-11-06 00:55 -------- d-----w- c:\users\Mcx1-HUNGRYCHICKEN\AppData\Local\temp
2011-11-06 00:55 . 2011-11-06 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 06:11 . 2011-11-05 23:39 -------- d-----w- C:\ComboFix
2011-10-13 09:41 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 09:41 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 09:41 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 09:41 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 09:41 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 09:40 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 09:40 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 09:40 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 09:40 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-10 15:09 . 2011-10-10 15:09 4550304 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-06 01:06 . 2011-07-05 23:08 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-10-31 21:27 . 2011-06-11 17:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-04 16:45 . 2011-08-24 20:53 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-31 21:00 . 2011-08-24 20:45 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 18:02 . 2011-08-16 18:02 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-30 399736]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"RssReader"="c:\program files (x86)\RssReader\RssReader.exe" [2004-04-04 1077248]
"MusicManager"="c:\users\Jelani\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-14 115560]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-12 1128296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-26 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\users\Jelani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files (x86)\GetRight\GetRight.exe [2010-5-23 4628752]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2010-11-4 473616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-12 164200]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
R3 Red5;Red5;c:\program files (x86)\Red5\wrapper.exe [2009-11-22 233984]
R3 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-08-04 130976]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-08-04 1082800]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-08-04 1149864]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-08-04 169624]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 566768]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-03-10 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-03-10 74088]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-10 136824]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182877453-1055725299-3332764003-1001Core.job
- c:\users\Jelani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 20:48]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182877453-1055725299-3332764003-1001UA.job
- c:\users\Jelani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 20:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-03-10 62312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 365592]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files (x86)\GetRight\GRbrowse.htm
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: dapreview.net\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://50.22.132.160:4643/vz/ssh/wodTelnetDLX.cab
FF - ProfilePath - c:\users\Jelani\AppData\Roaming\Mozilla\Firefox\Profiles\vc7xa072.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]
@Class="Shell"
"a"="mpc-hc64.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D791AAA9-6E59-B0DD-78EE-F1D891A360BA}*]
"nacfpldeembnkffafecldenbabfd"=hex:6a,61,6e,6b,65,67,6c,64,68,70,61,61,69,68,
6e,6a,6a,6e,6e,63,00,6f
"oaaenpaappabconfnmhagjjebeopme"=hex:6a,61,68,69,61,67,70,66,6e,69,65,70,63,6b,
68,69,6d,64,66,63,00,6f
"gbihkpgnhhgfaoijonjdpmnmjmdoimmenhidkecjpjhlnj"=hex:64,61,68,68,68,70,62,6c,
00,e9
"bbkfacejekdkdlcejmpapbaboajmcdpdbmao"=hex:68,62,61,65,6a,6e,6e,6f,6d,6b,69,67,
61,6e,63,69,65,6a,66,6d,6c,69,68,62,61,66,62,6c,67,69,6a,62,6e,6a,65,6d,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:37,90,d6,e4,1b,b6,c1,c2,e5,41,a6,56,16,bf,6a,9c,d0,aa,03,d2,a4,
b3,6d,7f,f6,f4,f6,d8,c1,ff,ab,18,40,e1,6f,df,6f,e4,c1,c8,d4,8a,58,cf,2b,f6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:37,90,d6,e4,1b,b6,c1,c2,e5,41,a6,56,16,bf,6a,9c,d0,aa,03,d2,a4,
b3,6d,7f,f6,f4,f6,d8,c1,ff,ab,18,40,e1,6f,df,6f,e4,c1,c8,d4,8a,58,cf,2b,f6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-05 21:28:46
ComboFix-quarantined-files.txt 2011-11-06 01:28
ComboFix2.txt 2011-11-01 05:57
.
Pre-Run: 1,901,674,496 bytes free
Post-Run: 1,777,373,184 bytes free
.
- - End Of File - - 103C8E16D54106B44CD5030CA28AB71C

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:47 AM

Posted 06 November 2011 - 12:50 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegLockDel::
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D791AAA9-6E59-B0DD-78EE-F1D891A360BA}*]

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please also run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#11 mariodr

mariodr
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 06 November 2011 - 03:19 PM

Ok, I ran them both, here are the logs:


ComboFix 11-11-06.02 - Jelani 11/06/2011 13:27:59.7.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8088.4371 [GMT -5:00]
Running from: c:\users\Jelani\Desktop\comfix.exe
Command switches used :: c:\users\Jelani\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Spybot - Search & Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))
.
.
2011-11-06 19:30 . 2011-11-06 19:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-06 19:30 . 2011-11-06 19:30 -------- d-----w- c:\users\Mcx1-HUNGRYCHICKEN\AppData\Local\temp
2011-11-06 19:30 . 2011-11-06 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-05 23:39 . 2011-11-06 01:29 -------- d-----w- C:\comfix
2011-11-01 06:11 . 2011-11-05 23:39 -------- d-----w- C:\ComboFix
2011-10-13 09:41 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 09:41 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 09:41 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 09:41 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 09:41 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 09:40 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 09:40 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 09:40 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 09:40 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-10 15:09 . 2011-10-10 15:09 4550304 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-06 19:26 . 2011-07-05 23:08 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-10-31 21:27 . 2011-06-11 17:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-04 16:45 . 2011-08-24 20:53 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-31 21:00 . 2011-08-24 20:45 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 18:02 . 2011-08-16 18:02 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-06_01.00.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-09-04 23:12 . 2011-11-06 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-04 23:12 . 2011-11-06 19:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2011-11-06 19:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-06 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-06 19:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-06 00:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-06 19:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-06 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-30 399736]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"RssReader"="c:\program files (x86)\RssReader\RssReader.exe" [2004-04-04 1077248]
"MusicManager"="c:\users\Jelani\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-14 115560]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-12 1128296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-26 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\users\Jelani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files (x86)\GetRight\GetRight.exe [2010-5-23 4628752]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2010-11-4 473616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-12 164200]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
R3 Red5;Red5;c:\program files (x86)\Red5\wrapper.exe [2009-11-22 233984]
R3 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-08-04 130976]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-08-04 1082800]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-08-04 1149864]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-08-04 169624]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 566768]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-03-10 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-03-10 74088]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-10 136824]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182877453-1055725299-3332764003-1001Core.job
- c:\users\Jelani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 20:48]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182877453-1055725299-3332764003-1001UA.job
- c:\users\Jelani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 20:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-03-10 62312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 365592]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files (x86)\GetRight\GRbrowse.htm
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: dapreview.net\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://50.22.132.160:4643/vz/ssh/wodTelnetDLX.cab
FF - ProfilePath - c:\users\Jelani\AppData\Roaming\Mozilla\Firefox\Profiles\vc7xa072.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]
@Class="Shell"
"a"="mpc-hc64.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D791AAA9-6E59-B0DD-78EE-F1D891A360BA}*]
"nacfpldeembnkffafecldenbabfd"=hex:6a,61,6e,6b,65,67,6c,64,68,70,61,61,69,68,
6e,6a,6a,6e,6e,63,00,6f
"oaaenpaappabconfnmhagjjebeopme"=hex:6a,61,68,69,61,67,70,66,6e,69,65,70,63,6b,
68,69,6d,64,66,63,00,6f
"gbihkpgnhhgfaoijonjdpmnmjmdoimmenhidkecjpjhlnj"=hex:64,61,68,68,68,70,62,6c,
00,e9
"bbkfacejekdkdlcejmpapbaboajmcdpdbmao"=hex:68,62,61,65,6a,6e,6e,6f,6d,6b,69,67,
61,6e,63,69,65,6a,66,6d,6c,69,68,62,61,66,62,6c,67,69,6a,62,6e,6a,65,6d,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:37,90,d6,e4,1b,b6,c1,c2,e5,41,a6,56,16,bf,6a,9c,d0,aa,03,d2,a4,
b3,6d,7f,f6,f4,f6,d8,c1,ff,ab,18,40,e1,6f,df,6f,e4,c1,c8,d4,8a,58,cf,2b,f6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:37,90,d6,e4,1b,b6,c1,c2,e5,41,a6,56,16,bf,6a,9c,d0,aa,03,d2,a4,
b3,6d,7f,f6,f4,f6,d8,c1,ff,ab,18,40,e1,6f,df,6f,e4,c1,c8,d4,8a,58,cf,2b,f6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-06 15:02:01
ComboFix-quarantined-files.txt 2011-11-06 20:01
ComboFix2.txt 2011-11-06 01:29
ComboFix3.txt 2011-11-01 05:57
.
Pre-Run: 1,488,949,248 bytes free
Post-Run: 1,182,822,400 bytes free
.
- - End Of File - - 7E4258F78FE109BC76A2E570E9E8A92A








15:12:24.0736 0472 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
15:12:25.0061 0472 ============================================================
15:12:25.0061 0472 Current date / time: 2011/11/06 15:12:25.0061
15:12:25.0061 0472 SystemInfo:
15:12:25.0061 0472
15:12:25.0061 0472 OS Version: 6.1.7601 ServicePack: 1.0
15:12:25.0061 0472 Product type: Workstation
15:12:25.0062 0472 ComputerName: HUNGRYCHICKEN
15:12:25.0062 0472 UserName: Jelani
15:12:25.0062 0472 Windows directory: C:\Windows
15:12:25.0062 0472 System windows directory: C:\Windows
15:12:25.0062 0472 Running under WOW64
15:12:25.0062 0472 Processor architecture: Intel x64
15:12:25.0062 0472 Number of processors: 2
15:12:25.0062 0472 Page size: 0x1000
15:12:25.0062 0472 Boot type: Normal boot
15:12:25.0062 0472 ============================================================
15:12:34.0502 0472 Initialize success
15:12:42.0438 6520 ============================================================
15:12:42.0438 6520 Scan started
15:12:42.0438 6520 Mode: Manual;
15:12:42.0438 6520 ============================================================
15:12:44.0053 6520 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:12:44.0057 6520 1394ohci - ok
15:12:44.0143 6520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:12:44.0148 6520 ACPI - ok
15:12:44.0180 6520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:12:44.0181 6520 AcpiPmi - ok
15:12:44.0288 6520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:12:44.0295 6520 adp94xx - ok
15:12:44.0358 6520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:12:44.0363 6520 adpahci - ok
15:12:44.0408 6520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:12:44.0411 6520 adpu320 - ok
15:12:44.0453 6520 Afc - ok
15:12:44.0604 6520 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:12:44.0612 6520 AFD - ok
15:12:44.0711 6520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:12:44.0712 6520 agp440 - ok
15:12:44.0766 6520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:12:44.0767 6520 aliide - ok
15:12:44.0821 6520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:12:44.0822 6520 amdide - ok
15:12:44.0888 6520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:12:44.0890 6520 AmdK8 - ok
15:12:45.0125 6520 amdkmdag (54f05fccd1a6de22f21992fe5f7a7b40) C:\Windows\system32\DRIVERS\atipmdag.sys
15:12:45.0207 6520 amdkmdag - ok
15:12:45.0445 6520 amdkmdap (3fff0d6e7603601e62c5ad992b5e5912) C:\Windows\system32\DRIVERS\atikmpag.sys
15:12:45.0448 6520 amdkmdap - ok
15:12:45.0495 6520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:12:45.0497 6520 AmdPPM - ok
15:12:45.0550 6520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:12:45.0552 6520 amdsata - ok
15:12:45.0601 6520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:12:45.0605 6520 amdsbs - ok
15:12:45.0639 6520 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:12:45.0640 6520 amdxata - ok
15:12:45.0701 6520 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
15:12:45.0702 6520 androidusb - ok
15:12:45.0772 6520 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:12:45.0773 6520 AppID - ok
15:12:45.0938 6520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:12:45.0940 6520 arc - ok
15:12:45.0991 6520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:12:45.0993 6520 arcsas - ok
15:12:46.0045 6520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:12:46.0046 6520 AsyncMac - ok
15:12:46.0107 6520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:12:46.0108 6520 atapi - ok
15:12:46.0363 6520 atikmdag (54f05fccd1a6de22f21992fe5f7a7b40) C:\Windows\system32\DRIVERS\atikmdag.sys
15:12:46.0446 6520 atikmdag - ok
15:12:46.0627 6520 ATSwpWDF (ea512f43f4a28d18b52cafe8c93984fb) C:\Windows\system32\Drivers\ATSwpWDF.sys
15:12:46.0638 6520 ATSwpWDF - ok
15:12:46.0745 6520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:12:46.0751 6520 b06bdrv - ok
15:12:46.0791 6520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:12:46.0795 6520 b57nd60a - ok
15:12:46.0837 6520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:12:46.0838 6520 Beep - ok
15:12:46.0959 6520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:12:46.0960 6520 blbdrive - ok
15:12:47.0014 6520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:12:47.0016 6520 bowser - ok
15:12:47.0055 6520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:12:47.0056 6520 BrFiltLo - ok
15:12:47.0080 6520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:12:47.0080 6520 BrFiltUp - ok
15:12:47.0122 6520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:12:47.0127 6520 Brserid - ok
15:12:47.0159 6520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:12:47.0160 6520 BrSerWdm - ok
15:12:47.0196 6520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:12:47.0197 6520 BrUsbMdm - ok
15:12:47.0236 6520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:12:47.0238 6520 BrUsbSer - ok
15:12:47.0312 6520 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:12:47.0313 6520 BthEnum - ok
15:12:47.0345 6520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:12:47.0346 6520 BTHMODEM - ok
15:12:47.0490 6520 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:12:47.0493 6520 BthPan - ok
15:12:47.0584 6520 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:12:47.0591 6520 BTHPORT - ok
15:12:47.0658 6520 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:12:47.0660 6520 BTHUSB - ok
15:12:47.0703 6520 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
15:12:47.0704 6520 btusbflt - ok
15:12:47.0835 6520 catchme - ok
15:12:48.0005 6520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:12:48.0007 6520 cdfs - ok
15:12:48.0076 6520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:12:48.0079 6520 cdrom - ok
15:12:48.0129 6520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:12:48.0130 6520 circlass - ok
15:12:48.0185 6520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:12:48.0191 6520 CLFS - ok
15:12:48.0251 6520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:12:48.0252 6520 CmBatt - ok
15:12:48.0278 6520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:12:48.0279 6520 cmdide - ok
15:12:48.0333 6520 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:12:48.0340 6520 CNG - ok
15:12:48.0489 6520 CnxtHdAudService (d3c4f72e8f8dc523b02a0c313ceeea99) C:\Windows\system32\drivers\CHDRT64.sys
15:12:48.0498 6520 CnxtHdAudService - ok
15:12:48.0571 6520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:12:48.0573 6520 Compbatt - ok
15:12:48.0631 6520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:12:48.0633 6520 CompositeBus - ok
15:12:48.0729 6520 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
15:12:48.0730 6520 cpuz133 - ok
15:12:48.0850 6520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:12:48.0851 6520 crcdisk - ok
15:12:48.0963 6520 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:12:48.0971 6520 CSC - ok
15:12:49.0058 6520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:12:49.0061 6520 DfsC - ok
15:12:49.0119 6520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:12:49.0121 6520 discache - ok
15:12:49.0158 6520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:12:49.0160 6520 Disk - ok
15:12:49.0324 6520 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:12:49.0327 6520 Dot4 - ok
15:12:49.0376 6520 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
15:12:49.0377 6520 Dot4Print - ok
15:12:49.0425 6520 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:12:49.0427 6520 dot4usb - ok
15:12:49.0477 6520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:12:49.0478 6520 drmkaud - ok
15:12:49.0550 6520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:12:49.0564 6520 DXGKrnl - ok
15:12:49.0705 6520 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys
15:12:49.0706 6520 DzHDD64 - ok
15:12:49.0784 6520 e1yexpress (d608110adb132e683360fca0f6b2bb53) C:\Windows\system32\DRIVERS\e1y60x64.sys
15:12:49.0789 6520 e1yexpress - ok
15:12:49.0954 6520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:12:49.0999 6520 ebdrv - ok
15:12:50.0173 6520 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:12:50.0180 6520 eeCtrl - ok
15:12:50.0340 6520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:12:50.0348 6520 elxstor - ok
15:12:50.0431 6520 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:12:50.0433 6520 EraserUtilRebootDrv - ok
15:12:50.0475 6520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:12:50.0476 6520 ErrDev - ok
15:12:50.0535 6520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:12:50.0538 6520 exfat - ok
15:12:50.0580 6520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:12:50.0583 6520 fastfat - ok
15:12:50.0733 6520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:12:50.0734 6520 fdc - ok
15:12:50.0796 6520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:12:50.0798 6520 FileInfo - ok
15:12:50.0821 6520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:12:50.0822 6520 Filetrace - ok
15:12:50.0866 6520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:12:50.0867 6520 flpydisk - ok
15:12:50.0917 6520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:12:50.0921 6520 FltMgr - ok
15:12:50.0958 6520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:12:50.0960 6520 FsDepends - ok
15:12:50.0979 6520 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:12:50.0980 6520 Fs_Rec - ok
15:12:51.0034 6520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:12:51.0037 6520 fvevol - ok
15:12:51.0063 6520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:12:51.0065 6520 gagp30kx - ok
15:12:51.0098 6520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:12:51.0099 6520 hcw85cir - ok
15:12:51.0267 6520 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:12:51.0272 6520 HdAudAddService - ok
15:12:51.0314 6520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:12:51.0316 6520 HDAudBus - ok
15:12:51.0368 6520 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys
15:12:51.0369 6520 HECIx64 - ok
15:12:51.0418 6520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:12:51.0420 6520 HidBatt - ok
15:12:51.0455 6520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:12:51.0457 6520 HidBth - ok
15:12:51.0486 6520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:12:51.0487 6520 HidIr - ok
15:12:51.0532 6520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:12:51.0533 6520 HidUsb - ok
15:12:51.0703 6520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:12:51.0705 6520 HpSAMD - ok
15:12:51.0788 6520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:12:51.0799 6520 HTTP - ok
15:12:51.0843 6520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:12:51.0844 6520 hwpolicy - ok
15:12:51.0894 6520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:12:51.0897 6520 i8042prt - ok
15:12:51.0953 6520 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
15:12:51.0959 6520 iaStor - ok
15:12:52.0109 6520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:12:52.0115 6520 iaStorV - ok
15:12:52.0155 6520 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:12:52.0156 6520 IBMPMDRV - ok
15:12:52.0463 6520 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:12:52.0564 6520 igfx - ok
15:12:52.0707 6520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:12:52.0709 6520 iirsp - ok
15:12:52.0749 6520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:12:52.0750 6520 intelide - ok
15:12:53.0028 6520 intelkmd (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdpmd64.sys
15:12:53.0130 6520 intelkmd - ok
15:12:53.0298 6520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:12:53.0300 6520 intelppm - ok
15:12:53.0360 6520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:12:53.0362 6520 IpFilterDriver - ok
15:12:53.0416 6520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:12:53.0418 6520 IPMIDRV - ok
15:12:53.0456 6520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:12:53.0458 6520 IPNAT - ok
15:12:53.0505 6520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:12:53.0506 6520 IRENUM - ok
15:12:53.0535 6520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:12:53.0536 6520 isapnp - ok
15:12:53.0582 6520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:12:53.0587 6520 iScsiPrt - ok
15:12:53.0632 6520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:12:53.0633 6520 kbdclass - ok
15:12:53.0763 6520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:12:53.0764 6520 kbdhid - ok
15:12:53.0811 6520 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:12:53.0814 6520 KSecDD - ok
15:12:53.0858 6520 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:12:53.0861 6520 KSecPkg - ok
15:12:53.0911 6520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:12:53.0912 6520 ksthunk - ok
15:12:53.0990 6520 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
15:12:53.0992 6520 lenovo.smi - ok
15:12:54.0041 6520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:12:54.0042 6520 lltdio - ok
15:12:54.0198 6520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:12:54.0201 6520 LSI_FC - ok
15:12:54.0232 6520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:12:54.0235 6520 LSI_SAS - ok
15:12:54.0268 6520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:12:54.0269 6520 LSI_SAS2 - ok
15:12:54.0303 6520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:12:54.0306 6520 LSI_SCSI - ok
15:12:54.0383 6520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:12:54.0385 6520 luafv - ok
15:12:54.0422 6520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:12:54.0423 6520 megasas - ok
15:12:54.0457 6520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:12:54.0462 6520 MegaSR - ok
15:12:54.0502 6520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:12:54.0503 6520 Modem - ok
15:12:54.0552 6520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:12:54.0553 6520 monitor - ok
15:12:54.0688 6520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:12:54.0689 6520 mouclass - ok
15:12:54.0735 6520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:12:54.0737 6520 mouhid - ok
15:12:54.0780 6520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:12:54.0783 6520 mountmgr - ok
15:12:54.0832 6520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:12:54.0835 6520 mpio - ok
15:12:54.0888 6520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:12:54.0890 6520 mpsdrv - ok
15:12:54.0939 6520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:12:54.0942 6520 MRxDAV - ok
15:12:54.0992 6520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:12:54.0995 6520 mrxsmb - ok
15:12:55.0044 6520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:12:55.0049 6520 mrxsmb10 - ok
15:12:55.0161 6520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:12:55.0163 6520 mrxsmb20 - ok
15:12:55.0183 6520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:12:55.0184 6520 msahci - ok
15:12:55.0223 6520 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:12:55.0225 6520 msdsm - ok
15:12:55.0274 6520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:12:55.0275 6520 Msfs - ok
15:12:55.0296 6520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:12:55.0297 6520 mshidkmdf - ok
15:12:55.0346 6520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:12:55.0347 6520 msisadrv - ok
15:12:55.0421 6520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:12:55.0422 6520 MSKSSRV - ok
15:12:55.0446 6520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:12:55.0447 6520 MSPCLOCK - ok
15:12:55.0472 6520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:12:55.0473 6520 MSPQM - ok
15:12:55.0523 6520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:12:55.0528 6520 MsRPC - ok
15:12:55.0636 6520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:12:55.0637 6520 mssmbios - ok
15:12:55.0663 6520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:12:55.0664 6520 MSTEE - ok
15:12:55.0690 6520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:12:55.0692 6520 MTConfig - ok
15:12:55.0735 6520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:12:55.0737 6520 Mup - ok
15:12:55.0795 6520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:12:55.0800 6520 NativeWifiP - ok
15:12:55.0993 6520 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111104.036\ENG64.SYS
15:12:55.0996 6520 NAVENG - ok
15:12:56.0093 6520 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111104.036\EX64.SYS
15:12:56.0122 6520 NAVEX15 - ok
15:12:56.0298 6520 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:12:56.0311 6520 NDIS - ok
15:12:56.0370 6520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:12:56.0372 6520 NdisCap - ok
15:12:56.0408 6520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:12:56.0409 6520 NdisTapi - ok
15:12:56.0451 6520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:12:56.0453 6520 Ndisuio - ok
15:12:56.0503 6520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:12:56.0506 6520 NdisWan - ok
15:12:56.0638 6520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:12:56.0640 6520 NDProxy - ok
15:12:56.0674 6520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:12:56.0676 6520 NetBIOS - ok
15:12:56.0735 6520 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:12:56.0740 6520 NetBT - ok
15:12:57.0073 6520 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:12:57.0168 6520 NETw5s64 - ok
15:12:57.0483 6520 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:12:57.0558 6520 netw5v64 - ok
15:12:57.0703 6520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:12:57.0705 6520 nfrd960 - ok
15:12:57.0781 6520 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
15:12:57.0782 6520 NPF - ok
15:12:57.0813 6520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:12:57.0815 6520 Npfs - ok
15:12:57.0851 6520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:12:57.0852 6520 nsiproxy - ok
15:12:57.0960 6520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:12:57.0983 6520 Ntfs - ok
15:12:58.0111 6520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:12:58.0112 6520 Null - ok
15:12:58.0162 6520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:12:58.0165 6520 nvraid - ok
15:12:58.0216 6520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:12:58.0219 6520 nvstor - ok
15:12:58.0265 6520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:12:58.0268 6520 nv_agp - ok
15:12:58.0333 6520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:12:58.0335 6520 ohci1394 - ok
15:12:58.0406 6520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:12:58.0408 6520 Parport - ok
15:12:58.0446 6520 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:12:58.0448 6520 partmgr - ok
15:12:58.0573 6520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:12:58.0577 6520 pci - ok
15:12:58.0604 6520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:12:58.0605 6520 pciide - ok
15:12:58.0660 6520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:12:58.0663 6520 pcmcia - ok
15:12:58.0695 6520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:12:58.0696 6520 pcw - ok
15:12:58.0744 6520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:12:58.0754 6520 PEAUTH - ok
15:12:59.0000 6520 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
15:12:59.0001 6520 pneteth - ok
15:12:59.0082 6520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:12:59.0084 6520 PptpMiniport - ok
15:12:59.0140 6520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:12:59.0142 6520 Processor - ok
15:12:59.0204 6520 psadd (4a768fb063a38b0a78ad97617d3a04f5) C:\Windows\system32\DRIVERS\psadd.sys
15:12:59.0206 6520 psadd - ok
15:12:59.0259 6520 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:12:59.0262 6520 Psched - ok
15:12:59.0323 6520 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:12:59.0325 6520 PxHlpa64 - ok
15:12:59.0399 6520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:12:59.0420 6520 ql2300 - ok
15:12:59.0556 6520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:12:59.0559 6520 ql40xx - ok
15:12:59.0597 6520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:12:59.0599 6520 QWAVEdrv - ok
15:12:59.0650 6520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:12:59.0652 6520 RasAcd - ok
15:12:59.0713 6520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:12:59.0715 6520 RasAgileVpn - ok
15:12:59.0762 6520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:12:59.0765 6520 Rasl2tp - ok
15:12:59.0806 6520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:12:59.0808 6520 RasPppoe - ok
15:12:59.0832 6520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:12:59.0834 6520 RasSstp - ok
15:12:59.0880 6520 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:12:59.0885 6520 rdbss - ok
15:12:59.0913 6520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:12:59.0915 6520 rdpbus - ok
15:13:00.0048 6520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:13:00.0049 6520 RDPCDD - ok
15:13:00.0100 6520 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:13:00.0104 6520 RDPDR - ok
15:13:00.0145 6520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:13:00.0146 6520 RDPENCDD - ok
15:13:00.0174 6520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:13:00.0175 6520 RDPREFMP - ok
15:13:00.0222 6520 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:13:00.0225 6520 RDPWD - ok
15:13:00.0279 6520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:13:00.0282 6520 rdyboost - ok
15:13:00.0480 6520 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:13:00.0483 6520 RFCOMM - ok
15:13:00.0572 6520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:13:00.0574 6520 rspndr - ok
15:13:00.0625 6520 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:13:00.0626 6520 s3cap - ok
15:13:00.0672 6520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:13:00.0675 6520 sbp2port - ok
15:13:00.0748 6520 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
15:13:00.0751 6520 SCDEmu - ok
15:13:00.0793 6520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:13:00.0795 6520 scfilter - ok
15:13:01.0006 6520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:13:01.0007 6520 secdrv - ok
15:13:01.0076 6520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:13:01.0078 6520 Serenum - ok
15:13:01.0108 6520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:13:01.0110 6520 Serial - ok
15:13:01.0153 6520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:13:01.0155 6520 sermouse - ok
15:13:01.0218 6520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:13:01.0220 6520 sffdisk - ok
15:13:01.0247 6520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:13:01.0249 6520 sffp_mmc - ok
15:13:01.0277 6520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:13:01.0278 6520 sffp_sd - ok
15:13:01.0301 6520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:13:01.0302 6520 sfloppy - ok
15:13:01.0341 6520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:13:01.0342 6520 SiSRaid2 - ok
15:13:01.0371 6520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:13:01.0373 6520 SiSRaid4 - ok
15:13:01.0508 6520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:13:01.0510 6520 Smb - ok
15:13:01.0744 6520 SNP2UVC (3bcd7556f3222221c31b1577b5527ed7) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:13:01.0793 6520 SNP2UVC - ok
15:13:01.0935 6520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:13:01.0936 6520 spldr - ok
15:13:02.0046 6520 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
15:13:02.0057 6520 sptd - ok
15:13:02.0119 6520 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
15:13:02.0126 6520 SRTSP - ok
15:13:02.0165 6520 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
15:13:02.0172 6520 SRTSPL - ok
15:13:02.0202 6520 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
15:13:02.0203 6520 SRTSPX - ok
15:13:02.0347 6520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:13:02.0354 6520 srv - ok
15:13:02.0393 6520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:13:02.0399 6520 srv2 - ok
15:13:02.0465 6520 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:13:02.0470 6520 SrvHsfHDA - ok
15:13:02.0552 6520 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:13:02.0573 6520 SrvHsfV92 - ok
15:13:02.0699 6520 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:13:02.0710 6520 SrvHsfWinac - ok
15:13:02.0759 6520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:13:02.0762 6520 srvnet - ok
15:13:02.0837 6520 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
15:13:02.0840 6520 ssadbus - ok
15:13:02.0919 6520 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:13:02.0921 6520 ssadmdfl - ok
15:13:02.0974 6520 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:13:02.0978 6520 ssadmdm - ok
15:13:03.0135 6520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:13:03.0136 6520 stexstor - ok
15:13:03.0185 6520 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:13:03.0187 6520 storflt - ok
15:13:03.0229 6520 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:13:03.0230 6520 storvsc - ok
15:13:03.0292 6520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:13:03.0293 6520 swenum - ok
15:13:03.0401 6520 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:13:03.0404 6520 SymEvent - ok
15:13:03.0561 6520 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
15:13:03.0566 6520 SynTP - ok
15:13:03.0707 6520 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
15:13:03.0734 6520 Tcpip - ok
15:13:03.0909 6520 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
15:13:03.0936 6520 TCPIP6 - ok
15:13:03.0995 6520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:13:03.0996 6520 tcpipreg - ok
15:13:04.0046 6520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:13:04.0047 6520 TDPIPE - ok
15:13:04.0072 6520 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:13:04.0073 6520 TDTCP - ok
15:13:04.0124 6520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:13:04.0127 6520 tdx - ok
15:13:04.0175 6520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:13:04.0177 6520 TermDD - ok
15:13:04.0290 6520 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:13:04.0292 6520 TPM - ok
15:13:04.0418 6520 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
15:13:04.0420 6520 TPPWRIF - ok
15:13:04.0495 6520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:13:04.0496 6520 tssecsrv - ok
15:13:04.0562 6520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:13:04.0564 6520 TsUsbFlt - ok
15:13:04.0622 6520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:13:04.0625 6520 tunnel - ok
15:13:04.0682 6520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:13:04.0684 6520 uagp35 - ok
15:13:04.0736 6520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:13:04.0742 6520 udfs - ok
15:13:04.0882 6520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:13:04.0884 6520 uliagpkx - ok
15:13:04.0939 6520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:13:04.0941 6520 umbus - ok
15:13:04.0980 6520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:13:04.0981 6520 UmPass - ok
15:13:05.0059 6520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:13:05.0062 6520 usbccgp - ok
15:13:05.0096 6520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:13:05.0099 6520 usbcir - ok
15:13:05.0139 6520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:13:05.0140 6520 usbehci - ok
15:13:05.0203 6520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:13:05.0209 6520 usbhub - ok
15:13:05.0347 6520 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:13:05.0348 6520 usbohci - ok
15:13:05.0388 6520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:13:05.0390 6520 usbprint - ok
15:13:05.0440 6520 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:13:05.0442 6520 usbscan - ok
15:13:05.0494 6520 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
15:13:05.0495 6520 usbser - ok
15:13:05.0535 6520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:13:05.0537 6520 USBSTOR - ok
15:13:05.0555 6520 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:13:05.0556 6520 usbuhci - ok
15:13:05.0618 6520 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:13:05.0621 6520 usbvideo - ok
15:13:05.0678 6520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:13:05.0679 6520 vdrvroot - ok
15:13:05.0710 6520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:13:05.0712 6520 vga - ok
15:13:05.0845 6520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:13:05.0846 6520 VgaSave - ok
15:13:05.0878 6520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:13:05.0882 6520 vhdmp - ok
15:13:05.0913 6520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:13:05.0914 6520 viaide - ok
15:13:05.0950 6520 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:13:05.0954 6520 vmbus - ok
15:13:05.0979 6520 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:13:05.0981 6520 VMBusHID - ok
15:13:05.0999 6520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:13:06.0001 6520 volmgr - ok
15:13:06.0048 6520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:13:06.0054 6520 volmgrx - ok
15:13:06.0088 6520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:13:06.0093 6520 volsnap - ok
15:13:06.0130 6520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:13:06.0133 6520 vsmraid - ok
15:13:06.0167 6520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:13:06.0168 6520 vwifibus - ok
15:13:06.0191 6520 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:13:06.0193 6520 vwififlt - ok
15:13:06.0254 6520 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
15:13:06.0255 6520 wacmoumonitor - ok
15:13:06.0398 6520 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
15:13:06.0400 6520 wacommousefilter - ok
15:13:06.0452 6520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:13:06.0454 6520 WacomPen - ok
15:13:06.0523 6520 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
15:13:06.0524 6520 wacomvhid - ok
15:13:06.0591 6520 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:13:06.0593 6520 WANARP - ok
15:13:06.0602 6520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:13:06.0604 6520 Wanarpv6 - ok
15:13:06.0680 6520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:13:06.0682 6520 Wd - ok
15:13:06.0725 6520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:13:06.0735 6520 Wdf01000 - ok
15:13:06.0945 6520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:13:06.0946 6520 WfpLwf - ok
15:13:06.0976 6520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:13:06.0977 6520 WIMMount - ok
15:13:07.0078 6520 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:13:07.0080 6520 WinUsb - ok
15:13:07.0126 6520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:13:07.0127 6520 WmiAcpi - ok
15:13:07.0178 6520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:13:07.0179 6520 ws2ifsl - ok
15:13:07.0246 6520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:13:07.0248 6520 WudfPf - ok
15:13:07.0289 6520 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:13:07.0292 6520 WUDFRd - ok
15:13:07.0356 6520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:13:07.0372 6520 \Device\Harddisk0\DR0 - ok
15:13:07.0380 6520 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR20
15:13:08.0158 6520 \Device\Harddisk1\DR20 - ok
15:13:08.0166 6520 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR14
15:13:08.0180 6520 \Device\Harddisk3\DR14 - ok
15:13:08.0187 6520 Boot (0x1200) (520fc6f8ee60a828eb0c2101125e9dce) \Device\Harddisk0\DR0\Partition0
15:13:08.0190 6520 \Device\Harddisk0\DR0\Partition0 - ok
15:13:08.0214 6520 Boot (0x1200) (606184d7227aef304e2db88068f76169) \Device\Harddisk0\DR0\Partition1
15:13:08.0216 6520 \Device\Harddisk0\DR0\Partition1 - ok
15:13:08.0240 6520 Boot (0x1200) (abdb5c918cf9e1d2afe9df09a1c40744) \Device\Harddisk0\DR0\Partition2
15:13:08.0242 6520 \Device\Harddisk0\DR0\Partition2 - ok
15:13:08.0250 6520 Boot (0x1200) (bda284553ee7b2610e88c21a3df7a54d) \Device\Harddisk1\DR20\Partition0
15:13:08.0254 6520 \Device\Harddisk1\DR20\Partition0 - ok
15:13:08.0262 6520 Boot (0x1200) (75d45a3a12d93eeeb63737dd0f1c0a0c) \Device\Harddisk3\DR14\Partition0
15:13:08.0266 6520 \Device\Harddisk3\DR14\Partition0 - ok
15:13:08.0267 6520 ============================================================
15:13:08.0267 6520 Scan finished
15:13:08.0267 6520 ============================================================
15:13:08.0290 7936 Detected object count: 0
15:13:08.0291 7936 Actual detected object count: 0

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:47 AM

Posted 06 November 2011 - 07:33 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegNull:
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D791AAA9-6E59-B0DD-78EE-F1D891A360BA}*]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#13 mariodr

mariodr
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 07 November 2011 - 12:27 AM

Hm, when I ran combofix this time I noticed a message popping up saying "pev.3xe has stopped working", but combofix still finished.
here's the log:


ComboFix 11-11-06.02 - Jelani 11/06/2011 22:45:59.8.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8088.4327 [GMT -5:00]
Running from: c:\users\Jelani\Desktop\comfix.exe
Command switches used :: c:\users\Jelani\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Spybot - Search & Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 04:48 . 2011-11-07 04:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-07 04:48 . 2011-11-07 04:48 -------- d-----w- c:\users\Mcx1-HUNGRYCHICKEN\AppData\Local\temp
2011-11-07 04:48 . 2011-11-07 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-05 23:39 . 2011-11-06 01:29 -------- d-----w- C:\comfix
2011-11-01 06:11 . 2011-11-05 23:39 -------- d-----w- C:\ComboFix
2011-10-13 09:41 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 09:41 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 09:41 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 09:41 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 09:41 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 09:40 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 09:40 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 09:40 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 09:40 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-10 15:09 . 2011-10-10 15:09 4550304 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 04:46 . 2011-07-05 23:08 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-10-31 21:27 . 2011-06-11 17:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-04 16:45 . 2011-08-24 20:53 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-31 21:00 . 2011-08-24 20:45 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 18:02 . 2011-08-16 18:02 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-06_01.00.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-04 23:12 . 2011-11-07 04:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-09-04 23:12 . 2011-11-06 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-11-06 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-07 04:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-06 00:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-07 04:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-06 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-07 04:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-11-05 19:02 635850 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-06 21:31 635850 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-06 21:31 111392 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-05 19:02 111392 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-30 399736]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"RssReader"="c:\program files (x86)\RssReader\RssReader.exe" [2004-04-04 1077248]
"MusicManager"="c:\users\Jelani\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-14 115560]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-12 1128296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-26 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\users\Jelani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files (x86)\GetRight\GetRight.exe [2010-5-23 4628752]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2010-11-4 473616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-12 164200]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
R3 Red5;Red5;c:\program files (x86)\Red5\wrapper.exe [2009-11-22 233984]
R3 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-08-04 130976]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-08-04 1082800]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-08-04 1149864]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-08-04 169624]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 566768]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-03-10 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-03-10 74088]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-10 136824]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 23108072
*Deregistered* - 23108072
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182877453-1055725299-3332764003-1001Core.job
- c:\users\Jelani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 20:48]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-182877453-1055725299-3332764003-1001UA.job
- c:\users\Jelani\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 20:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-03-10 62312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 365592]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files (x86)\GetRight\GRbrowse.htm
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: dapreview.net\www
TCP: DhcpNameServer = 192.168.1.1
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://50.22.132.160:4643/vz/ssh/wodTelnetDLX.cab
FF - ProfilePath - c:\users\Jelani\AppData\Roaming\Mozilla\Firefox\Profiles\vc7xa072.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* m*k*v*\OpenWithList]
@Class="Shell"
"a"="mpc-hc64.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-182877453-1055725299-3332764003-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D791AAA9-6E59-B0DD-78EE-F1D891A360BA}*]
"nacfpldeembnkffafecldenbabfd"=hex:6a,61,6e,6b,65,67,6c,64,68,70,61,61,69,68,
6e,6a,6a,6e,6e,63,00,6f
"oaaenpaappabconfnmhagjjebeopme"=hex:6a,61,68,69,61,67,70,66,6e,69,65,70,63,6b,
68,69,6d,64,66,63,00,6f
"gbihkpgnhhgfaoijonjdpmnmjmdoimmenhidkecjpjhlnj"=hex:64,61,68,68,68,70,62,6c,
00,e9
"bbkfacejekdkdlcejmpapbaboajmcdpdbmao"=hex:68,62,61,65,6a,6e,6e,6f,6d,6b,69,67,
61,6e,63,69,65,6a,66,6d,6c,69,68,62,61,66,62,6c,67,69,6a,62,6e,6a,65,6d,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:37,90,d6,e4,1b,b6,c1,c2,e5,41,a6,56,16,bf,6a,9c,d0,aa,03,d2,a4,
b3,6d,7f,f6,f4,f6,d8,c1,ff,ab,18,40,e1,6f,df,6f,e4,c1,c8,d4,8a,58,cf,2b,f6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:37,90,d6,e4,1b,b6,c1,c2,e5,41,a6,56,16,bf,6a,9c,d0,aa,03,d2,a4,
b3,6d,7f,f6,f4,f6,d8,c1,ff,ab,18,40,e1,6f,df,6f,e4,c1,c8,d4,8a,58,cf,2b,f6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-07 00:20:25
ComboFix-quarantined-files.txt 2011-11-07 05:20
ComboFix2.txt 2011-11-06 20:02
ComboFix3.txt 2011-11-06 01:29
ComboFix4.txt 2011-11-01 05:57
.
Pre-Run: 1,032,757,248 bytes free
Post-Run: 960,106,496 bytes free
.
- - End Of File - - 5131595CD5DD2D5DF13D0A085AAA12B8

#14 mariodr

mariodr
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 07 November 2011 - 12:29 AM

Also, I just did a quick check - I dont seem to be getting redirected off search results anymore :)

#15 mariodr

mariodr
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 07 November 2011 - 03:04 AM

spoke too soon, still getting redirected :x




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users