Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware


  • This topic is locked This topic is locked
30 replies to this topic

#1 McZwick

McZwick

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 14 January 2012 - 11:37 AM

I'm reposting this from the "Am I infected..." forum. There is no question I am infected, and I've posted the various logs below in hopes of speeding things along. First, the know symptoms:

1. My Facebook account posted porn videos on friends' walls
2. Google Chrome occasionally redirects to a random website (NOT from the Google search screen, NOT after clicking on a link)
3. Audio ads will randomly play in Chrome (this may not be happening any longer)
4. All system restore points prior to Jan 9th have been deleted
5. Unable to open "My Computer" properties

I've used the following software:

Microsoft Security Essentials
Malwarebytes
Spybot Search and Destroy
Combofix (I realize now I shouldn't have used this one...)
Hitman Pro
TDSSKiller

I know that I shouldn't have used some of those programs, but I was pretty desperate at the time. This laptop contains my PhD dissertation research (everything is backed up), so I'm kinda freaked out...but I guess everyone is.

Thank you so much for your time and help.

HijackThis Log
------------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:54 AM, on 1/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Jacquie Lawson London Advent Calendar.lnk = C:\Program Files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11332 bytes

DDS Log:
----------


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zwick at 2:04:53 on 2012-01-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2483 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1}\2416973796465613 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1}\74562656E6D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1}\A5779636B6C656D2E4564777F627B6 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7148C178-8FD7-4ED0-AA3A-FD36AC66C22C} : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2012-1-13 48888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2010-12-20 86016]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-13 652872]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2012-1-13 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-1-13 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-1-13 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-1-13 169624]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\system32\DRIVERS\b44amd64.sys --> C:\Windows\system32\DRIVERS\b44amd64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-20 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-14 06:41:25 388096 ----a-r- C:\Users\Zwick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-14 06:41:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-14 05:46:14 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-01-14 05:45:23 -------- d-----w- C:\ProgramData\HitmanPro
2012-01-14 05:38:52 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-14 05:37:59 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C57DE766-AEF8-47C4-AE25-3D65D2D0570C}\offreg.dll
2012-01-14 04:59:23 -------- d-----w- C:\ComboFix
2012-01-14 01:54:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-01-14 01:54:16 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-01-14 01:54:11 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-01-13 20:53:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-13 20:53:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-13 20:22:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-13 19:30:48 -------- d-----w- C:\sh4ldr
2012-01-13 19:30:48 -------- d-----w- C:\Program Files\Enigma Software Group
2012-01-13 19:29:16 -------- d-----w- C:\Windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-13 17:44:42 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C57DE766-AEF8-47C4-AE25-3D65D2D0570C}\mpengine.dll
2012-01-13 14:49:38 98816 ----a-w- C:\Windows\sed.exe
2012-01-13 14:49:38 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-13 14:49:38 256000 ----a-w- C:\Windows\PEV.exe
2012-01-13 14:49:38 208896 ----a-w- C:\Windows\MBR.exe
2012-01-11 21:24:32 -------- d-----w- C:\Users\Zwick\AppData\Roaming\Malwarebytes
2012-01-11 21:24:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-11 19:49:56 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-01-11 14:50:32 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 14:50:32 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-09 16:34:12 -------- d-----w- C:\Users\Zwick\AppData\Local\{63F6038B-BCBF-46F6-B230-9508BB02B7C7}
2012-01-09 16:33:50 -------- d-----w- C:\Users\Zwick\AppData\Local\{FC70363F-B32D-4823-8FED-24FAC55E3E04}
2012-01-08 22:14:41 -------- d-----w- C:\Users\Zwick\AppData\Local\{17348DEA-3DF7-48FB-BE14-E7941C3A3A9A}
2012-01-08 22:14:27 -------- d-----w- C:\Users\Zwick\AppData\Local\{DCEA89DD-14E6-4397-860C-3EAF5E570F57}
2012-01-08 22:06:32 -------- d-----w- C:\Windows\en
2012-01-08 22:03:16 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-08 22:01:00 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1d748b41ccce512e\MeshBetaRemover.exe
2012-01-08 21:58:16 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DSETUP.dll
2012-01-08 21:58:16 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DXSETUP.exe
2012-01-08 21:58:16 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\dsetup32.dll
2012-01-08 21:58:08 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DSETUP.dll
2012-01-08 21:58:08 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DXSETUP.exe
2012-01-08 21:58:08 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\dsetup32.dll
2012-01-08 20:48:55 -------- d-----w- C:\Program Files (x86)\Common Files\Canon
2012-01-08 19:37:02 -------- d-----w- C:\Windows\9013B37099D4404B9DB9779B51CEB5FF.TMP
2012-01-08 19:35:34 -------- d-----w- C:\Windows\F9D59E62845F49A28B75DDB00661673C.TMP
2012-01-08 19:33:19 -------- d-----w- C:\ProgramData\Leapfrog
2012-01-08 19:33:18 -------- d-----w- C:\Program Files (x86)\LeapFrog
.
==================== Find3M ====================
.
2012-01-08 19:30:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 2:05:29.98 ===============

Attached Files


Edited by McZwick, 14 January 2012 - 11:36 AM.


BC AdBot (Login to Remove)

 


#2 McZwick

McZwick
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 14 January 2012 - 11:38 AM

GMER Log:

~NOTE~ The ONLY boxes I could check (on the right side of the GMER client) were:
Services, Registry, Files, C:, and ADS.
For some reason I couldn't check the others.
--------------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-14 02:43:20
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Zwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RWTY93Y\clients[1].txt 1 bytes
File C:\Users\Zwick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YNPQ56O\integrity-local[1].txt 40 bytes

---- EOF - GMER 1.0.15 ----

#3 McZwick

McZwick
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 18 January 2012 - 04:02 PM

~UPDATE~

I removed an extension of ADOBE FLASH 10 that was running on Chrome. From my (limited) understanding Chrome shouldn't need an Adobe extension as it's built in. This appears to have solved most of my problems.

I did discover the folder and file C:\sh4ldr\shldr.mbr I've not seen this before...but didn't delete it as I'm nervous deleting an unknown MBR.


I would still appreciate some feedback on this file, as well as how to properly ensure that my machine is free of malware. Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 20 January 2012 - 11:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/438052 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 McZwick

McZwick
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 20 January 2012 - 01:17 PM

Here is my new DDS log below.

Currently, the only problem I am having is that I'm not able to get into my system properties. I'm wondering if my registry was screwed up somehow.

I have Windwos 7 64-bit.

Thanks!


--------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zwick at 13:10:31 on 2012-01-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2036 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 128.146.1.7 128.146.48.7
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1} : DhcpNameServer = 128.146.1.7 128.146.48.7
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1}\2375942554735383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1}\2416973796465613 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1}\74562656E6D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{6984CD82-7D97-4E04-BAB8-3BC91633C7C1}\A5779636B6C656D2E4564777F627B6 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7148C178-8FD7-4ED0-AA3A-FD36AC66C22C} : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2012-1-13 48888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2010-12-20 86016]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-13 652872]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2012-1-13 130976]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\system32\DRIVERS\b44amd64.sys --> C:\Windows\system32\DRIVERS\b44amd64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-20 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-1-13 892336]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-1-13 955816]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-1-13 169624]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
.
=============== Created Last 30 ================
.
2012-01-19 23:52:54 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0C19C3F-9D6D-4BF4-A531-02ACB80B56BD}\mpengine.dll
2012-01-18 02:37:08 -------- d-----w- C:\Windows\ehome
2012-01-14 06:41:25 388096 ----a-r- C:\Users\Zwick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-14 06:41:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-14 05:46:14 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-01-14 05:45:23 -------- d-----w- C:\ProgramData\HitmanPro
2012-01-14 05:38:52 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-14 04:59:23 -------- d-----w- C:\ComboFix
2012-01-14 01:54:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-01-14 01:54:16 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-01-14 01:54:11 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-01-13 20:53:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-13 20:53:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-13 20:22:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-13 19:30:48 -------- d-----w- C:\sh4ldr
2012-01-13 19:30:48 -------- d-----w- C:\Program Files\Enigma Software Group
2012-01-13 19:29:16 -------- d-----w- C:\Windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-13 14:49:38 98816 ----a-w- C:\Windows\sed.exe
2012-01-13 14:49:38 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-13 14:49:38 256000 ----a-w- C:\Windows\PEV.exe
2012-01-13 14:49:38 208896 ----a-w- C:\Windows\MBR.exe
2012-01-11 21:24:32 -------- d-----w- C:\Users\Zwick\AppData\Roaming\Malwarebytes
2012-01-11 21:24:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-11 19:49:56 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-01-11 14:50:32 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 14:50:32 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-09 16:34:12 -------- d-----w- C:\Users\Zwick\AppData\Local\{63F6038B-BCBF-46F6-B230-9508BB02B7C7}
2012-01-09 16:33:50 -------- d-----w- C:\Users\Zwick\AppData\Local\{FC70363F-B32D-4823-8FED-24FAC55E3E04}
2012-01-08 22:14:41 -------- d-----w- C:\Users\Zwick\AppData\Local\{17348DEA-3DF7-48FB-BE14-E7941C3A3A9A}
2012-01-08 22:14:27 -------- d-----w- C:\Users\Zwick\AppData\Local\{DCEA89DD-14E6-4397-860C-3EAF5E570F57}
2012-01-08 22:06:32 -------- d-----w- C:\Windows\en
2012-01-08 22:03:16 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-08 22:01:00 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1d748b41ccce512e\MeshBetaRemover.exe
2012-01-08 21:58:16 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DSETUP.dll
2012-01-08 21:58:16 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DXSETUP.exe
2012-01-08 21:58:16 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\dsetup32.dll
2012-01-08 21:58:08 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DSETUP.dll
2012-01-08 21:58:08 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DXSETUP.exe
2012-01-08 21:58:08 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\dsetup32.dll
2012-01-08 20:48:55 -------- d-----w- C:\Program Files (x86)\Common Files\Canon
2012-01-08 19:37:02 -------- d-----w- C:\Windows\9013B37099D4404B9DB9779B51CEB5FF.TMP
2012-01-08 19:35:34 -------- d-----w- C:\Windows\F9D59E62845F49A28B75DDB00661673C.TMP
2012-01-08 19:33:19 -------- d-----w- C:\ProgramData\Leapfrog
2012-01-08 19:33:18 -------- d-----w- C:\Program Files (x86)\LeapFrog
.
==================== Find3M ====================
.
2012-01-08 19:30:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 13:11:29.82 ===============

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 21 January 2012 - 02:30 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 McZwick

McZwick
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 21 January 2012 - 10:58 PM

Gringo,

Thanks for helping me out with this. Minor issues I'm still having (and know about) are:

Cannot get into the system properties
Received a "0x8000fff" error when trying to save a movie in Windows Live Movie Maker
Had several random Windows features turned off that needed to be turned back on again
There's a mysterious folder - C:\sh4ldr, with the file - shldr.mbr

That's all I can think of now....below is my log.

Thanks!

-----

ComboFix 12-01-21.02 - Zwick 01/21/2012 22:16:11.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2711 [GMT -5:00]
Running from: c:\users\Zwick\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 03:29 . 2012-01-22 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-22 02:49 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECC683BF-7598-4F70-942E-AF4C45E782B1}\mpengine.dll
2012-01-18 02:37 . 2012-01-18 17:17 -------- d-----w- c:\windows\ehome
2012-01-18 02:36 . 2012-01-18 02:36 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-01-18 02:36 . 2012-01-18 02:36 -------- d-----r- c:\users\Public\Recorded TV
2012-01-14 06:41 . 2012-01-14 06:41 388096 ----a-r- c:\users\Zwick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-14 06:41 . 2012-01-14 06:41 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-14 05:46 . 2012-01-14 05:46 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-14 05:45 . 2012-01-14 05:46 -------- d-----w- c:\programdata\HitmanPro
2012-01-14 01:54 . 2012-01-18 16:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-13 20:53 . 2012-01-13 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-13 20:53 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 20:22 . 2012-01-13 20:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-13 19:30 . 2012-01-13 20:32 -------- d-----w- C:\sh4ldr
2012-01-13 19:30 . 2012-01-13 19:30 -------- d-----w- c:\program files\Enigma Software Group
2012-01-13 19:29 . 2012-01-13 20:32 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-11 21:24 . 2012-01-11 21:24 -------- d-----w- c:\users\Zwick\AppData\Roaming\Malwarebytes
2012-01-11 21:24 . 2012-01-11 21:24 -------- d-----w- c:\programdata\Malwarebytes
2012-01-11 19:49 . 2011-09-20 18:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-11 14:50 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-08 22:06 . 2012-01-08 22:06 -------- d-----w- c:\windows\en
2012-01-08 22:03 . 2012-01-08 22:04 -------- d-----w- c:\program files (x86)\Windows Live
2012-01-08 22:03 . 2012-01-08 22:03 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-08 22:01 . 2012-01-08 22:01 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1d748b41ccce512e\MeshBetaRemover.exe
2012-01-08 21:58 . 2012-01-08 21:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DSETUP.dll
2012-01-08 21:58 . 2012-01-08 21:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DXSETUP.exe
2012-01-08 21:58 . 2012-01-08 21:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\dsetup32.dll
2012-01-08 21:58 . 2012-01-08 21:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DXSETUP.exe
2012-01-08 21:58 . 2012-01-08 21:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DSETUP.dll
2012-01-08 21:58 . 2012-01-08 21:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\dsetup32.dll
2012-01-08 20:48 . 2012-01-08 20:48 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-01-08 19:37 . 2012-01-08 19:37 -------- d-----w- c:\windows\9013B37099D4404B9DB9779B51CEB5FF.TMP
2012-01-08 19:36 . 2012-01-08 19:36 -------- d-----w- c:\program files\DIFX
2012-01-08 19:35 . 2012-01-08 19:38 -------- d-----w- c:\windows\F9D59E62845F49A28B75DDB00661673C.TMP
2012-01-08 19:33 . 2012-01-08 19:33 -------- d-----w- c:\programdata\Leapfrog
2012-01-08 19:33 . 2012-01-08 19:36 -------- d-----w- c:\program files (x86)\LeapFrog
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 19:30 . 2011-06-18 20:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2010-12-21 17:24 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-19 14:06 . 2012-01-11 14:50 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-04 01:53 . 2011-12-14 14:09 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 14:09 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 14:09 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 14:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 14:09 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 14:09 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 14:09 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 14:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:19 . 2011-12-14 14:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-13_15.16.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-22 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-13 15:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-13 15:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-22 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-13 15:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-22 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-20 20:46 . 2012-01-20 16:17 47516 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-22 03:32 42238 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-20 19:54 . 2012-01-22 03:32 14174 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-54349521-2605671155-1412708382-1000_UserData.bin
+ 2009-07-14 00:24 . 2009-07-14 01:41 84480 c:\windows\system32\Mcx2Svc.dll
+ 2009-09-09 20:28 . 2009-09-09 20:28 59904 c:\windows\Installer\$PatchCache$\Managed\DD343E4BBAAB95D4DAC9ED0AFA0ED91F\1.2.3\zlib1.dll
- 2011-02-23 16:15 . 2010-11-20 13:27 88576 c:\windows\ehome\NetBridge.dll
+ 2009-07-14 00:24 . 2009-07-14 01:41 88576 c:\windows\ehome\NetBridge.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 56320 c:\windows\ehome\Microsoft.MediaCenter.Mheg.dll
+ 2009-07-14 00:25 . 2009-07-14 01:51 56320 c:\windows\ehome\Microsoft.MediaCenter.Mheg.dll
+ 2009-07-14 00:24 . 2009-07-14 01:28 42496 c:\windows\ehome\markup.dll
- 2011-02-23 16:13 . 2010-11-20 13:03 42496 c:\windows\ehome\markup.dll
+ 2009-07-13 22:35 . 2009-07-14 01:20 94208 c:\windows\ehome\ehCIR.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 94208 c:\windows\ehome\ehCIR.dll
+ 2009-07-13 23:31 . 2009-07-14 01:26 66560 c:\windows\diagnostics\system\WindowsMediaPlayerConfiguration\DiagPackage.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ac8c28712804189be64862550bfb9b82\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\89a0832ed20bc4be8fd05e4e98e69935\LoadMxf.ni.exe
- 2011-09-09 20:32 . 2011-09-09 20:32 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\8b58e86c1211cac8bb344ec05015055b\ehiUPnP.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\8b58e86c1211cac8bb344ec05015055b\ehiUPnP.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\53f97fe255ce0034dafd3a2b4f7245d8\ehiTVMSMusic.ni.dll
- 2011-09-09 19:17 . 2011-09-09 19:17 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\2c6d60b55bbab22515c512080d4b3bae\stdole.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\2c6d60b55bbab22515c512080d4b3bae\stdole.ni.dll
- 2011-09-09 19:17 . 2011-09-09 19:17 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\f09ce1eab0d18a4bbd53ab2a67a5c909\ehiUserXp.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\f09ce1eab0d18a4bbd53ab2a67a5c909\ehiUserXp.ni.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 94208 c:\windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll
+ 2009-07-13 22:35 . 2009-07-14 01:20 94208 c:\windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll
+ 2009-07-14 00:25 . 2009-07-14 01:51 56320 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 56320 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 66956 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCall.dll
+ 2009-07-14 00:08 . 2009-07-14 01:16 8192 c:\windows\SysWOW64\spwmp.dll
- 2011-02-23 16:14 . 2010-11-20 12:20 8192 c:\windows\SysWOW64\spwmp.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 4096 c:\windows\SysWOW64\dxmasf.dll
- 2011-02-23 16:14 . 2010-11-20 12:21 4096 c:\windows\SysWOW64\dxmasf.dll
+ 2010-12-22 18:40 . 2012-01-22 03:29 6030 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 00:23 . 2009-07-14 01:41 9728 c:\windows\system32\spwmp.dll
- 2011-02-23 16:14 . 2010-11-20 13:27 9728 c:\windows\system32\spwmp.dll
- 2011-02-23 16:14 . 2010-11-20 13:27 5120 c:\windows\system32\dxmasf.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 5120 c:\windows\system32\dxmasf.dll
- 2012-01-13 15:15 . 2012-01-13 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 03:30 . 2012-01-22 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 03:30 . 2012-01-22 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-13 15:15 . 2012-01-13 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-18 02:41 . 2012-01-18 02:41 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll
- 2010-12-20 22:36 . 2010-12-20 22:36 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll
- 2010-12-20 22:36 . 2010-12-20 22:36 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll
- 2010-12-20 22:36 . 2010-12-20 22:36 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll
+ 2009-07-14 00:08 . 2009-07-14 01:16 182272 c:\windows\SysWOW64\wmpsrcwp.dll
- 2011-02-23 16:15 . 2010-11-20 12:21 182272 c:\windows\SysWOW64\wmpsrcwp.dll
- 2011-02-23 16:14 . 2010-11-20 12:21 105472 c:\windows\SysWOW64\wmpshell.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 105472 c:\windows\SysWOW64\wmpshell.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 143872 c:\windows\SysWOW64\wmpps.dll
- 2011-02-23 16:15 . 2010-11-20 12:21 738816 c:\windows\SysWOW64\wmpmde.dll
+ 2010-12-21 14:04 . 2010-08-21 05:36 738816 c:\windows\SysWOW64\wmpmde.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 344576 c:\windows\SysWOW64\wmpeffects.dll
- 2011-02-23 16:15 . 2010-11-20 12:21 299520 c:\windows\SysWOW64\wmpdxm.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 299520 c:\windows\SysWOW64\wmpdxm.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 553472 c:\windows\SysWOW64\migration\MediaPlayer-DLMigPlugin.dll
- 2011-02-23 16:16 . 2010-11-20 12:21 553472 c:\windows\SysWOW64\migration\MediaPlayer-DLMigPlugin.dll
+ 2009-07-14 00:09 . 2009-07-14 01:15 266752 c:\windows\SysWOW64\MediaMetadataHandler.dll
- 2011-02-23 16:16 . 2010-11-20 12:19 266752 c:\windows\SysWOW64\MediaMetadataHandler.dll
+ 2009-07-14 00:08 . 2009-07-14 01:15 219648 c:\windows\SysWOW64\iTVData.dll
- 2011-02-23 16:15 . 2010-11-20 12:19 219648 c:\windows\SysWOW64\iTVData.dll
- 2011-02-23 16:17 . 2010-11-20 13:27 223232 c:\windows\system32\wmpsrcwp.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 223232 c:\windows\system32\wmpsrcwp.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 132096 c:\windows\system32\wmpshell.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 477696 c:\windows\system32\wmpps.dll
+ 2009-07-14 00:24 . 2009-07-14 01:41 593408 c:\windows\system32\wmpeffects.dll
+ 2009-07-14 00:24 . 2009-07-14 01:41 358400 c:\windows\system32\wmpdxm.dll
- 2011-02-23 16:15 . 2010-11-20 13:27 358400 c:\windows\system32\wmpdxm.dll
+ 2010-12-24 17:29 . 2012-01-16 19:33 380896 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-01-12 13:59 . 2012-01-22 02:37 503296 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-01-12 19:19 662658 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-20 18:47 662658 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-12 19:19 122454 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-20 18:47 122454 c:\windows\system32\perfc009.dat
- 2011-02-23 16:20 . 2010-11-20 13:27 571904 c:\windows\system32\mspbda.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 571904 c:\windows\system32\mspbda.dll
- 2011-02-23 16:20 . 2010-11-20 13:27 552960 c:\windows\system32\msdri.dll
+ 2010-12-21 14:05 . 2010-08-04 07:07 552960 c:\windows\system32\msdri.dll
- 2011-02-23 16:16 . 2010-11-20 13:26 345600 c:\windows\system32\MediaMetadataHandler.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 345600 c:\windows\system32\MediaMetadataHandler.dll
- 2011-02-23 16:15 . 2010-11-20 13:26 282624 c:\windows\system32\iTVData.dll
+ 2009-07-14 00:22 . 2009-07-14 01:41 282624 c:\windows\system32\iTVData.dll
+ 2009-07-14 04:46 . 2012-01-22 02:48 109240 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-01-13 15:14 393032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-22 03:29 393032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-06 01:52 . 2011-12-28 22:12 577384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-54349521-2605671155-1412708382-1000-12288.dat
+ 2011-11-06 01:52 . 2012-01-17 19:52 577384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-54349521-2605671155-1412708382-1000-12288.dat
+ 2009-07-14 00:25 . 2009-07-14 01:41 190976 c:\windows\ehome\wtv2dvrms.dll
- 2011-02-23 16:15 . 2010-11-20 13:27 190976 c:\windows\ehome\wtv2dvrms.dll
+ 2009-07-14 00:09 . 2009-07-14 01:20 134656 c:\windows\ehome\wow\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 12:32 134656 c:\windows\ehome\wow\mcstoredb.dll
+ 2009-07-14 00:10 . 2009-07-14 01:15 801280 c:\windows\ehome\wow\ehui.dll
- 2011-02-23 16:17 . 2010-11-20 12:18 801280 c:\windows\ehome\wow\ehui.dll
- 2011-02-23 16:15 . 2010-11-20 12:32 238080 c:\windows\ehome\wow\BDATunePIA.dll
+ 2009-07-14 00:06 . 2009-07-14 01:25 238080 c:\windows\ehome\wow\BDATunePIA.dll
- 2011-02-23 16:19 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-18 17:14 . 2011-10-29 05:24 465920 c:\windows\ehome\mstvcapn.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 327168 c:\windows\ehome\Microsoft.MediaCenter.TV.Tuners.Interop.dll
+ 2009-07-14 00:24 . 2009-07-14 01:52 327168 c:\windows\ehome\Microsoft.MediaCenter.TV.Tuners.Interop.dll
+ 2009-07-13 22:36 . 2009-07-14 01:24 241664 c:\windows\ehome\Microsoft.MediaCenter.Sports.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 241664 c:\windows\ehome\Microsoft.MediaCenter.Sports.dll
- 2011-02-23 16:16 . 2010-11-20 13:44 114688 c:\windows\ehome\Microsoft.MediaCenter.Playback.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 114688 c:\windows\ehome\Microsoft.MediaCenter.Playback.dll
+ 2009-07-14 00:24 . 2009-07-14 01:51 147968 c:\windows\ehome\Microsoft.MediaCenter.iTV.Media.dll
- 2011-02-23 16:16 . 2010-11-20 13:44 147968 c:\windows\ehome\Microsoft.MediaCenter.iTV.Media.dll
+ 2012-01-18 17:14 . 2011-08-17 05:35 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
- 2011-02-23 16:17 . 2010-11-20 13:44 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 385024 c:\windows\ehome\Microsoft.MediaCenter.dll
+ 2009-07-13 22:36 . 2009-07-14 01:22 385024 c:\windows\ehome\Microsoft.MediaCenter.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 133120 c:\windows\ehome\Mcx2Dvcs.dll
+ 2009-07-14 00:24 . 2009-07-14 01:50 133120 c:\windows\ehome\Mcx2Dvcs.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 198656 c:\windows\ehome\mcupdate.exe
- 2011-02-23 16:18 . 2010-11-20 13:44 198656 c:\windows\ehome\mcupdate.exe
+ 2009-07-14 00:24 . 2009-07-14 01:48 139264 c:\windows\ehome\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 139264 c:\windows\ehome\mcstoredb.dll
- 2011-02-23 16:23 . 2010-11-20 12:32 638976 c:\windows\ehome\mcstore.dll
+ 2010-12-21 14:05 . 2010-08-04 06:28 638976 c:\windows\ehome\mcstore.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 207872 c:\windows\ehome\mcplayerinterop.dll
+ 2009-07-14 00:25 . 2009-07-14 01:49 207872 c:\windows\ehome\mcplayerinterop.dll
+ 2010-12-21 14:05 . 2010-08-04 07:07 957952 c:\windows\ehome\mcplayer.dll
- 2011-02-23 16:23 . 2010-11-20 13:44 741376 c:\windows\ehome\mcepg.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 741376 c:\windows\ehome\mcepg.dll
- 2011-02-23 16:15 . 2010-11-20 13:24 288256 c:\windows\ehome\ehvid.exe
+ 2009-07-14 00:24 . 2009-07-14 01:39 288256 c:\windows\ehome\ehvid.exe
+ 2009-07-14 00:25 . 2009-07-14 01:39 163328 c:\windows\ehome\ehtray.exe
- 2011-02-23 16:15 . 2010-11-20 13:24 163328 c:\windows\ehome\ehtray.exe
+ 2009-07-14 00:25 . 2009-07-14 01:40 394752 c:\windows\ehome\ehskb.dll
- 2011-02-23 16:18 . 2010-11-20 13:26 394752 c:\windows\ehome\ehskb.dll
+ 2010-12-21 14:05 . 2010-08-04 07:05 696320 c:\windows\ehome\ehrecvr.exe
+ 2009-07-13 22:35 . 2009-07-14 01:21 196608 c:\windows\ehome\ehRecObj.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 196608 c:\windows\ehome\ehRecObj.dll
+ 2010-12-21 14:05 . 2010-08-04 07:05 295936 c:\windows\ehome\ehprivjob.exe
- 2011-02-23 16:20 . 2010-11-20 13:24 295936 c:\windows\ehome\ehprivjob.exe
+ 2010-12-21 14:05 . 2010-08-04 07:07 150528 c:\windows\ehome\ehPresenter.dll
- 2011-02-23 16:16 . 2010-11-20 13:26 150528 c:\windows\ehome\ehPresenter.dll
+ 2009-07-13 22:35 . 2009-07-14 01:20 172032 c:\windows\ehome\ehiProxy.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 172032 c:\windows\ehome\ehiProxy.dll
- 2011-02-23 16:21 . 2010-11-20 13:26 758784 c:\windows\ehome\ehglid.dll
+ 2010-12-21 14:05 . 2010-08-04 07:07 758784 c:\windows\ehome\ehglid.dll
+ 2009-07-13 22:36 . 2009-07-14 01:20 143360 c:\windows\ehome\ehexthost.exe
- 2011-02-23 16:14 . 2010-11-20 12:32 143360 c:\windows\ehome\ehexthost.exe
+ 2009-07-14 01:05 . 2009-07-14 01:41 303104 c:\windows\ehome\cbva.dll
- 2011-02-23 16:20 . 2010-11-20 13:27 303104 c:\windows\ehome\cbva.dll
+ 2009-07-14 00:25 . 2009-07-14 01:40 408576 c:\windows\ehome\BmlDataCarousel.dll
- 2011-02-23 16:15 . 2010-11-20 13:25 408576 c:\windows\ehome\BmlDataCarousel.dll
+ 2009-07-14 00:21 . 2009-07-14 01:54 249344 c:\windows\ehome\BDATunePIA.dll
- 2011-02-23 16:15 . 2010-11-20 13:39 249344 c:\windows\ehome\BDATunePIA.dll
+ 2012-01-18 17:18 . 2012-01-18 17:18 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e3ec0e7fa6077a2c579f1868ec4266c8\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d34d213cd741c196924a4e1016eb14e0\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cc526df908a291ab3dff01c93251957d\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bddd0f216bd4864844e52cabb7e47b5e\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\682f7c551f2b4abd0081796fa8157330\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\67fdc6c1e20539e82daf6563e86de0ce\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\48ce28d64a87a6c322052a707b685c92\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\953bc32a3e10f4c5dc40e9c36ec83e08\Mcx2Dvcs.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\40f8f3c73cca05a80284eae6fcc9adee\mcupdate.ni.exe
+ 2012-01-18 02:42 . 2012-01-18 02:42 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\77ef3f3b0d4188c5ee3e870fa89cc512\mcstoredb.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\d0f72bdc1770390089e74f1068fe608b\mcplayerinterop.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7a94aabf7ee9f70a03d425506849a8f3\mcGlidHostObj.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\145d7744bf190558846665b2642fe93d\MCESidebarCtrl.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\87c98c8ffbf33b4104cb0bce5ccfc6f1\ehRecObj.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\b253aa4b8000e29b2fb725e4f7b8bc7c\ehiWUapi.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\b253aa4b8000e29b2fb725e4f7b8bc7c\ehiWUapi.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\9f570489c98c93a79f0fd793586afdc6\ehiwmp.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\9f570489c98c93a79f0fd793586afdc6\ehiwmp.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\a6dc826bf08c95bd5fe459a02bbfd33c\ehiUserXp.ni.dll
- 2011-09-09 20:31 . 2011-09-09 20:31 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\a6dc826bf08c95bd5fe459a02bbfd33c\ehiUserXp.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\4a7ec1155d9e9e4b40889b171d16a577\ehiiTv.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\4a7ec1155d9e9e4b40889b171d16a577\ehiiTv.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d122f8c71cdd586e76d9617f80a0297f\ehiExtens.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d122f8c71cdd586e76d9617f80a0297f\ehiExtens.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\99c61751c71078d92ff372495bc38fc3\ehiBmlDataCarousel.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\99c61751c71078d92ff372495bc38fc3\ehiBmlDataCarousel.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\ee22f412f6314443add3ca412afd6569\ehiActivScp.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\ee22f412f6314443add3ca412afd6569\ehiActivScp.ni.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\896b42dd1c04566283c8b7e07e78d835\ehExtHost.ni.exe
+ 2012-01-18 02:41 . 2012-01-18 02:41 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b2a31215ed456a83abc701310fb9e765\ehCIR.ni.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\fcb567c6ed96ccdfde2510073766e481\BDATunePIA.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\d351203b3a71b09573d47a333ebcee2f\mcstoredb.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\b85ef9b031c73320bcd064b97acadafe\ehRecObj.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\7baee73beff594e640b045d786f00b83\ehiVidCtl.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\5113b9da18342f24078b0cb3df7d2f04\ehiProxy.ni.dll
- 2011-09-09 19:17 . 2011-09-09 19:17 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\7b6de29c99674df526ccf9d4937828fe\ehiExtens.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\7b6de29c99674df526ccf9d4937828fe\ehiExtens.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\fcf8638d649a6e02e0a49e6a75dff8e5\ehExtHost32.ni.exe
+ 2012-01-18 02:44 . 2012-01-18 02:44 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2043b47667d221ceea1bdcd8a7d609b0\BDATunePIA.ni.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 385024 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-07-13 22:36 . 2009-07-14 01:22 385024 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 241664 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
+ 2009-07-13 22:36 . 2009-07-14 01:24 241664 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
+ 2010-12-21 14:05 . 2010-08-04 06:28 638976 c:\windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
- 2011-02-23 16:23 . 2010-11-20 12:32 638976 c:\windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
+ 2009-07-14 00:25 . 2009-07-14 01:49 207872 c:\windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 207872 c:\windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll
- 2011-02-23 16:23 . 2010-11-20 13:44 741376 c:\windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 741376 c:\windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 196608 c:\windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-07-13 22:35 . 2009-07-14 01:21 196608 c:\windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-07-13 22:35 . 2009-07-14 01:20 172032 c:\windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 172032 c:\windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 143360 c:\windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe
+ 2009-07-13 22:36 . 2009-07-14 01:20 143360 c:\windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe
- 2011-02-23 16:15 . 2010-11-20 13:44 327168 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
+ 2009-07-14 00:24 . 2009-07-14 01:52 327168 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 114688 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
- 2011-02-23 16:16 . 2010-11-20 13:44 114688 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
- 2011-02-23 16:16 . 2010-11-20 13:44 147968 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
+ 2009-07-14 00:24 . 2009-07-14 01:51 147968 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
- 2011-02-23 16:17 . 2010-11-20 13:44 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2012-01-18 17:14 . 2011-08-17 05:35 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2009-07-14 00:24 . 2009-07-14 01:50 133120 c:\windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 133120 c:\windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 198656 c:\windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
- 2011-02-23 16:18 . 2010-11-20 13:44 198656 c:\windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
+ 2009-07-14 00:24 . 2009-07-14 01:48 139264 c:\windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 139264 c:\windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 13:39 249344 c:\windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
+ 2009-07-14 00:21 . 2009-07-14 01:54 249344 c:\windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
- 2011-02-23 16:15 . 2010-11-20 12:32 134656 c:\windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
+ 2009-07-14 00:09 . 2009-07-14 01:20 134656 c:\windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 12:32 238080 c:\windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
+ 2009-07-14 00:06 . 2009-07-14 01:25 238080 c:\windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
+ 2012-01-13 19:29 . 2012-01-13 19:29 188145 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla36.exe
+ 2012-01-13 20:31 . 2012-01-13 20:31 188145 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla36.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 175992 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla34.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 176035 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla33.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 176545 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla32.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 184625 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla31.exe
+ 2012-01-13 20:31 . 2012-01-13 20:31 188108 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla21.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 176035 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla2.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 179340 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 1624064 c:\windows\SysWOW64\WMPEncEn.dll
- 2011-02-23 16:18 . 2010-11-20 12:21 1624064 c:\windows\SysWOW64\WMPEncEn.dll
+ 2010-12-21 14:04 . 2010-08-21 06:38 1024512 c:\windows\system32\wmpmde.dll
- 2011-02-23 16:20 . 2010-11-20 13:27 1024512 c:\windows\system32\wmpmde.dll
- 2011-02-23 16:20 . 2010-11-20 13:27 2072576 c:\windows\system32\WMPEncEn.dll
+ 2009-07-14 00:25 . 2009-07-14 01:41 2072576 c:\windows\system32\WMPEncEn.dll
+ 2009-07-14 00:19 . 2009-07-14 01:41 1009152 c:\windows\system32\mcmde.dll
- 2011-02-23 16:20 . 2010-11-20 13:26 1009152 c:\windows\system32\mcmde.dll
+ 2009-07-14 04:45 . 2012-01-18 23:55 7441002 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-11 19:59 7441002 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-20 21:21 . 2012-01-22 03:29 3617764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-54349521-2605671155-1412708382-1000-8192.dat
+ 2012-01-14 06:40 . 2012-01-14 06:40 1402880 c:\windows\Installer\3a4b07.msi
- 2011-02-23 16:17 . 2010-11-20 12:18 1551872 c:\windows\ehome\wow\ehuihlp.dll
+ 2010-12-21 14:05 . 2010-08-04 06:16 1551872 c:\windows\ehome\wow\ehuihlp.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 2596864 c:\windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2009-07-13 22:35 . 2009-07-14 01:26 2596864 c:\windows\ehome\Microsoft.MediaCenter.UI.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 1572864 c:\windows\ehome\Microsoft.MediaCenter.Shell.dll
+ 2009-07-13 22:35 . 2009-07-14 01:23 1572864 c:\windows\ehome\Microsoft.MediaCenter.Shell.dll
+ 2009-07-13 23:13 . 2009-07-14 01:41 2608640 c:\windows\ehome\Mcx2Filter.dll
+ 2010-12-21 14:05 . 2010-08-04 07:07 1668608 c:\windows\ehome\ehuihlp.dll
- 2011-02-23 16:20 . 2010-11-20 13:26 1668608 c:\windows\ehome\ehuihlp.dll
+ 2009-07-14 00:26 . 2009-07-14 01:40 1195520 c:\windows\ehome\ehui.dll
- 2011-02-23 16:20 . 2010-11-20 13:26 1195520 c:\windows\ehome\ehui.dll
+ 2010-12-21 14:05 . 2010-08-04 06:28 6307840 c:\windows\ehome\ehshell.dll
- 2011-02-23 16:24 . 2010-11-20 12:32 6307840 c:\windows\ehome\ehshell.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\efbef306149f339aabbcd2ed1429d4ef\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e9476b5b9c8555c1ab120052fd09ed59\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-01-18 18:16 . 2012-01-18 18:16 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b708183caeb09313374843a4a2731759\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\63993a79edf5b8ffa305da6d6fcbe661\Microsoft.MediaCenter.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\18a9a050712d017d9ab8898e10665fea\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\950046bcbc91acef1f9928f32d141dfc\mcstore.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 4087296 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\c523df63afef302e57c85511d55cfec6\mcepg.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\2e39e92371162924ab9566122dc96f4b\ehiVidCtl.ni.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\739c1147077fe9cc68bbe45c3697ae92\ehiProxy.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c5f9fec86f7b49a481f04da2d83609f7\Microsoft.MediaCenter.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5b77705fce84d75546547d3eb314b219\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\1c8d51a12d04654c4eb1e7d1a21be5c8\mcstore.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\0d481a2d4c2147db65bedba58db9c670\mcepg.ni.dll
+ 2009-07-13 22:35 . 2009-07-14 01:26 2596864 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 2596864 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 1572864 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
+ 2009-07-13 22:35 . 2009-07-14 01:23 1572864 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
+ 2010-12-21 14:05 . 2010-08-04 06:28 6307840 c:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
- 2011-02-23 16:24 . 2010-11-20 12:32 6307840 c:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
- 2011-02-23 16:14 . 2010-11-20 12:08 12625408 c:\windows\SysWOW64\wmploc.DLL
+ 2010-12-21 14:03 . 2010-09-01 04:23 12625408 c:\windows\SysWOW64\wmploc.DLL
+ 2010-12-21 14:03 . 2010-09-01 04:29 11406848 c:\windows\SysWOW64\wmp.dll
- 2011-02-23 16:13 . 2010-11-20 13:16 12625920 c:\windows\system32\wmploc.DLL
+ 2010-12-21 14:03 . 2010-09-01 05:12 12625920 c:\windows\system32\wmploc.DLL
+ 2010-12-21 14:03 . 2010-09-01 05:21 14627840 c:\windows\system32\wmp.dll
- 2009-07-14 02:34 . 2011-12-14 14:47 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-18 02:51 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-01-17 15:13 . 2012-01-17 15:13 17904640 c:\windows\Installer\739e3a.msi
+ 2009-07-14 00:47 . 2009-07-14 01:39 15697920 c:\windows\ehome\CreateDisc\SBEServer.exe
- 2011-02-23 16:25 . 2010-11-20 13:25 15697920 c:\windows\ehome\CreateDisc\SBEServer.exe
+ 2012-01-18 18:17 . 2012-01-18 18:17 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\c9bbf495377ca09b19b618daecf46585\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2007-09-20 86016]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\DRIVERS\b44amd64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:21]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 20:04]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 20:04]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54349521-2605671155-1412708382-1000Core.job
- c:\users\Zwick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 18:51]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54349521-2605671155-1412708382-1000UA.job
- c:\users\Zwick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 18:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 220672]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 302184]
"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-54349521-2605671155-1412708382-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,27,9d,5c,31,46,0c,0a,5c,b5,09,d7,d3,79,95,cf,56,2d,2a,d4,92,
ef,48,ff,c6,7e,3b,32,19,90,c3,10,55,90,bd,d7,27,67,4f,da,84,34,5d,c4,16,ad,\
"rkeysecu"=hex:42,de,e5,f0,5c,9d,b7,85,b8,78,a3,94,5a,6a,7e,28
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EndNote14.AddinServer]
@Denied: (A) (Everyone)
@="EndNote14.AddinServer"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EndNote14.AddinServer\CLSID]
@="{575B6FEB-477B-4595-A478-9B141A98D869}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-01-21 22:47:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 03:46
ComboFix2.txt 2012-01-14 05:33
ComboFix3.txt 2012-01-13 15:25
.
Pre-Run: 42,590,973,952 bytes free
Post-Run: 43,179,028,480 bytes free
.
- - End Of File - - 37EEB6E0BA5035E80F452B3F7F0466AD

ComboFix 12-01-21.02 - Zwick 01/21/2012 22:16:11.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2711 [GMT -5:00]
Running from: c:\users\Zwick\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 03:29 . 2012-01-22 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-22 02:49 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECC683BF-7598-4F70-942E-AF4C45E782B1}\mpengine.dll
2012-01-18 02:37 . 2012-01-18 17:17 -------- d-----w- c:\windows\ehome
2012-01-18 02:36 . 2012-01-18 02:36 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-01-18 02:36 . 2012-01-18 02:36 -------- d-----r- c:\users\Public\Recorded TV
2012-01-14 06:41 . 2012-01-14 06:41 388096 ----a-r- c:\users\Zwick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-14 06:41 . 2012-01-14 06:41 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-14 05:46 . 2012-01-14 05:46 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-14 05:45 . 2012-01-14 05:46 -------- d-----w- c:\programdata\HitmanPro
2012-01-14 01:54 . 2012-01-18 16:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-13 20:53 . 2012-01-13 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-13 20:53 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 20:22 . 2012-01-13 20:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-13 19:30 . 2012-01-13 20:32 -------- d-----w- C:\sh4ldr
2012-01-13 19:30 . 2012-01-13 19:30 -------- d-----w- c:\program files\Enigma Software Group
2012-01-13 19:29 . 2012-01-13 20:32 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-11 21:24 . 2012-01-11 21:24 -------- d-----w- c:\users\Zwick\AppData\Roaming\Malwarebytes
2012-01-11 21:24 . 2012-01-11 21:24 -------- d-----w- c:\programdata\Malwarebytes
2012-01-11 19:49 . 2011-09-20 18:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-11 14:50 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-08 22:06 . 2012-01-08 22:06 -------- d-----w- c:\windows\en
2012-01-08 22:03 . 2012-01-08 22:04 -------- d-----w- c:\program files (x86)\Windows Live
2012-01-08 22:03 . 2012-01-08 22:03 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-08 22:01 . 2012-01-08 22:01 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1d748b41ccce512e\MeshBetaRemover.exe
2012-01-08 21:58 . 2012-01-08 21:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DSETUP.dll
2012-01-08 21:58 . 2012-01-08 21:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DXSETUP.exe
2012-01-08 21:58 . 2012-01-08 21:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\dsetup32.dll
2012-01-08 21:58 . 2012-01-08 21:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DXSETUP.exe
2012-01-08 21:58 . 2012-01-08 21:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DSETUP.dll
2012-01-08 21:58 . 2012-01-08 21:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\dsetup32.dll
2012-01-08 20:48 . 2012-01-08 20:48 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-01-08 19:37 . 2012-01-08 19:37 -------- d-----w- c:\windows\9013B37099D4404B9DB9779B51CEB5FF.TMP
2012-01-08 19:36 . 2012-01-08 19:36 -------- d-----w- c:\program files\DIFX
2012-01-08 19:35 . 2012-01-08 19:38 -------- d-----w- c:\windows\F9D59E62845F49A28B75DDB00661673C.TMP
2012-01-08 19:33 . 2012-01-08 19:33 -------- d-----w- c:\programdata\Leapfrog
2012-01-08 19:33 . 2012-01-08 19:36 -------- d-----w- c:\program files (x86)\LeapFrog
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 19:30 . 2011-06-18 20:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2010-12-21 17:24 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-19 14:06 . 2012-01-11 14:50 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-04 01:53 . 2011-12-14 14:09 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 14:09 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 14:09 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 14:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 14:09 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 14:09 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 14:09 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 14:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:19 . 2011-12-14 14:05 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-13_15.16.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-22 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-13 15:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-13 15:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-22 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-13 15:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-22 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-20 20:46 . 2012-01-20 16:17 47516 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-22 03:32 42238 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-20 19:54 . 2012-01-22 03:32 14174 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-54349521-2605671155-1412708382-1000_UserData.bin
+ 2009-07-14 00:24 . 2009-07-14 01:41 84480 c:\windows\system32\Mcx2Svc.dll
+ 2009-09-09 20:28 . 2009-09-09 20:28 59904 c:\windows\Installer\$PatchCache$\Managed\DD343E4BBAAB95D4DAC9ED0AFA0ED91F\1.2.3\zlib1.dll
- 2011-02-23 16:15 . 2010-11-20 13:27 88576 c:\windows\ehome\NetBridge.dll
+ 2009-07-14 00:24 . 2009-07-14 01:41 88576 c:\windows\ehome\NetBridge.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 56320 c:\windows\ehome\Microsoft.MediaCenter.Mheg.dll
+ 2009-07-14 00:25 . 2009-07-14 01:51 56320 c:\windows\ehome\Microsoft.MediaCenter.Mheg.dll
+ 2009-07-14 00:24 . 2009-07-14 01:28 42496 c:\windows\ehome\markup.dll
- 2011-02-23 16:13 . 2010-11-20 13:03 42496 c:\windows\ehome\markup.dll
+ 2009-07-13 22:35 . 2009-07-14 01:20 94208 c:\windows\ehome\ehCIR.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 94208 c:\windows\ehome\ehCIR.dll
+ 2009-07-13 23:31 . 2009-07-14 01:26 66560 c:\windows\diagnostics\system\WindowsMediaPlayerConfiguration\DiagPackage.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 65536 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ac8c28712804189be64862550bfb9b82\Microsoft.MediaCenter.iTv.Hosting.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\89a0832ed20bc4be8fd05e4e98e69935\LoadMxf.ni.exe
- 2011-09-09 20:32 . 2011-09-09 20:32 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\8b58e86c1211cac8bb344ec05015055b\ehiUPnP.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 49664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUPnP\8b58e86c1211cac8bb344ec05015055b\ehiUPnP.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 93184 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiTVMSMusic\53f97fe255ce0034dafd3a2b4f7245d8\ehiTVMSMusic.ni.dll
- 2011-09-09 19:17 . 2011-09-09 19:17 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\2c6d60b55bbab22515c512080d4b3bae\stdole.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\2c6d60b55bbab22515c512080d4b3bae\stdole.ni.dll
- 2011-09-09 19:17 . 2011-09-09 19:17 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\f09ce1eab0d18a4bbd53ab2a67a5c909\ehiUserXp.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 60416 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\f09ce1eab0d18a4bbd53ab2a67a5c909\ehiUserXp.ni.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 94208 c:\windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll
+ 2009-07-13 22:35 . 2009-07-14 01:20 94208 c:\windows\assembly\GAC_MSIL\ehCIR\6.1.0.0__31bf3856ad364e35\ehCIR.dll
+ 2009-07-14 00:25 . 2009-07-14 01:51 56320 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 56320 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 66956 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCall.dll
+ 2009-07-14 00:08 . 2009-07-14 01:16 8192 c:\windows\SysWOW64\spwmp.dll
- 2011-02-23 16:14 . 2010-11-20 12:20 8192 c:\windows\SysWOW64\spwmp.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 4096 c:\windows\SysWOW64\dxmasf.dll
- 2011-02-23 16:14 . 2010-11-20 12:21 4096 c:\windows\SysWOW64\dxmasf.dll
+ 2010-12-22 18:40 . 2012-01-22 03:29 6030 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 00:23 . 2009-07-14 01:41 9728 c:\windows\system32\spwmp.dll
- 2011-02-23 16:14 . 2010-11-20 13:27 9728 c:\windows\system32\spwmp.dll
- 2011-02-23 16:14 . 2010-11-20 13:27 5120 c:\windows\system32\dxmasf.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 5120 c:\windows\system32\dxmasf.dll
- 2012-01-13 15:15 . 2012-01-13 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 03:30 . 2012-01-22 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 03:30 . 2012-01-22 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-13 15:15 . 2012-01-13 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-18 02:41 . 2012-01-18 02:41 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll
- 2010-12-20 22:36 . 2010-12-20 22:36 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.dll
- 2010-12-20 22:36 . 2010-12-20 22:36 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.MediaCenter.UI.dll
- 2010-12-20 22:36 . 2010-12-20 22:36 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 5632 c:\windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\6.1.0.0__31bf3856ad364e35\Policy.6.0.ehRecObj.dll
+ 2009-07-14 00:08 . 2009-07-14 01:16 182272 c:\windows\SysWOW64\wmpsrcwp.dll
- 2011-02-23 16:15 . 2010-11-20 12:21 182272 c:\windows\SysWOW64\wmpsrcwp.dll
- 2011-02-23 16:14 . 2010-11-20 12:21 105472 c:\windows\SysWOW64\wmpshell.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 105472 c:\windows\SysWOW64\wmpshell.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 143872 c:\windows\SysWOW64\wmpps.dll
- 2011-02-23 16:15 . 2010-11-20 12:21 738816 c:\windows\SysWOW64\wmpmde.dll
+ 2010-12-21 14:04 . 2010-08-21 05:36 738816 c:\windows\SysWOW64\wmpmde.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 344576 c:\windows\SysWOW64\wmpeffects.dll
- 2011-02-23 16:15 . 2010-11-20 12:21 299520 c:\windows\SysWOW64\wmpdxm.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 299520 c:\windows\SysWOW64\wmpdxm.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 553472 c:\windows\SysWOW64\migration\MediaPlayer-DLMigPlugin.dll
- 2011-02-23 16:16 . 2010-11-20 12:21 553472 c:\windows\SysWOW64\migration\MediaPlayer-DLMigPlugin.dll
+ 2009-07-14 00:09 . 2009-07-14 01:15 266752 c:\windows\SysWOW64\MediaMetadataHandler.dll
- 2011-02-23 16:16 . 2010-11-20 12:19 266752 c:\windows\SysWOW64\MediaMetadataHandler.dll
+ 2009-07-14 00:08 . 2009-07-14 01:15 219648 c:\windows\SysWOW64\iTVData.dll
- 2011-02-23 16:15 . 2010-11-20 12:19 219648 c:\windows\SysWOW64\iTVData.dll
- 2011-02-23 16:17 . 2010-11-20 13:27 223232 c:\windows\system32\wmpsrcwp.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 223232 c:\windows\system32\wmpsrcwp.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 132096 c:\windows\system32\wmpshell.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 477696 c:\windows\system32\wmpps.dll
+ 2009-07-14 00:24 . 2009-07-14 01:41 593408 c:\windows\system32\wmpeffects.dll
+ 2009-07-14 00:24 . 2009-07-14 01:41 358400 c:\windows\system32\wmpdxm.dll
- 2011-02-23 16:15 . 2010-11-20 13:27 358400 c:\windows\system32\wmpdxm.dll
+ 2010-12-24 17:29 . 2012-01-16 19:33 380896 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-01-12 13:59 . 2012-01-22 02:37 503296 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-01-12 19:19 662658 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-20 18:47 662658 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-12 19:19 122454 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-20 18:47 122454 c:\windows\system32\perfc009.dat
- 2011-02-23 16:20 . 2010-11-20 13:27 571904 c:\windows\system32\mspbda.dll
+ 2009-07-14 00:21 . 2009-07-14 01:41 571904 c:\windows\system32\mspbda.dll
- 2011-02-23 16:20 . 2010-11-20 13:27 552960 c:\windows\system32\msdri.dll
+ 2010-12-21 14:05 . 2010-08-04 07:07 552960 c:\windows\system32\msdri.dll
- 2011-02-23 16:16 . 2010-11-20 13:26 345600 c:\windows\system32\MediaMetadataHandler.dll
+ 2009-07-14 00:23 . 2009-07-14 01:41 345600 c:\windows\system32\MediaMetadataHandler.dll
- 2011-02-23 16:15 . 2010-11-20 13:26 282624 c:\windows\system32\iTVData.dll
+ 2009-07-14 00:22 . 2009-07-14 01:41 282624 c:\windows\system32\iTVData.dll
+ 2009-07-14 04:46 . 2012-01-22 02:48 109240 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-01-13 15:14 393032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-22 03:29 393032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-06 01:52 . 2011-12-28 22:12 577384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-54349521-2605671155-1412708382-1000-12288.dat
+ 2011-11-06 01:52 . 2012-01-17 19:52 577384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-54349521-2605671155-1412708382-1000-12288.dat
+ 2009-07-14 00:25 . 2009-07-14 01:41 190976 c:\windows\ehome\wtv2dvrms.dll
- 2011-02-23 16:15 . 2010-11-20 13:27 190976 c:\windows\ehome\wtv2dvrms.dll
+ 2009-07-14 00:09 . 2009-07-14 01:20 134656 c:\windows\ehome\wow\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 12:32 134656 c:\windows\ehome\wow\mcstoredb.dll
+ 2009-07-14 00:10 . 2009-07-14 01:15 801280 c:\windows\ehome\wow\ehui.dll
- 2011-02-23 16:17 . 2010-11-20 12:18 801280 c:\windows\ehome\wow\ehui.dll
- 2011-02-23 16:15 . 2010-11-20 12:32 238080 c:\windows\ehome\wow\BDATunePIA.dll
+ 2009-07-14 00:06 . 2009-07-14 01:25 238080 c:\windows\ehome\wow\BDATunePIA.dll
- 2011-02-23 16:19 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-18 17:14 . 2011-10-29 05:24 465920 c:\windows\ehome\mstvcapn.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 327168 c:\windows\ehome\Microsoft.MediaCenter.TV.Tuners.Interop.dll
+ 2009-07-14 00:24 . 2009-07-14 01:52 327168 c:\windows\ehome\Microsoft.MediaCenter.TV.Tuners.Interop.dll
+ 2009-07-13 22:36 . 2009-07-14 01:24 241664 c:\windows\ehome\Microsoft.MediaCenter.Sports.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 241664 c:\windows\ehome\Microsoft.MediaCenter.Sports.dll
- 2011-02-23 16:16 . 2010-11-20 13:44 114688 c:\windows\ehome\Microsoft.MediaCenter.Playback.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 114688 c:\windows\ehome\Microsoft.MediaCenter.Playback.dll
+ 2009-07-14 00:24 . 2009-07-14 01:51 147968 c:\windows\ehome\Microsoft.MediaCenter.iTV.Media.dll
- 2011-02-23 16:16 . 2010-11-20 13:44 147968 c:\windows\ehome\Microsoft.MediaCenter.iTV.Media.dll
+ 2012-01-18 17:14 . 2011-08-17 05:35 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
- 2011-02-23 16:17 . 2010-11-20 13:44 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 385024 c:\windows\ehome\Microsoft.MediaCenter.dll
+ 2009-07-13 22:36 . 2009-07-14 01:22 385024 c:\windows\ehome\Microsoft.MediaCenter.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 133120 c:\windows\ehome\Mcx2Dvcs.dll
+ 2009-07-14 00:24 . 2009-07-14 01:50 133120 c:\windows\ehome\Mcx2Dvcs.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 198656 c:\windows\ehome\mcupdate.exe
- 2011-02-23 16:18 . 2010-11-20 13:44 198656 c:\windows\ehome\mcupdate.exe
+ 2009-07-14 00:24 . 2009-07-14 01:48 139264 c:\windows\ehome\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 139264 c:\windows\ehome\mcstoredb.dll
- 2011-02-23 16:23 . 2010-11-20 12:32 638976 c:\windows\ehome\mcstore.dll
+ 2010-12-21 14:05 . 2010-08-04 06:28 638976 c:\windows\ehome\mcstore.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 207872 c:\windows\ehome\mcplayerinterop.dll
+ 2009-07-14 00:25 . 2009-07-14 01:49 207872 c:\windows\ehome\mcplayerinterop.dll
+ 2010-12-21 14:05 . 2010-08-04 07:07 957952 c:\windows\ehome\mcplayer.dll
- 2011-02-23 16:23 . 2010-11-20 13:44 741376 c:\windows\ehome\mcepg.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 741376 c:\windows\ehome\mcepg.dll
- 2011-02-23 16:15 . 2010-11-20 13:24 288256 c:\windows\ehome\ehvid.exe
+ 2009-07-14 00:24 . 2009-07-14 01:39 288256 c:\windows\ehome\ehvid.exe
+ 2009-07-14 00:25 . 2009-07-14 01:39 163328 c:\windows\ehome\ehtray.exe
- 2011-02-23 16:15 . 2010-11-20 13:24 163328 c:\windows\ehome\ehtray.exe
+ 2009-07-14 00:25 . 2009-07-14 01:40 394752 c:\windows\ehome\ehskb.dll
- 2011-02-23 16:18 . 2010-11-20 13:26 394752 c:\windows\ehome\ehskb.dll
+ 2010-12-21 14:05 . 2010-08-04 07:05 696320 c:\windows\ehome\ehrecvr.exe
+ 2009-07-13 22:35 . 2009-07-14 01:21 196608 c:\windows\ehome\ehRecObj.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 196608 c:\windows\ehome\ehRecObj.dll
+ 2010-12-21 14:05 . 2010-08-04 07:05 295936 c:\windows\ehome\ehprivjob.exe
- 2011-02-23 16:20 . 2010-11-20 13:24 295936 c:\windows\ehome\ehprivjob.exe
+ 2010-12-21 14:05 . 2010-08-04 07:07 150528 c:\windows\ehome\ehPresenter.dll
- 2011-02-23 16:16 . 2010-11-20 13:26 150528 c:\windows\ehome\ehPresenter.dll
+ 2009-07-13 22:35 . 2009-07-14 01:20 172032 c:\windows\ehome\ehiProxy.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 172032 c:\windows\ehome\ehiProxy.dll
- 2011-02-23 16:21 . 2010-11-20 13:26 758784 c:\windows\ehome\ehglid.dll
+ 2010-12-21 14:05 . 2010-08-04 07:07 758784 c:\windows\ehome\ehglid.dll
+ 2009-07-13 22:36 . 2009-07-14 01:20 143360 c:\windows\ehome\ehexthost.exe
- 2011-02-23 16:14 . 2010-11-20 12:32 143360 c:\windows\ehome\ehexthost.exe
+ 2009-07-14 01:05 . 2009-07-14 01:41 303104 c:\windows\ehome\cbva.dll
- 2011-02-23 16:20 . 2010-11-20 13:27 303104 c:\windows\ehome\cbva.dll
+ 2009-07-14 00:25 . 2009-07-14 01:40 408576 c:\windows\ehome\BmlDataCarousel.dll
- 2011-02-23 16:15 . 2010-11-20 13:25 408576 c:\windows\ehome\BmlDataCarousel.dll
+ 2009-07-14 00:21 . 2009-07-14 01:54 249344 c:\windows\ehome\BDATunePIA.dll
- 2011-02-23 16:15 . 2010-11-20 13:39 249344 c:\windows\ehome\BDATunePIA.dll
+ 2012-01-18 17:18 . 2012-01-18 17:18 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e3ec0e7fa6077a2c579f1868ec4266c8\Microsoft.MediaCenter.Interop.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 164864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\d34d213cd741c196924a4e1016eb14e0\Microsoft.MediaCenter.Mheg.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\cc526df908a291ab3dff01c93251957d\Microsoft.MediaCenter.Playback.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\bddd0f216bd4864844e52cabb7e47b5e\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\682f7c551f2b4abd0081796fa8157330\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\67fdc6c1e20539e82daf6563e86de0ce\Microsoft.MediaCenter.Sports.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\48ce28d64a87a6c322052a707b685c92\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 380928 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\953bc32a3e10f4c5dc40e9c36ec83e08\Mcx2Dvcs.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\40f8f3c73cca05a80284eae6fcc9adee\mcupdate.ni.exe
+ 2012-01-18 02:42 . 2012-01-18 02:42 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\77ef3f3b0d4188c5ee3e870fa89cc512\mcstoredb.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\d0f72bdc1770390089e74f1068fe608b\mcplayerinterop.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7a94aabf7ee9f70a03d425506849a8f3\mcGlidHostObj.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\145d7744bf190558846665b2642fe93d\MCESidebarCtrl.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\87c98c8ffbf33b4104cb0bce5ccfc6f1\ehRecObj.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\b253aa4b8000e29b2fb725e4f7b8bc7c\ehiWUapi.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 661504 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\b253aa4b8000e29b2fb725e4f7b8bc7c\ehiWUapi.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\9f570489c98c93a79f0fd793586afdc6\ehiwmp.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 933888 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\9f570489c98c93a79f0fd793586afdc6\ehiwmp.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\a6dc826bf08c95bd5fe459a02bbfd33c\ehiUserXp.ni.dll
- 2011-09-09 20:31 . 2011-09-09 20:31 145408 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\a6dc826bf08c95bd5fe459a02bbfd33c\ehiUserXp.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\4a7ec1155d9e9e4b40889b171d16a577\ehiiTv.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 196096 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiiTv\4a7ec1155d9e9e4b40889b171d16a577\ehiiTv.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d122f8c71cdd586e76d9617f80a0297f\ehiExtens.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\d122f8c71cdd586e76d9617f80a0297f\ehiExtens.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\99c61751c71078d92ff372495bc38fc3\ehiBmlDataCarousel.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 110080 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiBmlDataCarousel\99c61751c71078d92ff372495bc38fc3\ehiBmlDataCarousel.ni.dll
- 2011-09-09 20:32 . 2011-09-09 20:32 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\ee22f412f6314443add3ca412afd6569\ehiActivScp.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 126976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\ee22f412f6314443add3ca412afd6569\ehiActivScp.ni.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\896b42dd1c04566283c8b7e07e78d835\ehExtHost.ni.exe
+ 2012-01-18 02:41 . 2012-01-18 02:41 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\b2a31215ed456a83abc701310fb9e765\ehCIR.ni.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 971264 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\fcb567c6ed96ccdfde2510073766e481\BDATunePIA.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\d351203b3a71b09573d47a333ebcee2f\mcstoredb.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\b85ef9b031c73320bcd064b97acadafe\ehRecObj.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 875520 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\7baee73beff594e640b045d786f00b83\ehiVidCtl.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 442880 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\5113b9da18342f24078b0cb3df7d2f04\ehiProxy.ni.dll
- 2011-09-09 19:17 . 2011-09-09 19:17 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\7b6de29c99674df526ccf9d4937828fe\ehiExtens.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\7b6de29c99674df526ccf9d4937828fe\ehiExtens.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\fcf8638d649a6e02e0a49e6a75dff8e5\ehExtHost32.ni.exe
+ 2012-01-18 02:44 . 2012-01-18 02:44 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\BDATunePIA\2043b47667d221ceea1bdcd8a7d609b0\BDATunePIA.ni.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 385024 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
+ 2009-07-13 22:36 . 2009-07-14 01:22 385024 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 241664 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
+ 2009-07-13 22:36 . 2009-07-14 01:24 241664 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Sports\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Sports.dll
+ 2010-12-21 14:05 . 2010-08-04 06:28 638976 c:\windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
- 2011-02-23 16:23 . 2010-11-20 12:32 638976 c:\windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
+ 2009-07-14 00:25 . 2009-07-14 01:49 207872 c:\windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 207872 c:\windows\assembly\GAC_MSIL\mcplayerinterop\6.1.0.0__31bf3856ad364e35\mcplayerinterop.dll
- 2011-02-23 16:23 . 2010-11-20 13:44 741376 c:\windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 741376 c:\windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 196608 c:\windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-07-13 22:35 . 2009-07-14 01:21 196608 c:\windows\assembly\GAC_MSIL\ehRecObj\6.1.0.0__31bf3856ad364e35\ehRecObj.dll
+ 2009-07-13 22:35 . 2009-07-14 01:20 172032 c:\windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 172032 c:\windows\assembly\GAC_MSIL\ehiProxy\6.1.0.0__31bf3856ad364e35\ehiProxy.dll
- 2011-02-23 16:14 . 2010-11-20 12:32 143360 c:\windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe
+ 2009-07-13 22:36 . 2009-07-14 01:20 143360 c:\windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe
- 2011-02-23 16:15 . 2010-11-20 13:44 327168 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
+ 2009-07-14 00:24 . 2009-07-14 01:52 327168 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 114688 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
- 2011-02-23 16:16 . 2010-11-20 13:44 114688 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
- 2011-02-23 16:16 . 2010-11-20 13:44 147968 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
+ 2009-07-14 00:24 . 2009-07-14 01:51 147968 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
- 2011-02-23 16:17 . 2010-11-20 13:44 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2012-01-18 17:14 . 2011-08-17 05:35 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2009-07-14 00:24 . 2009-07-14 01:50 133120 c:\windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 133120 c:\windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
+ 2010-12-21 14:05 . 2010-08-04 07:14 198656 c:\windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
- 2011-02-23 16:18 . 2010-11-20 13:44 198656 c:\windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
+ 2009-07-14 00:24 . 2009-07-14 01:48 139264 c:\windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 13:44 139264 c:\windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 13:39 249344 c:\windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
+ 2009-07-14 00:21 . 2009-07-14 01:54 249344 c:\windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
- 2011-02-23 16:15 . 2010-11-20 12:32 134656 c:\windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
+ 2009-07-14 00:09 . 2009-07-14 01:20 134656 c:\windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
- 2011-02-23 16:15 . 2010-11-20 12:32 238080 c:\windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
+ 2009-07-14 00:06 . 2009-07-14 01:25 238080 c:\windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
+ 2012-01-13 19:29 . 2012-01-13 19:29 188145 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla36.exe
+ 2012-01-13 20:31 . 2012-01-13 20:31 188145 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla36.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 175992 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla34.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 176035 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla33.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 176545 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla32.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 184625 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla31.exe
+ 2012-01-13 20:31 . 2012-01-13 20:31 188108 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla21.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 176035 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla2.dll
+ 2012-01-13 20:31 . 2012-01-13 20:31 179340 c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP\WiseCustomCalla.dll
+ 2009-07-14 00:09 . 2009-07-14 01:16 1624064 c:\windows\SysWOW64\WMPEncEn.dll
- 2011-02-23 16:18 . 2010-11-20 12:21 1624064 c:\windows\SysWOW64\WMPEncEn.dll
+ 2010-12-21 14:04 . 2010-08-21 06:38 1024512 c:\windows\system32\wmpmde.dll
- 2011-02-23 16:20 . 2010-11-20 13:27 1024512 c:\windows\system32\wmpmde.dll
- 2011-02-23 16:20 . 2010-11-20 13:27 2072576 c:\windows\system32\WMPEncEn.dll
+ 2009-07-14 00:25 . 2009-07-14 01:41 2072576 c:\windows\system32\WMPEncEn.dll
+ 2009-07-14 00:19 . 2009-07-14 01:41 1009152 c:\windows\system32\mcmde.dll
- 2011-02-23 16:20 . 2010-11-20 13:26 1009152 c:\windows\system32\mcmde.dll
+ 2009-07-14 04:45 . 2012-01-18 23:55 7441002 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-11 19:59 7441002 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-20 21:21 . 2012-01-22 03:29 3617764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-54349521-2605671155-1412708382-1000-8192.dat
+ 2012-01-14 06:40 . 2012-01-14 06:40 1402880 c:\windows\Installer\3a4b07.msi
- 2011-02-23 16:17 . 2010-11-20 12:18 1551872 c:\windows\ehome\wow\ehuihlp.dll
+ 2010-12-21 14:05 . 2010-08-04 06:16 1551872 c:\windows\ehome\wow\ehuihlp.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 2596864 c:\windows\ehome\Microsoft.MediaCenter.UI.dll
+ 2009-07-13 22:35 . 2009-07-14 01:26 2596864 c:\windows\ehome\Microsoft.MediaCenter.UI.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 1572864 c:\windows\ehome\Microsoft.MediaCenter.Shell.dll
+ 2009-07-13 22:35 . 2009-07-14 01:23 1572864 c:\windows\ehome\Microsoft.MediaCenter.Shell.dll
+ 2009-07-13 23:13 . 2009-07-14 01:41 2608640 c:\windows\ehome\Mcx2Filter.dll
+ 2010-12-21 14:05 . 2010-08-04 07:07 1668608 c:\windows\ehome\ehuihlp.dll
- 2011-02-23 16:20 . 2010-11-20 13:26 1668608 c:\windows\ehome\ehuihlp.dll
+ 2009-07-14 00:26 . 2009-07-14 01:40 1195520 c:\windows\ehome\ehui.dll
- 2011-02-23 16:20 . 2010-11-20 13:26 1195520 c:\windows\ehome\ehui.dll
+ 2010-12-21 14:05 . 2010-08-04 06:28 6307840 c:\windows\ehome\ehshell.dll
- 2011-02-23 16:24 . 2010-11-20 12:32 6307840 c:\windows\ehome\ehshell.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\efbef306149f339aabbcd2ed1429d4ef\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 1170432 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\e9476b5b9c8555c1ab120052fd09ed59\Microsoft.MediaCenter.TV.Tuners.Interop.ni.dll
+ 2012-01-18 18:16 . 2012-01-18 18:16 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\b708183caeb09313374843a4a2731759\Microsoft.MediaCenter.Shell.ni.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\63993a79edf5b8ffa305da6d6fcbe661\Microsoft.MediaCenter.ni.dll
+ 2012-01-18 02:43 . 2012-01-18 02:43 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\18a9a050712d017d9ab8898e10665fea\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\950046bcbc91acef1f9928f32d141dfc\mcstore.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 4087296 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\c523df63afef302e57c85511d55cfec6\mcepg.ni.dll
+ 2012-01-18 02:42 . 2012-01-18 02:42 2184192 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\2e39e92371162924ab9566122dc96f4b\ehiVidCtl.ni.dll
+ 2012-01-18 02:41 . 2012-01-18 02:41 1201664 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\739c1147077fe9cc68bbe45c3697ae92\ehiProxy.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c5f9fec86f7b49a481f04da2d83609f7\Microsoft.MediaCenter.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5b77705fce84d75546547d3eb314b219\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\1c8d51a12d04654c4eb1e7d1a21be5c8\mcstore.ni.dll
+ 2012-01-18 02:44 . 2012-01-18 02:44 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\0d481a2d4c2147db65bedba58db9c670\mcepg.ni.dll
+ 2009-07-13 22:35 . 2009-07-14 01:26 2596864 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 2596864 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll
- 2011-02-23 16:14 . 2010-11-20 12:35 1572864 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
+ 2009-07-13 22:35 . 2009-07-14 01:23 1572864 c:\windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll
+ 2010-12-21 14:05 . 2010-08-04 06:28 6307840 c:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
- 2011-02-23 16:24 . 2010-11-20 12:32 6307840 c:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
- 2011-02-23 16:14 . 2010-11-20 12:08 12625408 c:\windows\SysWOW64\wmploc.DLL
+ 2010-12-21 14:03 . 2010-09-01 04:23 12625408 c:\windows\SysWOW64\wmploc.DLL
+ 2010-12-21 14:03 . 2010-09-01 04:29 11406848 c:\windows\SysWOW64\wmp.dll
- 2011-02-23 16:13 . 2010-11-20 13:16 12625920 c:\windows\system32\wmploc.DLL
+ 2010-12-21 14:03 . 2010-09-01 05:12 12625920 c:\windows\system32\wmploc.DLL
+ 2010-12-21 14:03 . 2010-09-01 05:21 14627840 c:\windows\system32\wmp.dll
- 2009-07-14 02:34 . 2011-12-14 14:47 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-18 02:51 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-01-17 15:13 . 2012-01-17 15:13 17904640 c:\windows\Installer\739e3a.msi
+ 2009-07-14 00:47 . 2009-07-14 01:39 15697920 c:\windows\ehome\CreateDisc\SBEServer.exe
- 2011-02-23 16:25 . 2010-11-20 13:25 15697920 c:\windows\ehome\CreateDisc\SBEServer.exe
+ 2012-01-18 18:17 . 2012-01-18 18:17 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\c9bbf495377ca09b19b618daecf46585\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2007-09-20 86016]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\DRIVERS\b44amd64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:21]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 20:04]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 20:04]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54349521-2605671155-1412708382-1000Core.job
- c:\users\Zwick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 18:51]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54349521-2605671155-1412708382-1000UA.job
- c:\users\Zwick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 18:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 220672]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 302184]
"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-54349521-2605671155-1412708382-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,27,9d,5c,31,46,0c,0a,5c,b5,09,d7,d3,79,95,cf,56,2d,2a,d4,92,
ef,48,ff,c6,7e,3b,32,19,90,c3,10,55,90,bd,d7,27,67,4f,da,84,34,5d,c4,16,ad,\
"rkeysecu"=hex:42,de,e5,f0,5c,9d,b7,85,b8,78,a3,94,5a,6a,7e,28
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EndNote14.AddinServer]
@Denied: (A) (Everyone)
@="EndNote14.AddinServer"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EndNote14.AddinServer\CLSID]
@="{575B6FEB-477B-4595-A478-9B141A98D869}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-01-21 22:47:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 03:46
ComboFix2.txt 2012-01-14 05:33
ComboFix3.txt 2012-01-13 15:25
.
Pre-Run: 42,590,973,952 bytes free
Post-Run: 43,179,028,480 bytes free
.
- - End Of File - - 37EEB6E0BA5035E80F452B3F7F0466AD

Edited by McZwick, 21 January 2012 - 11:02 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 21 January 2012 - 11:10 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 McZwick

McZwick
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 23 January 2012 - 11:48 AM

Gringo,

This scan didn't find anything...my log is below.

Thanks!

adam

--------

11:44:47.0271 4908 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
11:44:47.0561 4908 ============================================================
11:44:47.0561 4908 Current date / time: 2012/01/23 11:44:47.0561
11:44:47.0561 4908 SystemInfo:
11:44:47.0561 4908
11:44:47.0561 4908 OS Version: 6.1.7601 ServicePack: 1.0
11:44:47.0561 4908 Product type: Workstation
11:44:47.0561 4908 ComputerName: LAPPY
11:44:47.0561 4908 UserName: Zwick
11:44:47.0561 4908 Windows directory: C:\Windows
11:44:47.0561 4908 System windows directory: C:\Windows
11:44:47.0561 4908 Running under WOW64
11:44:47.0561 4908 Processor architecture: Intel x64
11:44:47.0561 4908 Number of processors: 2
11:44:47.0561 4908 Page size: 0x1000
11:44:47.0561 4908 Boot type: Normal boot
11:44:47.0561 4908 ============================================================
11:44:48.0441 4908 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:48.0661 4908 Initialize success
11:45:08.0206 3192 ============================================================
11:45:08.0207 3192 Scan started
11:45:08.0207 3192 Mode: Manual;
11:45:08.0207 3192 ============================================================
11:45:09.0166 3192 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:45:09.0172 3192 1394ohci - ok
11:45:09.0267 3192 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:45:09.0276 3192 ACPI - ok
11:45:09.0325 3192 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:45:09.0327 3192 AcpiPmi - ok
11:45:09.0459 3192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:45:09.0493 3192 adp94xx - ok
11:45:09.0604 3192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:45:09.0614 3192 adpahci - ok
11:45:09.0745 3192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:45:09.0751 3192 adpu320 - ok
11:45:09.0923 3192 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
11:45:09.0948 3192 AFD - ok
11:45:10.0079 3192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:45:10.0082 3192 agp440 - ok
11:45:10.0194 3192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:45:10.0196 3192 aliide - ok
11:45:10.0223 3192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:45:10.0226 3192 amdide - ok
11:45:10.0324 3192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:45:10.0327 3192 AmdK8 - ok
11:45:10.0353 3192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:45:10.0356 3192 AmdPPM - ok
11:45:10.0426 3192 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
11:45:10.0428 3192 amdsata - ok
11:45:10.0521 3192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:45:10.0525 3192 amdsbs - ok
11:45:10.0625 3192 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
11:45:10.0627 3192 amdxata - ok
11:45:10.0765 3192 ApfiltrService (0af4cea0521056daf94e270a43e0bde7) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:45:10.0770 3192 ApfiltrService - ok
11:45:10.0880 3192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:45:10.0883 3192 AppID - ok
11:45:11.0008 3192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:45:11.0018 3192 arc - ok
11:45:11.0088 3192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:45:11.0088 3192 arcsas - ok
11:45:11.0223 3192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:45:11.0224 3192 AsyncMac - ok
11:45:11.0328 3192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:45:11.0329 3192 atapi - ok
11:45:11.0417 3192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:45:11.0426 3192 b06bdrv - ok
11:45:11.0566 3192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:45:11.0574 3192 b57nd60a - ok
11:45:11.0829 3192 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:45:11.0847 3192 BCM43XX - ok
11:45:11.0931 3192 bcm44amd64 (2bc7c1697b633692a061a4a36ed9dfdd) C:\Windows\system32\DRIVERS\b44amd64.sys
11:45:11.0934 3192 bcm44amd64 - ok
11:45:12.0035 3192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:45:12.0036 3192 Beep - ok
11:45:12.0149 3192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:45:12.0152 3192 blbdrive - ok
11:45:12.0542 3192 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:45:12.0545 3192 bowser - ok
11:45:12.0812 3192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:45:12.0814 3192 BrFiltLo - ok
11:45:12.0935 3192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:45:12.0953 3192 BrFiltUp - ok
11:45:13.0789 3192 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:45:13.0821 3192 BridgeMP - ok
11:45:14.0173 3192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:45:14.0193 3192 Brserid - ok
11:45:14.0373 3192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:45:14.0403 3192 BrSerWdm - ok
11:45:14.0583 3192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:45:14.0583 3192 BrUsbMdm - ok
11:45:14.0863 3192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:45:14.0863 3192 BrUsbSer - ok
11:45:15.0086 3192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:45:15.0117 3192 BTHMODEM - ok
11:45:15.0644 3192 catchme - ok
11:45:16.0026 3192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:45:16.0051 3192 cdfs - ok
11:45:16.0212 3192 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:45:16.0245 3192 cdrom - ok
11:45:16.0650 3192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:45:16.0653 3192 circlass - ok
11:45:16.0768 3192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:45:16.0778 3192 CLFS - ok
11:45:16.0965 3192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:45:16.0965 3192 CmBatt - ok
11:45:17.0047 3192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:45:17.0050 3192 cmdide - ok
11:45:17.0190 3192 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:45:17.0201 3192 CNG - ok
11:45:17.0333 3192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:45:17.0335 3192 Compbatt - ok
11:45:17.0366 3192 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:45:17.0368 3192 CompositeBus - ok
11:45:17.0419 3192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:45:17.0421 3192 crcdisk - ok
11:45:17.0531 3192 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:45:17.0542 3192 CSC - ok
11:45:17.0713 3192 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
11:45:17.0715 3192 dc3d - ok
11:45:17.0860 3192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:45:17.0863 3192 DfsC - ok
11:45:17.0960 3192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:45:17.0962 3192 discache - ok
11:45:18.0068 3192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:45:18.0072 3192 Disk - ok
11:45:18.0226 3192 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:45:18.0231 3192 Dot4 - ok
11:45:18.0341 3192 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:45:18.0344 3192 Dot4Print - ok
11:45:18.0447 3192 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:45:18.0450 3192 dot4usb - ok
11:45:18.0544 3192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:45:18.0546 3192 drmkaud - ok
11:45:18.0687 3192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:45:18.0700 3192 DXGKrnl - ok
11:45:18.0917 3192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:45:19.0059 3192 ebdrv - ok
11:45:19.0280 3192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:45:19.0294 3192 elxstor - ok
11:45:19.0387 3192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:45:19.0388 3192 ErrDev - ok
11:45:19.0521 3192 esgiguard - ok
11:45:19.0712 3192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:45:19.0718 3192 exfat - ok
11:45:19.0780 3192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:45:19.0786 3192 fastfat - ok
11:45:19.0876 3192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:45:19.0878 3192 fdc - ok
11:45:19.0959 3192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:45:19.0962 3192 FileInfo - ok
11:45:20.0057 3192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:45:20.0060 3192 Filetrace - ok
11:45:20.0177 3192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:45:20.0179 3192 flpydisk - ok
11:45:20.0285 3192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:45:20.0294 3192 FltMgr - ok
11:45:20.0412 3192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:45:20.0415 3192 FsDepends - ok
11:45:20.0512 3192 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:45:20.0514 3192 Fs_Rec - ok
11:45:20.0651 3192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:45:20.0658 3192 fvevol - ok
11:45:20.0844 3192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:45:20.0848 3192 gagp30kx - ok
11:45:21.0042 3192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:45:21.0045 3192 hcw85cir - ok
11:45:21.0170 3192 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:45:21.0181 3192 HdAudAddService - ok
11:45:21.0319 3192 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:45:21.0323 3192 HDAudBus - ok
11:45:21.0413 3192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:45:21.0415 3192 HidBatt - ok
11:45:21.0511 3192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:45:21.0515 3192 HidBth - ok
11:45:21.0601 3192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:45:21.0604 3192 HidIr - ok
11:45:21.0656 3192 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:45:21.0659 3192 HidUsb - ok
11:45:21.0779 3192 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:45:21.0781 3192 HpSAMD - ok
11:45:21.0919 3192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:45:21.0966 3192 HTTP - ok
11:45:22.0100 3192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:45:22.0102 3192 hwpolicy - ok
11:45:22.0186 3192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:45:22.0190 3192 i8042prt - ok
11:45:22.0308 3192 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
11:45:22.0319 3192 iaStorV - ok
11:45:22.0474 3192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:45:22.0477 3192 iirsp - ok
11:45:22.0595 3192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:45:22.0597 3192 intelide - ok
11:45:22.0712 3192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:45:22.0714 3192 intelppm - ok
11:45:22.0806 3192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:45:22.0808 3192 IpFilterDriver - ok
11:45:22.0980 3192 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:45:22.0984 3192 IPMIDRV - ok
11:45:22.0995 3192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:45:23.0015 3192 IPNAT - ok
11:45:23.0105 3192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:45:23.0105 3192 IRENUM - ok
11:45:23.0255 3192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:45:23.0265 3192 isapnp - ok
11:45:23.0375 3192 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:45:23.0385 3192 iScsiPrt - ok
11:45:23.0505 3192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:45:23.0505 3192 kbdclass - ok
11:45:23.0555 3192 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:45:23.0565 3192 kbdhid - ok
11:45:23.0675 3192 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:45:23.0685 3192 KSecDD - ok
11:45:23.0755 3192 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:45:23.0765 3192 KSecPkg - ok
11:45:23.0935 3192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:45:23.0935 3192 ksthunk - ok
11:45:24.0123 3192 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
11:45:24.0123 3192 Lavasoft Kernexplorer - ok
11:45:24.0322 3192 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
11:45:24.0324 3192 Lbd - ok
11:45:24.0599 3192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:45:24.0602 3192 lltdio - ok
11:45:24.0736 3192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:45:24.0741 3192 LSI_FC - ok
11:45:24.0824 3192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:45:24.0828 3192 LSI_SAS - ok
11:45:24.0867 3192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:45:24.0870 3192 LSI_SAS2 - ok
11:45:24.0907 3192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:45:24.0912 3192 LSI_SCSI - ok
11:45:24.0966 3192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:45:24.0970 3192 luafv - ok
11:45:25.0079 3192 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:45:25.0081 3192 LVPr2M64 - ok
11:45:25.0121 3192 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:45:25.0123 3192 LVPr2Mon - ok
11:45:25.0204 3192 LVRS64 (a43a6cbea073990a784603ef065a281b) C:\Windows\system32\DRIVERS\lvrs64.sys
11:45:25.0214 3192 LVRS64 - ok
11:45:25.0584 3192 LVUVC64 (4350876ab0d0c77d0b40a1c85935c96b) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:45:25.0844 3192 LVUVC64 - ok
11:45:26.0034 3192 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:45:26.0044 3192 MBAMProtector - ok
11:45:26.0224 3192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:45:26.0224 3192 megasas - ok
11:45:26.0347 3192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:45:26.0355 3192 MegaSR - ok
11:45:26.0528 3192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:45:26.0530 3192 Modem - ok
11:45:26.0634 3192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:45:26.0636 3192 monitor - ok
11:45:26.0731 3192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:45:26.0733 3192 mouclass - ok
11:45:26.0780 3192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:45:26.0783 3192 mouhid - ok
11:45:26.0877 3192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:45:26.0881 3192 mountmgr - ok
11:45:27.0103 3192 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:45:27.0107 3192 MpFilter - ok
11:45:27.0189 3192 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:45:27.0195 3192 mpio - ok
11:45:27.0349 3192 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:45:27.0349 3192 MpNWMon - ok
11:45:27.0445 3192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:45:27.0449 3192 mpsdrv - ok
11:45:27.0580 3192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:45:27.0586 3192 MRxDAV - ok
11:45:27.0688 3192 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:45:27.0693 3192 mrxsmb - ok
11:45:27.0793 3192 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:45:27.0802 3192 mrxsmb10 - ok
11:45:27.0893 3192 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:45:27.0897 3192 mrxsmb20 - ok
11:45:28.0001 3192 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:45:28.0004 3192 msahci - ok
11:45:28.0096 3192 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:45:28.0101 3192 msdsm - ok
11:45:28.0180 3192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:45:28.0182 3192 Msfs - ok
11:45:28.0286 3192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:45:28.0288 3192 mshidkmdf - ok
11:45:28.0353 3192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:45:28.0355 3192 msisadrv - ok
11:45:28.0450 3192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:45:28.0453 3192 MSKSSRV - ok
11:45:28.0543 3192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:45:28.0545 3192 MSPCLOCK - ok
11:45:28.0633 3192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:45:28.0635 3192 MSPQM - ok
11:45:28.0725 3192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:45:28.0735 3192 MsRPC - ok
11:45:28.0835 3192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:45:28.0836 3192 mssmbios - ok
11:45:28.0924 3192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:45:28.0926 3192 MSTEE - ok
11:45:28.0951 3192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:45:28.0953 3192 MTConfig - ok
11:45:29.0048 3192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:45:29.0051 3192 Mup - ok
11:45:29.0195 3192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:45:29.0204 3192 NativeWifiP - ok
11:45:29.0380 3192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:45:29.0469 3192 NDIS - ok
11:45:29.0597 3192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:45:29.0600 3192 NdisCap - ok
11:45:29.0716 3192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:45:29.0718 3192 NdisTapi - ok
11:45:29.0844 3192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:45:29.0847 3192 Ndisuio - ok
11:45:29.0934 3192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:45:29.0940 3192 NdisWan - ok
11:45:30.0027 3192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:45:30.0030 3192 NDProxy - ok
11:45:30.0133 3192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:45:30.0136 3192 NetBIOS - ok
11:45:30.0231 3192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:45:30.0239 3192 NetBT - ok
11:45:30.0431 3192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:45:30.0435 3192 nfrd960 - ok
11:45:30.0546 3192 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:45:30.0548 3192 NisDrv - ok
11:45:30.0598 3192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:45:30.0599 3192 Npfs - ok
11:45:30.0673 3192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:45:30.0675 3192 nsiproxy - ok
11:45:30.0861 3192 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
11:45:30.0940 3192 Ntfs - ok
11:45:31.0075 3192 NuidFltr (9924bdc1882f8c92335e26483bd1fb24) C:\Windows\system32\DRIVERS\NuidFltr.sys
11:45:31.0077 3192 NuidFltr - ok
11:45:31.0173 3192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:45:31.0175 3192 Null - ok
11:45:31.0798 3192 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:45:31.0873 3192 nvlddmkm - ok
11:45:32.0151 3192 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
11:45:32.0157 3192 nvraid - ok
11:45:32.0200 3192 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
11:45:32.0206 3192 nvstor - ok
11:45:32.0397 3192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:45:32.0402 3192 nv_agp - ok
11:45:32.0461 3192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:45:32.0465 3192 ohci1394 - ok
11:45:32.0592 3192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:45:32.0602 3192 Parport - ok
11:45:32.0692 3192 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:45:32.0695 3192 partmgr - ok
11:45:32.0731 3192 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:45:32.0736 3192 pci - ok
11:45:32.0766 3192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:45:32.0768 3192 pciide - ok
11:45:32.0801 3192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:45:32.0806 3192 pcmcia - ok
11:45:32.0834 3192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:45:32.0836 3192 pcw - ok
11:45:32.0886 3192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:45:32.0899 3192 PEAUTH - ok
11:45:33.0039 3192 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:45:33.0042 3192 Point64 - ok
11:45:33.0175 3192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:45:33.0178 3192 PptpMiniport - ok
11:45:33.0255 3192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:45:33.0258 3192 Processor - ok
11:45:33.0395 3192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:45:33.0398 3192 Psched - ok
11:45:33.0570 3192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:45:33.0649 3192 ql2300 - ok
11:45:33.0745 3192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:45:33.0749 3192 ql40xx - ok
11:45:33.0823 3192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:45:33.0827 3192 QWAVEdrv - ok
11:45:33.0921 3192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:45:33.0923 3192 RasAcd - ok
11:45:34.0053 3192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:45:34.0056 3192 RasAgileVpn - ok
11:45:34.0160 3192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:45:34.0164 3192 Rasl2tp - ok
11:45:34.0278 3192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:45:34.0281 3192 RasPppoe - ok
11:45:34.0383 3192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:45:34.0386 3192 RasSstp - ok
11:45:34.0468 3192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:45:34.0476 3192 rdbss - ok
11:45:34.0572 3192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:45:34.0574 3192 rdpbus - ok
11:45:34.0601 3192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:45:34.0602 3192 RDPCDD - ok
11:45:34.0708 3192 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:45:34.0712 3192 RDPDR - ok
11:45:34.0803 3192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:45:34.0804 3192 RDPENCDD - ok
11:45:34.0894 3192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:45:34.0895 3192 RDPREFMP - ok
11:45:34.0991 3192 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:45:34.0998 3192 RDPWD - ok
11:45:35.0083 3192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:45:35.0091 3192 rdyboost - ok
11:45:35.0206 3192 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
11:45:35.0209 3192 rimmptsk - ok
11:45:35.0256 3192 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
11:45:35.0259 3192 rimsptsk - ok
11:45:35.0372 3192 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
11:45:35.0375 3192 rismxdp - ok
11:45:35.0497 3192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:45:35.0501 3192 rspndr - ok
11:45:35.0585 3192 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:45:35.0588 3192 s3cap - ok
11:45:35.0624 3192 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:45:35.0627 3192 sbp2port - ok
11:45:35.0719 3192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:45:35.0719 3192 scfilter - ok
11:45:35.0873 3192 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
11:45:35.0877 3192 sdbus - ok
11:45:36.0025 3192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:45:36.0027 3192 secdrv - ok
11:45:36.0155 3192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:45:36.0158 3192 Serenum - ok
11:45:36.0272 3192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:45:36.0277 3192 Serial - ok
11:45:36.0393 3192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:45:36.0396 3192 sermouse - ok
11:45:36.0539 3192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:45:36.0542 3192 sffdisk - ok
11:45:36.0647 3192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:45:36.0650 3192 sffp_mmc - ok
11:45:36.0714 3192 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:45:36.0716 3192 sffp_sd - ok
11:45:36.0801 3192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:45:36.0804 3192 sfloppy - ok
11:45:37.0012 3192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:45:37.0015 3192 SiSRaid2 - ok
11:45:37.0114 3192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:45:37.0118 3192 SiSRaid4 - ok
11:45:37.0364 3192 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
11:45:37.0366 3192 SmartDefragDriver - ok
11:45:37.0495 3192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:45:37.0500 3192 Smb - ok
11:45:37.0629 3192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:45:37.0631 3192 spldr - ok
11:45:37.0759 3192 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
11:45:37.0772 3192 srv - ok
11:45:37.0849 3192 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
11:45:37.0939 3192 srv2 - ok
11:45:38.0060 3192 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:45:38.0068 3192 SrvHsfHDA - ok
11:45:38.0231 3192 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:45:38.0323 3192 SrvHsfV92 - ok
11:45:38.0472 3192 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:45:38.0530 3192 SrvHsfWinac - ok
11:45:38.0631 3192 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
11:45:38.0636 3192 srvnet - ok
11:45:38.0909 3192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:45:38.0912 3192 stexstor - ok
11:45:39.0049 3192 STHDA (e964db5400cfd56fc99cd2ab1b21213f) C:\Windows\system32\drivers\stwrt64.sys
11:45:39.0060 3192 STHDA - ok
11:45:39.0255 3192 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:45:39.0258 3192 storflt - ok
11:45:39.0333 3192 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:45:39.0335 3192 storvsc - ok
11:45:39.0422 3192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:45:39.0423 3192 swenum - ok
11:45:39.0642 3192 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
11:45:39.0647 3192 SynTP - ok
11:45:39.0809 3192 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
11:45:39.0957 3192 Tcpip - ok
11:45:40.0154 3192 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
11:45:40.0180 3192 TCPIP6 - ok
11:45:40.0284 3192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:45:40.0286 3192 tcpipreg - ok
11:45:40.0411 3192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:45:40.0413 3192 TDPIPE - ok
11:45:40.0476 3192 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:45:40.0478 3192 TDTCP - ok
11:45:40.0590 3192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:45:40.0593 3192 tdx - ok
11:45:40.0629 3192 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:45:40.0631 3192 TermDD - ok
11:45:40.0744 3192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:45:40.0747 3192 tssecsrv - ok
11:45:40.0829 3192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:45:40.0833 3192 TsUsbFlt - ok
11:45:40.0938 3192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:45:40.0943 3192 tunnel - ok
11:45:41.0025 3192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:45:41.0029 3192 uagp35 - ok
11:45:41.0128 3192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:45:41.0138 3192 udfs - ok
11:45:41.0405 3192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:45:41.0430 3192 uliagpkx - ok
11:45:41.0525 3192 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:45:41.0528 3192 umbus - ok
11:45:41.0559 3192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:45:41.0560 3192 UmPass - ok
11:45:41.0670 3192 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
11:45:41.0673 3192 usbaudio - ok
11:45:41.0704 3192 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:45:41.0707 3192 usbccgp - ok
11:45:41.0745 3192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:45:41.0749 3192 usbcir - ok
11:45:41.0774 3192 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
11:45:41.0776 3192 usbehci - ok
11:45:41.0875 3192 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
11:45:41.0885 3192 usbhub - ok
11:45:41.0918 3192 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:45:41.0920 3192 usbohci - ok
11:45:41.0958 3192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:45:41.0958 3192 usbprint - ok
11:45:41.0993 3192 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:45:41.0996 3192 USBSTOR - ok
11:45:42.0024 3192 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:45:42.0026 3192 usbuhci - ok
11:45:42.0119 3192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:45:42.0123 3192 vdrvroot - ok
11:45:42.0180 3192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:45:42.0182 3192 vga - ok
11:45:42.0205 3192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:45:42.0206 3192 VgaSave - ok
11:45:42.0240 3192 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:45:42.0245 3192 vhdmp - ok
11:45:42.0274 3192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:45:42.0276 3192 viaide - ok
11:45:42.0366 3192 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:45:42.0373 3192 vmbus - ok
11:45:42.0419 3192 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:45:42.0420 3192 VMBusHID - ok
11:45:42.0451 3192 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:45:42.0453 3192 volmgr - ok
11:45:42.0563 3192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:45:42.0574 3192 volmgrx - ok
11:45:42.0610 3192 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:45:42.0616 3192 volsnap - ok
11:45:42.0672 3192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:45:42.0675 3192 vsmraid - ok
11:45:42.0708 3192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:45:42.0709 3192 vwifibus - ok
11:45:42.0736 3192 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:45:42.0738 3192 vwififlt - ok
11:45:42.0827 3192 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:45:42.0829 3192 vwifimp - ok
11:45:42.0904 3192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:45:42.0906 3192 WacomPen - ok
11:45:43.0004 3192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:45:43.0006 3192 WANARP - ok
11:45:43.0033 3192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:45:43.0035 3192 Wanarpv6 - ok
11:45:43.0089 3192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:45:43.0090 3192 Wd - ok
11:45:43.0143 3192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:45:43.0152 3192 Wdf01000 - ok
11:45:43.0252 3192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:45:43.0252 3192 WfpLwf - ok
11:45:43.0322 3192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:45:43.0322 3192 WIMMount - ok
11:45:43.0492 3192 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:45:43.0502 3192 WinUsb - ok
11:45:43.0622 3192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:45:43.0622 3192 WmiAcpi - ok
11:45:43.0812 3192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:45:43.0822 3192 ws2ifsl - ok
11:45:43.0942 3192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:45:43.0942 3192 WudfPf - ok
11:45:44.0062 3192 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:45:44.0072 3192 WUDFRd - ok
11:45:44.0122 3192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:45:44.0232 3192 \Device\Harddisk0\DR0 - ok
11:45:44.0242 3192 Boot (0x1200) (eca08924710a65a35c397079433ec30c) \Device\Harddisk0\DR0\Partition0
11:45:44.0242 3192 \Device\Harddisk0\DR0\Partition0 - ok
11:45:44.0272 3192 Boot (0x1200) (173f2082b41436a73e3c0d29546baaec) \Device\Harddisk0\DR0\Partition1
11:45:44.0272 3192 \Device\Harddisk0\DR0\Partition1 - ok
11:45:44.0272 3192 ============================================================
11:45:44.0272 3192 Scan finished
11:45:44.0272 3192 ============================================================
11:45:44.0282 1712 Detected object count: 0
11:45:44.0282 1712 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 23 January 2012 - 04:32 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 McZwick

McZwick
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 23 January 2012 - 09:59 PM

Here's my aswMBR log.
Thanks!

---


aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-23 21:55:53
-----------------------------
21:55:53.110 OS Version: Windows x64 6.1.7601 Service Pack 1
21:55:53.111 Number of processors: 2 586 0xF0D
21:55:53.113 ComputerName: LAPPY UserName: Zwick
21:56:05.409 Initialize success
21:56:28.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:56:28.313 Disk 0 Vendor: ST9160821AS 3.CDE Size: 152627MB BusType: 3
21:56:28.347 Disk 0 MBR read successfully
21:56:28.350 Disk 0 MBR scan
21:56:28.357 Disk 0 Windows 7 default MBR code
21:56:28.361 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
21:56:28.392 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 161792
21:56:28.406 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146814 MB offset 366592
21:56:28.410 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 301042035
21:56:28.471 Disk 0 Partition 4 00 DD MSDOS5.0 2557 MB offset 301042098
21:56:28.477 Service scanning
21:56:29.825 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:56:30.672 Modules scanning
21:56:30.695 Disk 0 trace - called modules:
21:56:30.789 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
21:56:30.795 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004313060]
21:56:30.800 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003e78060]
21:56:30.806 Scan finished successfully
21:56:49.054 Disk 0 MBR has been saved successfully to "C:\Users\Zwick\Desktop\MBR.dat"
21:56:49.061 The log file has been saved successfully to "C:\Users\Zwick\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 23 January 2012 - 10:21 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 McZwick

McZwick
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 24 January 2012 - 10:15 AM

Below is the latest log. The only strange thing about my computer is that I am still unable to get into system properties (right clicking on My Computer and going to properties). Could this be a control panel related registry key problem?

Thanks!

------


ComboFix 12-01-23.02 - Zwick 01/24/2012 9:48.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2930 [GMT -5:00]
Running from: c:\users\Zwick\Desktop\ComboFix.exe
Command switches used :: c:\users\Zwick\Desktop\CFscript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 14:57 . 2012-01-24 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-23 15:58 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{871CF977-7E06-438F-8CDA-9933C37AE53A}\mpengine.dll
2012-01-18 02:37 . 2012-01-18 17:17 -------- d-----w- c:\windows\ehome
2012-01-18 02:36 . 2012-01-18 02:36 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-01-18 02:36 . 2012-01-18 02:36 -------- d-----r- c:\users\Public\Recorded TV
2012-01-14 06:41 . 2012-01-14 06:41 388096 ----a-r- c:\users\Zwick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-14 06:41 . 2012-01-14 06:41 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-14 05:46 . 2012-01-14 05:46 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-14 05:45 . 2012-01-14 05:46 -------- d-----w- c:\programdata\HitmanPro
2012-01-14 01:54 . 2012-01-18 16:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-13 20:53 . 2012-01-13 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-13 20:53 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 20:22 . 2012-01-13 20:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-13 19:30 . 2012-01-13 20:32 -------- d-----w- C:\sh4ldr
2012-01-13 19:30 . 2012-01-13 19:30 -------- d-----w- c:\program files\Enigma Software Group
2012-01-13 19:29 . 2012-01-13 20:32 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
2012-01-11 21:24 . 2012-01-11 21:24 -------- d-----w- c:\users\Zwick\AppData\Roaming\Malwarebytes
2012-01-11 21:24 . 2012-01-11 21:24 -------- d-----w- c:\programdata\Malwarebytes
2012-01-11 19:49 . 2011-09-20 18:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-11 14:50 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:50 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 22:06 . 2012-01-08 22:06 -------- d-----w- c:\windows\en
2012-01-08 22:03 . 2012-01-08 22:04 -------- d-----w- c:\program files (x86)\Windows Live
2012-01-08 22:03 . 2012-01-08 22:03 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-08 22:01 . 2012-01-08 22:01 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1d748b41ccce512e\MeshBetaRemover.exe
2012-01-08 21:58 . 2012-01-08 21:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DSETUP.dll
2012-01-08 21:58 . 2012-01-08 21:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\DXSETUP.exe
2012-01-08 21:58 . 2012-01-08 21:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9f4747cf1ccce5021\dsetup32.dll
2012-01-08 21:58 . 2012-01-08 21:58 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DXSETUP.exe
2012-01-08 21:58 . 2012-01-08 21:58 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\DSETUP.dll
2012-01-08 21:58 . 2012-01-08 21:58 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9a9ce8221ccce5020\dsetup32.dll
2012-01-08 20:48 . 2012-01-08 20:48 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-01-08 19:37 . 2012-01-08 19:37 -------- d-----w- c:\windows\9013B37099D4404B9DB9779B51CEB5FF.TMP
2012-01-08 19:36 . 2012-01-08 19:36 -------- d-----w- c:\program files\DIFX
2012-01-08 19:35 . 2012-01-08 19:38 -------- d-----w- c:\windows\F9D59E62845F49A28B75DDB00661673C.TMP
2012-01-08 19:33 . 2012-01-08 19:33 -------- d-----w- c:\programdata\Leapfrog
2012-01-08 19:33 . 2012-01-08 19:36 -------- d-----w- c:\program files (x86)\LeapFrog
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 19:30 . 2011-06-18 20:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2010-12-21 17:24 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 01:53 . 2011-12-14 14:09 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 14:09 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 14:09 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 14:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 14:09 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 14:09 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 14:09 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 14:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-22_03.32.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-22 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-24 14:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-22 03:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-24 14:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-22 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-24 14:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-20 20:46 . 2012-01-24 15:02 47664 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-24 15:02 42270 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-20 19:54 . 2012-01-24 15:02 14198 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-54349521-2605671155-1412708382-1000_UserData.bin
+ 2010-12-22 18:40 . 2012-01-23 21:42 6030 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-12-22 18:40 . 2012-01-22 03:29 6030 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-24 14:58 . 2012-01-24 14:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-22 03:30 . 2012-01-22 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-24 14:58 . 2012-01-24 14:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-22 03:30 . 2012-01-22 03:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-12 13:59 . 2012-01-22 02:37 503296 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-01-12 13:59 . 2012-01-24 02:44 503296 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-01-23 16:02 665600 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-23 16:02 123336 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-22 03:29 393032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-24 14:57 393032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-06 01:52 . 2012-01-17 19:52 577384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-54349521-2605671155-1412708382-1000-12288.dat
+ 2011-11-06 01:52 . 2012-01-23 21:42 577384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-54349521-2605671155-1412708382-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 135664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2007-09-20 86016]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\DRIVERS\b44amd64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 20:04]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-20 20:04]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54349521-2605671155-1412708382-1000Core.job
- c:\users\Zwick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 18:51]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-54349521-2605671155-1412708382-1000UA.job
- c:\users\Zwick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 18:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Zwick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 220672]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 302184]
"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-54349521-2605671155-1412708382-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,27,9d,5c,31,46,0c,0a,5c,b5,09,d7,d3,79,95,cf,56,2d,2a,d4,92,
ef,48,ff,c6,7e,3b,32,19,90,c3,10,55,90,bd,d7,27,67,4f,da,84,34,5d,c4,16,ad,\
"rkeysecu"=hex:42,de,e5,f0,5c,9d,b7,85,b8,78,a3,94,5a,6a,7e,28
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EndNote14.AddinServer]
@Denied: (A) (Everyone)
@="EndNote14.AddinServer"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EndNote14.AddinServer\CLSID]
@="{575B6FEB-477B-4595-A478-9B141A98D869}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-01-24 10:07:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 15:07
ComboFix2.txt 2012-01-22 03:47
ComboFix3.txt 2012-01-14 05:33
ComboFix4.txt 2012-01-13 15:25
.
Pre-Run: 43,366,170,624 bytes free
Post-Run: 43,023,740,928 bytes free
.
- - End Of File - - 754BE0C473A616E24D759EF40333316F

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:57 PM

Posted 24 January 2012 - 07:01 PM

Hello


I keep checking into the system properties problem and when we are complete if it is not fixed you may have to ask in the windows forum



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

xxx
xxx
xxx


and click on remove



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 McZwick

McZwick
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 25 January 2012 - 10:33 AM

Gringo,

System properties still won't open.

I received the following error messages when trying to install Java:


lib/zi/asia/anadyr: old file not found. However, a file of the same name was found. No update done since file contents do not match.

Java™ Upadate fails to apply changes to your system.

Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.

Installation Failed.....Java 6 update 30

I uninstalled Java (add/remove programs), tried again, and it installed just fine.

Thanks!

-------------------

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zwick :: LAPPY [administrator]

Protection: Disabled

1/25/2012 10:07:11 AM
mbam-log-2012-01-25 (10-07-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182499
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:29 AM, on 1/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zwick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9947 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users