Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2 not removed by symantec


  • This topic is locked This topic is locked
15 replies to this topic

#1 tgor

tgor

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 23 February 2012 - 08:48 AM

Hello all,

I think this started popping up when I plugged in a USB drive. I have Symantec endpoint protection antivirus, which occasionally pops up with the following message:

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Users\Tom\AppData\Local\Temp\DWH8D67.tmp
Location: Quarantine
Computer: TGOR
User: Tom
Action taken: Quarantine succeeded : Access denied
Date found: Thursday, February 23, 2012 8:41:25 AM

I am running 64-bit windows 7, so no GMER. Thank you for your help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Tom at 21:20:56 on 2012-02-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.969 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~2\Accelrys\MATERI~1.4\etc\Gateway\apache\bin\Apache.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe
C:\PROGRA~2\Accelrys\MATERI~1.4\etc\Gateway\apache\bin\Apache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\SecureW2\sw2_tray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Symantec Endpoint Protection\SavUI.exe
C:\Windows\system32\taskhost.exe
C:\Users\Tom\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ReadyNAS Remote] C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
uRun: [chromium] C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Cobian Backup 10] "C:\Program Files (x86)\Cobian Backup 10\Cobian.exe"
StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{343B8783-EF03-4953-B2EE-767E86ACA64F} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{343B8783-EF03-4953-B2EE-767E86ACA64F}\1496270556E6E6E45647D28456C607 : DhcpNameServer = 128.91.2.26
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Cobian Backup 10] "C:\Program Files (x86)\Cobian Backup 10\Cobian.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\m1gs4c5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2012-2-19 67584]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-1-31 133992]
R2 MaterialsStudioGateway(18888);Materials Studio Gateway (18888);C:\PROGRA~2\Accelrys\MATERI~1.4\etc\Gateway\apache\bin\Apache.exe [2008-11-13 20550]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe [2010-5-11 1831024]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-1-31 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-1-31 142696]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-8 138360]
R3 Fwleaf;NETGEAR Firewall Driver;C:\Windows\system32\DRIVERS\fwleaf.sys --> C:\Windows\system32\DRIVERS\fwleaf.sys [?]
R3 leafnets;Leaf Networks Adapter;C:\Windows\system32\DRIVERS\leafnets.sys --> C:\Windows\system32\DRIVERS\leafnets.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-2-7 101736]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-1-31 478056]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-1-31 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-2-21 175168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-20 22:18:36 -------- d-----w- C:\Users\Tom\AppData\Local\CrashDumps
2012-02-20 16:56:16 -------- d-----w- C:\Users\Tom\AppData\Local\Apple Computer
2012-02-20 01:32:06 -------- d-----w- C:\Program Files (x86)\Datasqueeze Software
2012-02-20 01:25:37 -------- d-----w- C:\Users\Tom\AppData\Local\Adobe
2012-02-20 01:25:30 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-19 23:53:17 98816 ----a-w- C:\Windows\sed.exe
2012-02-19 23:53:17 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-19 23:53:17 256000 ----a-w- C:\Windows\PEV.exe
2012-02-19 23:53:17 208896 ----a-w- C:\Windows\MBR.exe
2012-02-19 23:26:49 -------- d-----w- C:\Users\Tom\AppData\Local\NPE
2012-02-19 23:26:49 -------- d-----w- C:\ProgramData\Norton
2012-02-19 21:44:40 -------- d-----w- C:\Users\Tom\AppData\Local\Safe mirror
2012-02-19 21:44:06 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2012-02-19 21:05:16 -------- d-----w- C:\Users\Tom\AppData\Roaming\Malwarebytes
2012-02-19 21:05:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-19 21:05:10 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-19 21:05:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-19 20:44:55 108032 ----a-w- C:\Windows\System32\E_ILMFDA.DLL
2012-02-19 20:44:53 81408 ----a-w- C:\Windows\System32\E_IBCBFDA.DLL
2012-02-19 20:44:39 -------- d-----w- C:\ProgramData\EPSON
2012-02-19 19:20:25 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-02-19 17:50:19 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-02-19 17:49:37 -------- d-----w- C:\Users\Tom\AppData\Roaming\uTorrent
2012-02-19 17:33:39 -------- d-----w- C:\Program Files\PeerGuardian2
2012-02-19 16:29:09 -------- d-----w- C:\ProgramData\BackupClient
2012-02-16 12:50:59 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-16 12:50:59 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-16 12:50:58 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-16 12:50:57 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-16 12:50:55 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-02-16 12:50:53 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-02-15 17:53:50 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 17:53:49 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 17:53:47 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 17:53:46 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 17:53:44 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 17:53:42 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 17:53:38 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 17:53:37 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-09 17:36:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-07 19:17:29 -------- d-----w- C:\SWTOOLS
2012-02-07 19:17:28 -------- d-----w- C:\ProgramData\Lenovo
2012-02-03 19:48:35 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft_Corporation
2012-02-03 19:24:01 -------- d-----r- C:\Users\Tom\Dropbox
2012-02-03 18:59:35 -------- d-----w- C:\Users\Tom\AppData\Roaming\Dropbox
2012-02-03 13:50:10 -------- d-----w- C:\Program Files\Synaptics
2012-02-03 13:47:28 215336 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-02-03 13:47:28 148264 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-02-03 13:47:28 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-02-03 13:47:27 1395760 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-02-03 13:47:26 400168 ----a-w- C:\Windows\System32\SynCOM.dll
2012-02-03 13:47:26 273704 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-02-03 13:47:26 218408 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-02-03 13:47:26 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-02-03 00:30:57 -------- d-----w- C:\Users\Tom\AppData\Roaming\horae
2012-02-03 00:00:23 -------- d-----w- C:\Program Files (x86)\Ifeffit
2012-02-02 18:44:59 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit
2012-02-02 18:44:36 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-02-02 18:42:15 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
2012-02-02 18:41:53 -------- d-----w- C:\Program Files (x86)\Application Verifier
2012-02-02 18:41:52 -------- d-----w- C:\Program Files\Application Verifier (x64)
2012-02-02 16:47:54 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-02-02 16:38:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-02 16:38:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-02 16:38:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-02 16:38:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-02 16:38:14 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-02 16:38:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-02 16:38:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-02 12:38:01 -------- d-----w- C:\Users\Tom\AppData\Local\Gatan
2012-02-02 12:34:43 -------- d-----w- C:\Users\Tom\AppData\Roaming\Accelrys
2012-02-02 12:25:53 -------- d-----w- C:\ProgramData\Accelrys
2012-02-02 12:25:53 -------- d-----w- C:\Program Files (x86)\Common Files\Accelrys
2012-02-02 12:25:53 -------- d-----w- C:\Program Files (x86)\Accelrys
2012-02-01 20:03:16 -------- d-----r- C:\Users\Tom\Virtual Machines
2012-02-01 19:47:54 3584 ----a-w- C:\Windows\System32\drivers\fr-FR\vpchbus.sys.mui
2012-02-01 19:46:51 793600 ----a-w- C:\Windows\SysWow64\vmsal.exe
2012-02-01 19:46:51 2264064 ----a-w- C:\Windows\System32\VPCWizard.exe
2012-02-01 19:46:44 95232 ----a-w- C:\Windows\System32\drivers\vpcusb.sys
2012-02-01 19:46:42 194944 ----a-w- C:\Windows\System32\drivers\vpchbus.sys
2012-02-01 19:46:39 360832 ----a-w- C:\Windows\System32\drivers\vpcvmm.sys
2012-02-01 19:46:37 562176 ----a-w- C:\Windows\System32\VMCPropertyHandler.dll
2012-02-01 19:46:37 15872 ----a-w- C:\Windows\System32\vpchbuspipe.dll
2012-02-01 19:46:37 1369600 ----a-w- C:\Windows\System32\VPCSettings.exe
2012-02-01 19:46:05 4514816 ----a-w- C:\Windows\System32\vpc.exe
2012-02-01 19:46:05 1210368 ----a-w- C:\Windows\System32\VMWindow.exe
2012-02-01 19:46:04 936448 ----a-w- C:\Windows\System32\vmsal.exe
2012-02-01 19:34:56 -------- d-----w- C:\Program Files\Windows XP Mode
2012-02-01 17:02:58 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-01 16:48:55 -------- d-----w- C:\Users\Tom\AppData\Roaming\PwrMgr
2012-02-01 16:39:49 -------- d-----w- C:\Users\Tom\AppData\Local\Broadcom
2012-02-01 16:38:30 35104 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-02-01 16:38:30 132648 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-02-01 16:38:29 98344 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-02-01 16:38:29 21288 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-02-01 16:37:41 54824 ----a-w- C:\Windows\System32\drivers\btusbflt.sys
2012-02-01 15:44:10 -------- d-----w- C:\Program Files (x86)\Analog Devices
2012-02-01 14:08:55 -------- d-----w- C:\Program Files (x86)\OriginLab
2012-02-01 02:35:47 -------- d-----w- C:\Users\Tom\AppData\Local\Mendeley Ltd
2012-02-01 02:26:21 527424 ------w- C:\Windows\PWMBTHLV.EXE
2012-02-01 02:26:10 31344 ----a-w- C:\Windows\System32\drivers\DZHDD64.SYS
2012-02-01 02:26:10 14960 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS
2012-02-01 02:26:10 1036352 ----a-w- C:\Windows\System32\PWMCP64V.cpl
2012-02-01 02:24:46 -------- d-----w- C:\Program Files\Common Files\Lenovo
2012-02-01 02:24:24 -------- d-----w- C:\Program Files (x86)\Common Files\Lenovo
2012-02-01 02:23:49 -------- d-----w- C:\Program Files\Lenovo
2012-02-01 02:23:32 15472 ----a-w- C:\Windows\System32\drivers\smiifx64.sys
2012-02-01 02:22:10 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-02-01 02:22:09 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-02-01 02:22:08 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-02-01 02:22:08 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-02-01 02:22:06 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-02-01 02:22:05 45928 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2012-02-01 02:22:05 39024 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2012-02-01 02:22:05 38760 ----a-w- C:\Windows\System32\tpinspm.dll
2012-02-01 02:20:54 -------- d-----w- C:\Program Files (x86)\Mendeley Desktop
2012-01-31 22:06:13 -------- d-----w- C:\Perl64
2012-01-31 21:56:31 -------- d-----w- C:\Program Files\Gatan
2012-01-31 21:56:24 -------- d-----w- C:\ProgramData\Gatan
2012-01-31 21:54:46 -------- d-----w- C:\Users\Tom\AppData\Local\Downloaded Installations
2012-01-31 21:09:34 -------- d-----w- C:\Users\Tom\AppData\Local\ReadyNASRemote
2012-01-31 21:08:33 27200 ----a-w- C:\Windows\System32\drivers\fwleaf.sys
2012-01-31 21:07:47 -------- d-----w- C:\Program Files (x86)\NETGEAR ReadyNAS
2012-01-31 21:07:24 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-01-31 20:36:40 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft Games
2012-01-31 20:34:40 -------- d-----w- C:\Program Files (x86)\Common Files\Thomson ResearchSoft
2012-01-31 20:33:36 -------- d-----w- C:\Program Files (x86)\EndNote X1
2012-01-31 20:32:13 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-01-31 20:25:01 -------- d-----w- C:\Users\Tom\AppData\Roaming\EndNote
2012-01-31 20:24:35 -------- d-----w- C:\Program Files (x86)\Common Files\Risxtd
2012-01-31 20:18:18 -------- d-----w- C:\Program Files (x86)\ImageJ
2012-01-31 20:11:06 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-01-31 19:55:34 -------- d-----w- C:\Program Files\ThinkPad
2012-01-31 19:55:34 -------- d-----w- C:\Program Files (x86)\ThinkPad
2012-01-31 19:50:52 467456 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp118.dll
2012-01-31 19:49:31 22016 ----a-w- C:\Windows\System32\hppmopjl.dll
2012-01-31 19:49:30 193592 ----a-w- C:\Windows\System32\hppdcompio.dll
2012-01-31 19:49:30 167480 ----a-w- C:\Windows\SysWow64\hppccompio.dll
2012-01-31 19:49:28 155648 ----a-w- C:\Windows\System32\hpmtp118.dll
2012-01-31 19:49:27 67584 ----a-w- C:\Windows\System32\hpmpw081.dll
2012-01-31 19:49:27 182784 ----a-w- C:\Windows\System32\hpmpm081.dll
2012-01-31 19:49:26 210432 ----a-w- C:\Windows\System32\hpmml118.dll
2012-01-31 19:49:26 157696 ----a-w- C:\Windows\System32\hpmja118.dll
2012-01-31 19:49:22 311808 ----a-w- C:\Windows\System32\hpcpn118.dll
2012-01-31 19:49:15 511488 ----a-w- C:\Windows\SysWow64\hpcdmc32.dll
2012-01-31 19:49:13 316928 ----a-w- C:\Windows\SysWow64\hpcc3118.dll
2012-01-31 19:49:10 60440 ----a-w- C:\Windows\System32\FxCompChannel_x64.dll
2012-01-31 19:46:37 -------- d-----w- C:\HP Universal Print Driver
2012-01-31 19:43:38 -------- d-----w- C:\Windows\PCHEALTH
2012-01-31 19:36:43 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-01-31 19:35:37 -------- d-----w- C:\Users\Tom\AppData\Local\Microsoft Help
2012-01-31 19:16:27 -------- d-----w- C:\Program Files\Microsoft Games
2012-01-31 19:08:12 -------- d-----w- C:\Program Files\iPod
2012-01-31 19:08:01 -------- d-----w- C:\Program Files\iTunes
2012-01-31 19:08:01 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-31 19:06:27 -------- d-----w- C:\Windows\System32\appmgmt
2012-01-31 18:41:48 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-01-31 18:41:48 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-01-31 18:41:48 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-01-31 18:41:03 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-31 18:37:40 -------- d-----w- C:\Users\Tom\ReallyOldFiles
2012-01-31 18:36:47 -------- d-----w- C:\Program Files\Bonjour
2012-01-31 18:36:47 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-31 18:34:41 -------- d-----w- C:\Program Files (x86)\Mestrelab Research S.L
2012-01-31 18:33:11 -------- d-----w- C:\ProgramData\CambridgeSoft
2012-01-31 18:30:56 -------- d-----w- C:\Program Files (x86)\CambridgeSoft
2012-01-31 18:29:56 -------- d-----w- C:\CSTEMP
2012-01-31 18:22:55 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-01-31 18:22:53 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-01-31 18:22:53 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-01-31 18:22:52 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-01-31 18:22:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-01-31 13:47:37 -------- d-----w- C:\Users\Tom\AppData\Local\Google
2012-01-31 13:44:49 -------- d-----w- C:\Program Files (x86)\SecureW2
2012-01-31 08:00:34 -------- d-----w- C:\Windows\SysWow64\Wat
2012-01-31 08:00:33 -------- d-----w- C:\Windows\System32\Wat
2012-01-31 03:11:09 -------- d-----w- C:\Windows\System32\SPReview
2012-01-31 03:10:39 -------- d-----w- C:\Windows\System32\EventProviders
2012-01-31 03:05:59 1197056 ----a-w- C:\Windows\System32\taskschd.dll
2012-01-31 03:04:59 61440 ----a-w- C:\Windows\SysWow64\tcpmonui.dll
2012-01-31 03:03:59 253440 ----a-w- C:\Windows\System32\tcpipcfg.dll
2012-01-31 03:02:59 726528 ----a-w- C:\Windows\System32\appwiz.cpl
2012-01-31 03:01:59 416256 ----a-w- C:\Windows\System32\prnfldr.dll
2012-01-31 03:00:59 743424 ----a-w- C:\Windows\SysWow64\blackbox.dll
2012-01-31 02:59:59 62976 ----a-w- C:\Windows\System32\PnPUnattend.exe
2012-01-31 02:58:59 8192 ----a-w- C:\Windows\System32\KBDTUQ.DLL
2012-01-31 02:56:17 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-01-31 02:56:17 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-01-31 02:56:07 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-01-31 02:35:03 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-01-31 02:35:03 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-01-31 02:35:02 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-01-31 02:35:00 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-01-31 02:35:00 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-01-31 02:33:27 -------- d-----w- C:\Program Files (x86)\Lenovo
2012-01-31 02:32:58 27136 ----a-w- C:\Windows\System32\drivers\psadd.sys
2012-01-31 02:12:03 -------- d-----w- C:\Program Files\Protector Suite
2012-01-31 01:25:16 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-01-31 01:25:15 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-01-31 01:23:05 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-01-31 01:23:05 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-01-31 01:23:05 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-01-31 01:23:02 2315776 ----a-w- C:\Windows\System32\tquery.dll
2012-01-31 01:23:02 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2012-01-31 01:23:00 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2012-01-31 01:23:00 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2012-01-31 01:21:46 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-01-31 01:20:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-31 01:19:46 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-01-31 01:19:46 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-01-31 01:19:33 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-01-31 01:19:23 605552 ----a-w- C:\Windows\System32\winload.exe
2012-01-31 01:19:22 642944 ----a-w- C:\Windows\System32\winload.efi
2012-01-31 01:19:20 518672 ----a-w- C:\Windows\System32\winresume.exe
2012-01-31 01:19:18 566208 ----a-w- C:\Windows\System32\winresume.efi
2012-01-31 01:19:15 20352 ----a-w- C:\Windows\System32\kdusb.dll
2012-01-31 01:19:15 19328 ----a-w- C:\Windows\System32\kd1394.dll
2012-01-31 01:19:14 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2012-01-31 01:19:14 17792 ----a-w- C:\Windows\System32\kdcom.dll
2012-01-31 01:16:48 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2012-01-31 01:06:24 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-01-31 01:06:24 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-01-31 01:06:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-01-31 01:06:20 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-01-31 01:06:14 -------- d-----w- C:\ProgramData\PCDr
2012-01-31 01:06:14 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2012-01-31 01:04:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-31 01:04:59 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-01-31 01:04:38 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-01-31 01:04:36 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-01-31 01:04:32 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-01-31 01:04:10 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-31 01:04:10 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-31 00:52:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 00:51:06 -------- d-----w- C:\Users\Tom\AppData\Local\Mozilla
2012-01-31 00:49:01 -------- d-----w- C:\Users\Tom\AppData\Local\Symantec
2012-01-31 00:47:34 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-31 00:47:33 -------- d-----w- C:\Program Files\Symantec
2012-01-31 00:47:22 503808 ----a-w- C:\Windows\SysWow64\MSVCP71.DLL
2012-01-31 00:47:22 348160 ----a-w- C:\Windows\SysWow64\MSVCR71.DLL
2012-01-31 00:47:22 1060864 ----a-w- C:\Windows\SysWow64\MFC71.DLL
2012-01-31 00:47:20 -------- d-----w- C:\Program Files (x86)\Symantec
2012-01-31 00:47:13 -------- d-----w- C:\ProgramData\Symantec
2012-01-31 00:47:13 -------- d-----w- C:\Program Files\Symantec Endpoint Protection
2012-01-31 00:47:13 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-01-31 00:47:13 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-01-31 00:46:12 -------- d--ha-w- C:\Program Files (x86)\Penn Apps 2010
2012-01-31 00:32:24 -------- d-----w- C:\Windows\Panther
2012-01-30 23:24:15 -------- d-----w- C:\AMD
2012-01-30 23:22:52 -------- d-----w- C:\Users\Tom\AppData\Local\Diagnostics
2012-01-30 22:56:07 -------- d-----w- C:\Users\Tom\AppData\Local\ElevatedDiagnostics
2012-01-30 22:18:56 -------- d-----w- C:\Users\Tom\AppData\Roaming\Intel
2012-01-30 22:18:48 -------- d-----w- C:\Users\Tom\Roaming
2012-01-30 22:18:02 -------- d-----w- C:\Program Files\Common Files\Intel
2012-01-30 22:18:02 -------- d-----w- C:\Program Files (x86)\Cisco
2012-01-30 22:17:26 -------- d-sh--w- C:\Windows\Installer
2012-01-30 22:16:33 -------- d-----w- C:\DRIVERS
2012-01-30 21:39:53 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2012-01-31 03:30:37 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-31 03:30:36 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-12 00:19:16 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-01-03 13:10:52 53656 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-01-03 13:10:48 24984 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:22:11.58 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:11 AM

Posted 25 February 2012 - 02:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:11 AM

Posted 28 February 2012 - 12:32 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 tgor

tgor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 28 February 2012 - 09:34 AM

Hi Gringo,

Sorry for the delayed response. I ran combofix. The first time I ran it (4 days ago), it did several deletions, then I thought it froze, so I closed it before the log file came up. Then I ran it again and there were no deletions. Today I ran combofix once again, and there were many deletions, below is the log file.

As for how the computer is running. Symantec still warns of trojan.gen.2 or trojan.gen, more than 100 risks have been identified on the computer. Other than the notices, the computer is working fine.

Thank you for your help!

ComboFix 12-02-25.02 - Tom 02/28/2012 8:05.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1745 [GMT -5:00]
Running from: c:\users\Tom\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\16eed067-40d8-4239-8470-9de370bfcc4b.dll
c:\programdata\PCDr\5849\AddOnDownloaded\283cdc40-c633-4749-b3ad-8eb5e8b11b5c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\434b795d-fe06-4495-801e-fa92d93babbc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\4506fabd-988f-4627-a1de-44b2f1093b08.dll
c:\programdata\PCDr\5849\AddOnDownloaded\54874b0a-fb04-44ef-ad2b-c957aafea033.dll
c:\programdata\PCDr\5849\AddOnDownloaded\562ad818-216b-4d77-8b40-834630104d2c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\60e1ddc2-8de1-4bd0-8e65-4c3d56791c8e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\6caa3aae-ef7a-46e1-8cf0-de07c37a32af.dll
c:\programdata\PCDr\5849\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7d08b206-22ae-4429-9e22-772698e3ca65.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll
c:\programdata\PCDr\5849\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b34a10f6-a592-424f-af97-b051783f9dd2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b52e5bed-821a-41fc-9d4b-24d443ee0ad9.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\PCDr\5849\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d97b7615-5719-44f8-a032-b5cae54a0299.dll
c:\programdata\PCDr\5849\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f45a4f6c-32c1-48c0-9ee9-e840f397e395.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll
c:\programdata\PCDr\5849\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
c:\windows\SysWow64\WPRO_41_1742woem.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 13:43 . 2012-02-28 13:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 03:01 . 2012-02-26 03:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFCC3A1-749F-461D-9F8D-EE14576618E5}\offreg.dll
2012-02-26 02:57 . 2012-02-20 06:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFCC3A1-749F-461D-9F8D-EE14576618E5}\mpengine.dll
2012-02-23 14:31 . 2012-02-23 14:36 -------- d-----w- c:\program files (x86)\Inkscape
2012-02-20 01:32 . 2012-02-20 01:32 -------- d-----w- c:\program files (x86)\Datasqueeze Software
2012-02-19 23:26 . 2012-02-19 23:26 -------- d-----w- c:\programdata\Norton
2012-02-19 21:44 . 2012-02-19 21:44 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-02-19 21:05 . 2012-02-19 21:05 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 21:05 . 2012-02-19 21:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-19 21:05 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 20:44 . 2008-08-08 07:09 108032 ----a-w- c:\windows\system32\E_ILMFDA.DLL
2012-02-19 20:44 . 2007-12-07 07:01 81408 ----a-w- c:\windows\system32\E_IBCBFDA.DLL
2012-02-19 20:44 . 2012-02-19 20:45 -------- d-----w- c:\programdata\EPSON
2012-02-19 19:20 . 2012-02-20 11:50 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-02-19 19:16 . 2012-02-22 13:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-19 18:17 . 2012-02-19 18:17 -------- d-----w- c:\program files\7-Zip
2012-02-19 17:50 . 2012-02-19 17:50 -------- d-----w- c:\program files (x86)\uTorrent
2012-02-19 17:38 . 2012-02-19 17:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-19 17:38 . 2012-02-19 17:38 -------- d-----w- c:\program files (x86)\Java
2012-02-19 17:33 . 2012-02-19 19:09 -------- d-----w- c:\program files\PeerGuardian2
2012-02-19 16:29 . 2012-02-19 18:25 -------- d-----w- c:\programdata\BackupClient
2012-02-16 12:50 . 2011-12-14 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 12:50 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-16 12:50 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-16 12:50 . 2011-12-14 07:04 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 12:50 . 2011-12-14 02:59 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-02-16 12:50 . 2011-12-14 07:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-15 17:53 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:53 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 17:53 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:53 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 17:53 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:53 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:53 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:53 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-09 17:36 . 2012-02-19 17:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-07 19:17 . 2012-02-07 19:17 -------- d-----w- C:\SWTOOLS
2012-02-07 19:17 . 2012-02-21 19:07 -------- d-----w- c:\programdata\Lenovo
2012-02-06 19:51 . 2012-02-06 19:51 -------- d-----w- c:\program files (x86)\Google
2012-02-03 13:50 . 2012-02-03 13:50 -------- d-----w- c:\program files\Synaptics
2012-02-03 13:47 . 2010-10-15 00:24 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-02-03 13:47 . 2010-10-15 00:24 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-02-03 13:47 . 2010-10-15 00:24 148264 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-02-03 13:47 . 2010-10-15 00:26 1395760 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-02-03 13:47 . 2010-10-15 00:24 273704 ----a-w- c:\windows\system32\SynCtrl.dll
2012-02-03 13:47 . 2010-10-15 00:24 218408 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-02-03 13:47 . 2010-10-15 00:24 400168 ----a-w- c:\windows\system32\SynCOM.dll
2012-02-03 13:47 . 2010-10-15 00:24 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-02-03 00:06 . 2012-02-03 00:06 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-02-03 00:00 . 2012-02-03 00:00 -------- d-----w- c:\program files (x86)\Ifeffit
2012-02-02 18:44 . 2012-02-02 18:44 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-02-02 18:44 . 2012-02-02 18:44 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-02-02 18:42 . 2012-02-02 18:42 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2012-02-02 18:41 . 2012-02-02 18:41 -------- d-----w- c:\program files (x86)\Application Verifier
2012-02-02 18:41 . 2012-02-02 18:41 -------- d-----w- c:\program files\Application Verifier (x64)
2012-02-02 16:47 . 2012-02-02 16:47 -------- d-----w- c:\windows\symbols
2012-02-02 16:47 . 2012-02-02 16:47 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-02 16:37 . 2012-02-02 16:38 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-02 16:34 . 2012-02-02 16:34 -------- d-----w- c:\program files\Microsoft SDKs
2012-02-02 12:25 . 2012-02-02 12:32 -------- d-----w- c:\programdata\Accelrys
2012-02-02 12:25 . 2012-02-02 12:29 -------- d-----w- c:\program files (x86)\Common Files\Accelrys
2012-02-02 12:25 . 2012-02-02 12:27 -------- d-----w- c:\program files (x86)\Accelrys
2012-02-01 19:47 . 2010-11-20 10:03 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui
2012-02-01 19:47 . 2010-11-20 10:02 13312 ----a-w- c:\windows\system32\drivers\en-US\vpcvmm.sys.mui
2012-02-01 19:47 . 2010-11-20 10:02 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcuxd.sys.mui
2012-02-01 19:47 . 2010-11-20 10:09 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui
2012-02-01 19:47 . 2010-11-20 10:02 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcnfltr.sys.mui
2012-02-01 19:47 . 2010-11-20 11:35 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2012-02-01 19:46 . 2010-11-20 13:25 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2012-02-01 19:46 . 2010-11-20 10:52 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2012-02-01 19:46 . 2010-11-20 11:35 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2012-02-01 19:46 . 2010-11-20 13:34 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2012-02-01 19:46 . 2010-11-20 13:34 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2012-02-01 19:46 . 2010-11-20 13:27 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2012-02-01 19:46 . 2010-11-20 13:25 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2012-02-01 19:46 . 2010-11-20 11:35 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2012-02-01 19:46 . 2010-11-20 13:25 4514816 ----a-w- c:\windows\system32\vpc.exe
2012-02-01 19:46 . 2010-11-20 11:37 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2012-02-01 19:46 . 2010-11-20 11:37 936448 ----a-w- c:\windows\system32\vmsal.exe
2012-02-01 19:34 . 2012-02-01 19:35 -------- d-----w- c:\program files\Windows XP Mode
2012-02-01 17:02 . 2012-02-01 17:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-01 17:02 . 2012-02-01 17:02 -------- d-----r- c:\program files (x86)\Skype
2012-02-01 17:02 . 2012-02-01 17:02 -------- d-----w- c:\programdata\Skype
2012-02-01 16:38 . 2010-01-15 18:23 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-02-01 16:38 . 2009-04-07 19:33 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-02-01 16:38 . 2010-01-15 18:23 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-02-01 16:38 . 2010-01-15 18:23 21288 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-02-01 16:37 . 2012-02-01 16:37 -------- d-----w- c:\program files\DIFX
2012-02-01 16:37 . 2010-04-09 04:11 54824 ----a-w- c:\windows\system32\drivers\btusbflt.sys
2012-02-01 15:44 . 2012-02-01 15:44 -------- d-----w- c:\program files (x86)\Analog Devices
2012-02-01 14:08 . 2012-02-01 14:08 -------- d-----w- c:\program files (x86)\OriginLab
2012-02-01 02:26 . 2011-12-01 08:05 527424 ------w- c:\windows\PWMBTHLV.EXE
2012-02-01 02:26 . 2011-12-01 08:05 31344 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2012-02-01 02:26 . 2011-12-01 08:05 14960 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2012-02-01 02:26 . 2011-12-01 08:05 1036352 ----a-w- c:\windows\system32\PWMCP64V.cpl
2012-02-01 02:24 . 2012-02-01 02:24 -------- d-----w- c:\program files\Common Files\Lenovo
2012-02-01 02:24 . 2012-02-01 02:24 -------- d-----w- c:\program files (x86)\Common Files\Lenovo
2012-02-01 02:23 . 2012-02-01 02:24 -------- d-----w- c:\program files\Lenovo
2012-02-01 02:23 . 2010-09-07 19:09 15472 ----a-w- c:\windows\system32\drivers\smiifx64.sys
2012-02-01 02:22 . 2012-02-03 13:51 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-02-01 02:22 . 2012-02-01 02:22 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-02-01 02:22 . 2011-08-11 16:20 45928 ----a-w- c:\windows\system32\ibmpmsvc.exe
2012-02-01 02:22 . 2011-08-11 16:20 39024 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2012-02-01 02:22 . 2011-08-11 16:20 38760 ----a-w- c:\windows\system32\tpinspm.dll
2012-02-01 02:20 . 2012-02-01 02:21 -------- d-----w- c:\program files (x86)\Mendeley Desktop
2012-01-31 22:06 . 2012-01-31 22:11 -------- d-----w- C:\Perl64
2012-01-31 21:56 . 2012-01-31 21:57 -------- d-----w- c:\program files\Gatan
2012-01-31 21:56 . 2012-02-02 12:38 -------- d-----w- c:\programdata\Gatan
2012-01-31 21:08 . 2011-04-07 23:36 27200 ----a-w- c:\windows\system32\drivers\fwleaf.sys
2012-01-31 21:07 . 2012-01-31 21:07 -------- d-----w- c:\program files (x86)\NETGEAR ReadyNAS
2012-01-31 21:07 . 2012-01-31 21:07 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-31 20:44 . 2012-01-31 20:44 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-31 20:34 . 2012-01-31 20:34 -------- d-----w- c:\program files (x86)\Common Files\Thomson ResearchSoft
2012-01-31 20:33 . 2012-01-31 20:34 -------- d-----w- c:\program files (x86)\EndNote X1
2012-01-31 20:32 . 2012-01-31 20:32 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-01-31 20:24 . 2012-01-31 20:34 -------- d-----w- c:\program files (x86)\Common Files\Risxtd
2012-01-31 20:18 . 2012-01-31 20:19 -------- d-----w- c:\program files (x86)\ImageJ
2012-01-31 20:11 . 2010-12-29 10:57 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 03:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-31 03:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-26_02.37.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-28 13:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-26 01:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-28 13:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-28 13:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-30 22:04 . 2012-02-28 13:00 242260 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-01-31 00:39 . 2012-02-28 13:40 267380 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ReadyNAS Remote"="c:\program files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe" [2011-05-31 362304]
"chromium"="c:\users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-02-15 1049072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-05-11 115560]
"SecureW2 Tray"="c:\program files (x86)\SecureW2\sw2_tray.exe" [2011-09-27 287112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Cobian Backup 10"="c:\program files (x86)\Cobian Backup 10\Cobian.exe" [2010-09-23 421376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MaterialsStudioGateway(18888);Materials Studio Gateway (18888);c:\progra~2\Accelrys\MATERI~1.4\etc\Gateway\apache\bin\Apache.exe [2008-11-14 20550]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [x]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902059793-1108849850-3784890769-1000Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 13:47]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902059793-1108849850-3784890769-1000UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 13:47]
.
2012-02-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2012-02-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 128.91.2.13 128.91.254.1 128.91.254.4
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\m1gs4c5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-28 09:04:42
ComboFix-quarantined-files.txt 2012-02-28 14:04
ComboFix2.txt 2012-02-26 02:55
ComboFix3.txt 2012-02-20 00:24
.
Pre-Run: 367,338,455,040 bytes free
Post-Run: 367,285,211,136 bytes free
.
- - End Of File - - 04EBB602DED63C53F224C658D76810EA

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:11 AM

Posted 28 February 2012 - 01:19 PM

Greetings

. Symantec still warns of trojan.gen.2 or trojan.gen, more than 100 risks have been identified on the computer.
can you give some locations

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tgor

tgor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 28 February 2012 - 02:00 PM

Thanks for the reply Gringo,

The location of all of the trojans is C:\Users\Tom\AppData\Local\Temp\

Ran both tools, here are the results:

TDSSKiller Report:

13:25:48.0463 7672 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
13:25:48.0879 7672 ============================================================
13:25:48.0879 7672 Current date / time: 2012/02/28 13:25:48.0879
13:25:48.0879 7672 SystemInfo:
13:25:48.0879 7672
13:25:48.0879 7672 OS Version: 6.1.7601 ServicePack: 1.0
13:25:48.0879 7672 Product type: Workstation
13:25:48.0879 7672 ComputerName: TGOR
13:25:48.0879 7672 UserName: Tom
13:25:48.0879 7672 Windows directory: C:\Windows
13:25:48.0879 7672 System windows directory: C:\Windows
13:25:48.0879 7672 Running under WOW64
13:25:48.0879 7672 Processor architecture: Intel x64
13:25:48.0879 7672 Number of processors: 2
13:25:48.0879 7672 Page size: 0x1000
13:25:48.0879 7672 Boot type: Normal boot
13:25:48.0879 7672 ============================================================
13:25:50.0276 7672 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:25:50.0285 7672 \Device\Harddisk0\DR0:
13:25:50.0286 7672 MBR used
13:25:50.0286 7672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:25:50.0286 7672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
13:25:50.0299 7672 Initialize success
13:25:50.0299 7672 ============================================================
13:25:56.0272 6520 ============================================================
13:25:56.0272 6520 Scan started
13:25:56.0272 6520 Mode: Manual;
13:25:56.0272 6520 ============================================================
13:25:57.0555 6520 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:25:57.0560 6520 1394ohci - ok
13:25:57.0584 6520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:25:57.0590 6520 ACPI - ok
13:25:57.0606 6520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:25:57.0607 6520 AcpiPmi - ok
13:25:57.0641 6520 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
13:25:57.0649 6520 ADIHdAudAddService - ok
13:25:57.0685 6520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:25:57.0693 6520 adp94xx - ok
13:25:57.0717 6520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:25:57.0723 6520 adpahci - ok
13:25:57.0748 6520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:25:57.0767 6520 adpu320 - ok
13:25:57.0813 6520 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:25:57.0822 6520 AFD - ok
13:25:57.0836 6520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:25:57.0839 6520 agp440 - ok
13:25:57.0866 6520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:25:57.0867 6520 aliide - ok
13:25:57.0880 6520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:25:57.0947 6520 amdide - ok
13:25:57.0981 6520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:25:58.0001 6520 AmdK8 - ok
13:25:58.0020 6520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:25:58.0041 6520 AmdPPM - ok
13:25:58.0063 6520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:25:58.0066 6520 amdsata - ok
13:25:58.0094 6520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:25:58.0097 6520 amdsbs - ok
13:25:58.0120 6520 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:25:58.0121 6520 amdxata - ok
13:25:58.0137 6520 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:25:58.0154 6520 AppID - ok
13:25:58.0179 6520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:25:58.0182 6520 arc - ok
13:25:58.0203 6520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:25:58.0205 6520 arcsas - ok
13:25:58.0238 6520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:25:58.0239 6520 AsyncMac - ok
13:25:58.0262 6520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:25:58.0263 6520 atapi - ok
13:25:58.0377 6520 atikmdag (cf42f86d7a5b55ce8eda0c8fe81345d5) C:\Windows\system32\DRIVERS\atikmdag.sys
13:25:58.0437 6520 atikmdag - ok
13:25:58.0478 6520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:25:58.0512 6520 b06bdrv - ok
13:25:58.0543 6520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:25:58.0548 6520 b57nd60a - ok
13:25:58.0571 6520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:25:58.0572 6520 Beep - ok
13:25:58.0608 6520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:25:58.0610 6520 blbdrive - ok
13:25:58.0628 6520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:25:58.0630 6520 bowser - ok
13:25:58.0643 6520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:25:58.0659 6520 BrFiltLo - ok
13:25:58.0685 6520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:25:58.0699 6520 BrFiltUp - ok
13:25:58.0726 6520 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:25:58.0729 6520 BridgeMP - ok
13:25:58.0757 6520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:25:58.0763 6520 Brserid - ok
13:25:58.0788 6520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:25:58.0809 6520 BrSerWdm - ok
13:25:58.0839 6520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:25:58.0840 6520 BrUsbMdm - ok
13:25:58.0865 6520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:25:58.0867 6520 BrUsbSer - ok
13:25:59.0033 6520 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:25:59.0035 6520 BthEnum - ok
13:25:59.0059 6520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:25:59.0062 6520 BTHMODEM - ok
13:25:59.0095 6520 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:25:59.0098 6520 BthPan - ok
13:25:59.0126 6520 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
13:25:59.0135 6520 BTHPORT - ok
13:25:59.0153 6520 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
13:25:59.0158 6520 BTHUSB - ok
13:25:59.0175 6520 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
13:25:59.0177 6520 btusbflt - ok
13:25:59.0199 6520 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
13:25:59.0201 6520 btwaudio - ok
13:25:59.0225 6520 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\drivers\btwavdt.sys
13:25:59.0229 6520 btwavdt - ok
13:25:59.0253 6520 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:25:59.0255 6520 btwl2cap - ok
13:25:59.0269 6520 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
13:25:59.0272 6520 btwrchid - ok
13:25:59.0278 6520 catchme - ok
13:25:59.0319 6520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:25:59.0336 6520 cdfs - ok
13:25:59.0364 6520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:25:59.0367 6520 cdrom - ok
13:25:59.0388 6520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:25:59.0390 6520 circlass - ok
13:25:59.0415 6520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:25:59.0422 6520 CLFS - ok
13:25:59.0449 6520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:25:59.0450 6520 CmBatt - ok
13:25:59.0466 6520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:25:59.0468 6520 cmdide - ok
13:25:59.0503 6520 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:25:59.0511 6520 CNG - ok
13:25:59.0533 6520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:25:59.0534 6520 Compbatt - ok
13:25:59.0555 6520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:25:59.0557 6520 CompositeBus - ok
13:25:59.0586 6520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:25:59.0609 6520 crcdisk - ok
13:25:59.0642 6520 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:25:59.0650 6520 CSC - ok
13:25:59.0683 6520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:25:59.0687 6520 DfsC - ok
13:25:59.0704 6520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:25:59.0705 6520 discache - ok
13:25:59.0721 6520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:25:59.0723 6520 Disk - ok
13:25:59.0746 6520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:25:59.0759 6520 drmkaud - ok
13:25:59.0803 6520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:25:59.0818 6520 DXGKrnl - ok
13:25:59.0838 6520 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
13:25:59.0839 6520 DzHDD64 - ok
13:25:59.0861 6520 e1express (83a87ea6a265da8fcc806c599dc596e3) C:\Windows\system32\DRIVERS\e1e6232e.sys
13:25:59.0866 6520 e1express - ok
13:25:59.0956 6520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:26:00.0029 6520 ebdrv - ok
13:26:00.0050 6520 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:26:00.0057 6520 eeCtrl - ok
13:26:00.0099 6520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:26:00.0127 6520 elxstor - ok
13:26:00.0169 6520 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:26:00.0192 6520 EraserUtilRebootDrv - ok
13:26:00.0213 6520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:26:00.0228 6520 ErrDev - ok
13:26:00.0264 6520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:26:00.0269 6520 exfat - ok
13:26:00.0287 6520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:26:00.0291 6520 fastfat - ok
13:26:00.0316 6520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:26:00.0318 6520 fdc - ok
13:26:00.0338 6520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:26:00.0341 6520 FileInfo - ok
13:26:00.0354 6520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:26:00.0356 6520 Filetrace - ok
13:26:00.0370 6520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:00.0385 6520 flpydisk - ok
13:26:00.0408 6520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:26:00.0414 6520 FltMgr - ok
13:26:00.0440 6520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:26:00.0442 6520 FsDepends - ok
13:26:00.0461 6520 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:26:00.0462 6520 Fs_Rec - ok
13:26:00.0482 6520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:26:00.0487 6520 fvevol - ok
13:26:00.0510 6520 Fwleaf (5462c481c8f526b63a1a6f3e26014bd5) C:\Windows\system32\DRIVERS\fwleaf.sys
13:26:00.0510 6520 Fwleaf - ok
13:26:00.0532 6520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:26:00.0535 6520 gagp30kx - ok
13:26:00.0559 6520 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:26:00.0561 6520 GEARAspiWDM - ok
13:26:00.0597 6520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:26:00.0614 6520 hcw85cir - ok
13:26:00.0644 6520 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:26:00.0650 6520 HdAudAddService - ok
13:26:00.0666 6520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:26:00.0669 6520 HDAudBus - ok
13:26:00.0693 6520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:26:00.0708 6520 HidBatt - ok
13:26:00.0723 6520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:26:00.0726 6520 HidBth - ok
13:26:00.0739 6520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:26:00.0742 6520 HidIr - ok
13:26:00.0762 6520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:26:00.0764 6520 HidUsb - ok
13:26:00.0789 6520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:26:00.0791 6520 HpSAMD - ok
13:26:00.0823 6520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:26:00.0840 6520 HTTP - ok
13:26:00.0864 6520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:26:00.0865 6520 hwpolicy - ok
13:26:00.0884 6520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:26:00.0887 6520 i8042prt - ok
13:26:00.0921 6520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:26:00.0928 6520 iaStorV - ok
13:26:00.0961 6520 IBMPMDRV (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:26:00.0963 6520 IBMPMDRV - ok
13:26:00.0991 6520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:26:00.0994 6520 iirsp - ok
13:26:01.0022 6520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:26:01.0022 6520 intelide - ok
13:26:01.0037 6520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:26:01.0040 6520 intelppm - ok
13:26:01.0057 6520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:01.0059 6520 IpFilterDriver - ok
13:26:01.0085 6520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:26:01.0087 6520 IPMIDRV - ok
13:26:01.0120 6520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:26:01.0123 6520 IPNAT - ok
13:26:01.0145 6520 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
13:26:01.0147 6520 irda - ok
13:26:01.0163 6520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:26:01.0163 6520 IRENUM - ok
13:26:01.0196 6520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:26:01.0199 6520 isapnp - ok
13:26:01.0220 6520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:26:01.0249 6520 iScsiPrt - ok
13:26:01.0263 6520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:26:01.0267 6520 kbdclass - ok
13:26:01.0293 6520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:26:01.0308 6520 kbdhid - ok
13:26:01.0328 6520 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:26:01.0331 6520 KSecDD - ok
13:26:01.0365 6520 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:26:01.0368 6520 KSecPkg - ok
13:26:01.0387 6520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:26:01.0388 6520 ksthunk - ok
13:26:01.0445 6520 leafnets (83ec58ed3aca5028919028667babf490) C:\Windows\system32\DRIVERS\leafnets.sys
13:26:01.0446 6520 leafnets - ok
13:26:01.0475 6520 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
13:26:01.0476 6520 lenovo.smi - ok
13:26:01.0499 6520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:26:01.0501 6520 lltdio - ok
13:26:01.0530 6520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:26:01.0533 6520 LSI_FC - ok
13:26:01.0550 6520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:26:01.0552 6520 LSI_SAS - ok
13:26:01.0571 6520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:26:01.0574 6520 LSI_SAS2 - ok
13:26:01.0591 6520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:26:01.0594 6520 LSI_SCSI - ok
13:26:01.0614 6520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:26:01.0617 6520 luafv - ok
13:26:01.0640 6520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:26:01.0657 6520 megasas - ok
13:26:01.0688 6520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:26:01.0693 6520 MegaSR - ok
13:26:01.0722 6520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:26:01.0725 6520 Modem - ok
13:26:01.0739 6520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:26:01.0742 6520 monitor - ok
13:26:01.0760 6520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:26:01.0762 6520 mouclass - ok
13:26:01.0789 6520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:26:01.0791 6520 mouhid - ok
13:26:01.0807 6520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:26:01.0809 6520 mountmgr - ok
13:26:01.0839 6520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:26:01.0853 6520 mpio - ok
13:26:01.0868 6520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:26:01.0871 6520 mpsdrv - ok
13:26:01.0898 6520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:26:01.0901 6520 MRxDAV - ok
13:26:01.0919 6520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:01.0923 6520 mrxsmb - ok
13:26:01.0953 6520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:01.0958 6520 mrxsmb10 - ok
13:26:01.0976 6520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:01.0979 6520 mrxsmb20 - ok
13:26:01.0993 6520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:26:01.0996 6520 msahci - ok
13:26:02.0014 6520 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:26:02.0017 6520 msdsm - ok
13:26:02.0046 6520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:26:02.0046 6520 Msfs - ok
13:26:02.0060 6520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:26:02.0076 6520 mshidkmdf - ok
13:26:02.0091 6520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:26:02.0091 6520 msisadrv - ok
13:26:02.0122 6520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:26:02.0136 6520 MSKSSRV - ok
13:26:02.0159 6520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:02.0160 6520 MSPCLOCK - ok
13:26:02.0176 6520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:26:02.0191 6520 MSPQM - ok
13:26:02.0224 6520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:26:02.0231 6520 MsRPC - ok
13:26:02.0248 6520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:26:02.0250 6520 mssmbios - ok
13:26:02.0264 6520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:26:02.0278 6520 MSTEE - ok
13:26:02.0296 6520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:26:02.0310 6520 MTConfig - ok
13:26:02.0325 6520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:26:02.0327 6520 Mup - ok
13:26:02.0355 6520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:26:02.0361 6520 NativeWifiP - ok
13:26:02.0374 6520 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120227.034\ENG64.SYS
13:26:02.0377 6520 NAVENG - ok
13:26:02.0435 6520 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120227.034\EX64.SYS
13:26:02.0476 6520 NAVEX15 - ok
13:26:02.0580 6520 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:26:02.0602 6520 NDIS - ok
13:26:02.0627 6520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:26:02.0629 6520 NdisCap - ok
13:26:02.0645 6520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:02.0646 6520 NdisTapi - ok
13:26:02.0662 6520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:02.0664 6520 Ndisuio - ok
13:26:02.0684 6520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:02.0687 6520 NdisWan - ok
13:26:02.0702 6520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:26:02.0704 6520 NDProxy - ok
13:26:02.0721 6520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:26:02.0723 6520 NetBIOS - ok
13:26:02.0744 6520 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:26:02.0748 6520 NetBT - ok
13:26:02.0913 6520 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:26:03.0014 6520 netw5v64 - ok
13:26:03.0042 6520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:26:03.0044 6520 nfrd960 - ok
13:26:03.0063 6520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:26:03.0065 6520 Npfs - ok
13:26:03.0094 6520 NSCIRDA (228c7cf50a584dd58e72fcefac7d8914) C:\Windows\system32\DRIVERS\nscirda.sys
13:26:03.0096 6520 NSCIRDA - ok
13:26:03.0119 6520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:26:03.0119 6520 nsiproxy - ok
13:26:03.0177 6520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:26:03.0211 6520 Ntfs - ok
13:26:03.0227 6520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:26:03.0227 6520 Null - ok
13:26:03.0250 6520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:26:03.0253 6520 nvraid - ok
13:26:03.0271 6520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:26:03.0274 6520 nvstor - ok
13:26:03.0294 6520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:26:03.0297 6520 nv_agp - ok
13:26:03.0315 6520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:26:03.0317 6520 ohci1394 - ok
13:26:03.0343 6520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:26:03.0363 6520 Parport - ok
13:26:03.0379 6520 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:26:03.0382 6520 partmgr - ok
13:26:03.0403 6520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:26:03.0407 6520 pci - ok
13:26:03.0431 6520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:26:03.0433 6520 pciide - ok
13:26:03.0452 6520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:26:03.0456 6520 pcmcia - ok
13:26:03.0470 6520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:26:03.0473 6520 pcw - ok
13:26:03.0511 6520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:26:03.0522 6520 PEAUTH - ok
13:26:03.0565 6520 pgfilter (3f6cb559fdf984a65ed13650f8df68e3) C:\Program Files\PeerGuardian2\pgfilter.sys
13:26:03.0590 6520 pgfilter - ok
13:26:03.0632 6520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:26:03.0635 6520 PptpMiniport - ok
13:26:03.0659 6520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:26:03.0661 6520 Processor - ok
13:26:03.0692 6520 psadd (4a768fb063a38b0a78ad97617d3a04f5) C:\Windows\system32\DRIVERS\psadd.sys
13:26:03.0692 6520 psadd - ok
13:26:03.0713 6520 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:26:03.0715 6520 Psched - ok
13:26:03.0791 6520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:26:03.0824 6520 ql2300 - ok
13:26:03.0840 6520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:26:03.0844 6520 ql40xx - ok
13:26:03.0861 6520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:26:03.0863 6520 QWAVEdrv - ok
13:26:03.0884 6520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:26:03.0900 6520 RasAcd - ok
13:26:03.0916 6520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:26:03.0918 6520 RasAgileVpn - ok
13:26:03.0945 6520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:26:03.0948 6520 Rasl2tp - ok
13:26:03.0966 6520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:26:03.0969 6520 RasPppoe - ok
13:26:03.0987 6520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:26:03.0990 6520 RasSstp - ok
13:26:04.0017 6520 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:26:04.0023 6520 rdbss - ok
13:26:04.0046 6520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:26:04.0047 6520 rdpbus - ok
13:26:04.0064 6520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:26:04.0064 6520 RDPCDD - ok
13:26:04.0095 6520 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:26:04.0099 6520 RDPDR - ok
13:26:04.0112 6520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:26:04.0113 6520 RDPENCDD - ok
13:26:04.0141 6520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:26:04.0142 6520 RDPREFMP - ok
13:26:04.0168 6520 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:26:04.0173 6520 RDPWD - ok
13:26:04.0203 6520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:26:04.0208 6520 rdyboost - ok
13:26:04.0251 6520 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:26:04.0255 6520 RFCOMM - ok
13:26:04.0281 6520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:26:04.0284 6520 rspndr - ok
13:26:04.0313 6520 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:26:04.0328 6520 s3cap - ok
13:26:04.0348 6520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:26:04.0350 6520 sbp2port - ok
13:26:04.0388 6520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:26:04.0391 6520 scfilter - ok
13:26:04.0421 6520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:26:04.0423 6520 secdrv - ok
13:26:04.0458 6520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:26:04.0475 6520 Serenum - ok
13:26:04.0491 6520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:26:04.0494 6520 Serial - ok
13:26:04.0516 6520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:26:04.0518 6520 sermouse - ok
13:26:04.0543 6520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:26:04.0545 6520 sffdisk - ok
13:26:04.0562 6520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:26:04.0563 6520 sffp_mmc - ok
13:26:04.0591 6520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:26:04.0593 6520 sffp_sd - ok
13:26:04.0621 6520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:26:04.0622 6520 sfloppy - ok
13:26:04.0664 6520 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
13:26:04.0667 6520 Shockprf - ok
13:26:04.0682 6520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:26:04.0684 6520 SiSRaid2 - ok
13:26:04.0700 6520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:26:04.0703 6520 SiSRaid4 - ok
13:26:04.0720 6520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:26:04.0723 6520 Smb - ok
13:26:04.0760 6520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:26:04.0760 6520 spldr - ok
13:26:04.0802 6520 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
13:26:04.0810 6520 SRTSP - ok
13:26:04.0851 6520 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
13:26:04.0889 6520 SRTSPL - ok
13:26:04.0906 6520 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
13:26:04.0908 6520 SRTSPX - ok
13:26:04.0950 6520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:26:04.0958 6520 srv - ok
13:26:04.0985 6520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:26:04.0992 6520 srv2 - ok
13:26:05.0014 6520 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:26:05.0020 6520 SrvHsfHDA - ok
13:26:05.0079 6520 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:26:05.0106 6520 SrvHsfV92 - ok
13:26:05.0148 6520 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:26:05.0160 6520 SrvHsfWinac - ok
13:26:05.0198 6520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:26:05.0201 6520 srvnet - ok
13:26:05.0274 6520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:26:05.0276 6520 stexstor - ok
13:26:05.0322 6520 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:26:05.0324 6520 storflt - ok
13:26:05.0352 6520 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:26:05.0355 6520 storvsc - ok
13:26:05.0392 6520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:26:05.0393 6520 swenum - ok
13:26:05.0431 6520 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:26:05.0446 6520 SymEvent - ok
13:26:05.0506 6520 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
13:26:05.0531 6520 SynTP - ok
13:26:05.0604 6520 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:26:05.0657 6520 Tcpip - ok
13:26:05.0727 6520 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:26:05.0739 6520 TCPIP6 - ok
13:26:05.0760 6520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:26:05.0762 6520 tcpipreg - ok
13:26:05.0794 6520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:26:05.0810 6520 TDPIPE - ok
13:26:05.0839 6520 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:26:05.0841 6520 TDTCP - ok
13:26:05.0862 6520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:26:05.0865 6520 tdx - ok
13:26:05.0880 6520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:26:05.0883 6520 TermDD - ok
13:26:05.0927 6520 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
13:26:05.0927 6520 TPDIGIMN - ok
13:26:05.0953 6520 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
13:26:05.0955 6520 TPM - ok
13:26:05.0971 6520 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
13:26:05.0972 6520 TPPWRIF - ok
13:26:05.0994 6520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:26:05.0996 6520 tssecsrv - ok
13:26:06.0015 6520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:26:06.0017 6520 TsUsbFlt - ok
13:26:06.0036 6520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:26:06.0039 6520 tunnel - ok
13:26:06.0055 6520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:26:06.0057 6520 uagp35 - ok
13:26:06.0084 6520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:26:06.0151 6520 udfs - ok
13:26:06.0178 6520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:26:06.0180 6520 uliagpkx - ok
13:26:06.0196 6520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:26:06.0199 6520 umbus - ok
13:26:06.0224 6520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:26:06.0225 6520 UmPass - ok
13:26:06.0250 6520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:26:06.0254 6520 usbccgp - ok
13:26:06.0272 6520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:26:06.0275 6520 usbcir - ok
13:26:06.0289 6520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:26:06.0291 6520 usbehci - ok
13:26:06.0328 6520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:26:06.0335 6520 usbhub - ok
13:26:06.0348 6520 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:26:06.0365 6520 usbohci - ok
13:26:06.0381 6520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:26:06.0384 6520 usbprint - ok
13:26:06.0408 6520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:26:06.0412 6520 USBSTOR - ok
13:26:06.0425 6520 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:26:06.0427 6520 usbuhci - ok
13:26:06.0448 6520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:26:06.0452 6520 vdrvroot - ok
13:26:06.0479 6520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:26:06.0481 6520 vga - ok
13:26:06.0497 6520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:26:06.0498 6520 VgaSave - ok
13:26:06.0520 6520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:26:06.0524 6520 vhdmp - ok
13:26:06.0538 6520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:26:06.0540 6520 viaide - ok
13:26:06.0564 6520 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:26:06.0568 6520 vmbus - ok
13:26:06.0601 6520 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:26:06.0603 6520 VMBusHID - ok
13:26:06.0621 6520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:26:06.0623 6520 volmgr - ok
13:26:06.0647 6520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:26:06.0655 6520 volmgrx - ok
13:26:06.0676 6520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:26:06.0682 6520 volsnap - ok
13:26:06.0719 6520 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
13:26:06.0723 6520 vpcbus - ok
13:26:06.0747 6520 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:26:06.0751 6520 vpcnfltr - ok
13:26:06.0777 6520 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
13:26:06.0780 6520 vpcusb - ok
13:26:06.0807 6520 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
13:26:06.0813 6520 vpcvmm - ok
13:26:06.0844 6520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:26:06.0848 6520 vsmraid - ok
13:26:06.0867 6520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:26:06.0869 6520 vwifibus - ok
13:26:06.0888 6520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:26:06.0891 6520 WacomPen - ok
13:26:06.0909 6520 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:26:06.0911 6520 WANARP - ok
13:26:06.0918 6520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:26:06.0919 6520 Wanarpv6 - ok
13:26:06.0950 6520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:26:06.0966 6520 Wd - ok
13:26:07.0007 6520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:26:07.0018 6520 Wdf01000 - ok
13:26:07.0051 6520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:26:07.0052 6520 WfpLwf - ok
13:26:07.0068 6520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:26:07.0085 6520 WIMMount - ok
13:26:07.0131 6520 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
13:26:07.0133 6520 WinUsb - ok
13:26:07.0161 6520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:26:07.0163 6520 WmiAcpi - ok
13:26:07.0192 6520 WPRO_41_1742 - ok
13:26:07.0208 6520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:26:07.0209 6520 ws2ifsl - ok
13:26:07.0251 6520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:26:07.0253 6520 WudfPf - ok
13:26:07.0272 6520 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:26:07.0275 6520 WUDFRd - ok
13:26:07.0309 6520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:26:07.0383 6520 \Device\Harddisk0\DR0 - ok
13:26:07.0390 6520 Boot (0x1200) (35484b89ffdfc439b101899e59f39811) \Device\Harddisk0\DR0\Partition0
13:26:07.0392 6520 \Device\Harddisk0\DR0\Partition0 - ok
13:26:07.0400 6520 Boot (0x1200) (862d9a72605d3ecb42f67eb7c561098f) \Device\Harddisk0\DR0\Partition1
13:26:07.0402 6520 \Device\Harddisk0\DR0\Partition1 - ok
13:26:07.0403 6520 ============================================================
13:26:07.0403 6520 Scan finished
13:26:07.0403 6520 ============================================================
13:26:07.0415 8172 Detected object count: 0
13:26:07.0415 8172 Actual detected object count: 0


aswMBR log:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 13:27:18
-----------------------------
13:27:18.392 OS Version: Windows x64 6.1.7601 Service Pack 1
13:27:18.393 Number of processors: 2 586 0xF06
13:27:18.394 ComputerName: TGOR UserName: Tom
13:27:20.250 Initialize success
13:29:42.280 AVAST engine defs: 12022801
13:29:48.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
13:29:48.411 Disk 0 Vendor: ST95005620AS SD28 Size: 476940MB BusType: 11
13:29:48.420 Disk 0 MBR read successfully
13:29:48.426 Disk 0 MBR scan
13:29:48.454 Disk 0 Windows 7 default MBR code
13:29:48.459 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:29:48.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
13:29:48.483 Disk 0 scanning C:\Windows\system32\drivers
13:30:01.915 Service scanning
13:30:25.581 Modules scanning
13:30:25.589 Disk 0 trace - called modules:
13:30:25.602 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:30:25.608 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033e0410]
13:30:25.618 3 CLASSPNP.SYS[fffff8800166c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002e96060]
13:30:29.323 AVAST engine scan C:\Windows
13:30:39.773 AVAST engine scan C:\Windows\system32
13:35:50.284 AVAST engine scan C:\Windows\system32\drivers
13:36:22.772 AVAST engine scan C:\Users\Tom
13:55:51.545 AVAST engine scan C:\ProgramData
13:57:15.759 Scan finished successfully
13:59:41.728 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
13:59:41.738 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:11 AM

Posted 29 February 2012 - 08:10 AM

Hello


DWH8D67.tmp <-- these happen to be a problem with Symantec finding itself http://www.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tgor

tgor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 29 February 2012 - 10:04 AM

Hi Gringo,
Thanks for your help. I haven't seen the notices now for an hour. It seems like this resolved the issue. Thanks again, below is the log file:


ComboFix 12-02-29.01 - Tom 02/29/2012 8:49.5.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1292 [GMT -5:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
Command switches used :: c:\users\Tom\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\16eed067-40d8-4239-8470-9de370bfcc4b.dll
c:\programdata\PCDr\5849\AddOnDownloaded\283cdc40-c633-4749-b3ad-8eb5e8b11b5c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\434b795d-fe06-4495-801e-fa92d93babbc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\4506fabd-988f-4627-a1de-44b2f1093b08.dll
c:\programdata\PCDr\5849\AddOnDownloaded\54874b0a-fb04-44ef-ad2b-c957aafea033.dll
c:\programdata\PCDr\5849\AddOnDownloaded\562ad818-216b-4d77-8b40-834630104d2c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\60e1ddc2-8de1-4bd0-8e65-4c3d56791c8e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\6caa3aae-ef7a-46e1-8cf0-de07c37a32af.dll
c:\programdata\PCDr\5849\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7d08b206-22ae-4429-9e22-772698e3ca65.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll
c:\programdata\PCDr\5849\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b34a10f6-a592-424f-af97-b051783f9dd2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b52e5bed-821a-41fc-9d4b-24d443ee0ad9.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\PCDr\5849\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d97b7615-5719-44f8-a032-b5cae54a0299.dll
c:\programdata\PCDr\5849\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f45a4f6c-32c1-48c0-9ee9-e840f397e395.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll
c:\programdata\PCDr\5849\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 13:58 . 2012-02-29 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 03:01 . 2012-02-26 03:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFCC3A1-749F-461D-9F8D-EE14576618E5}\offreg.dll
2012-02-26 02:57 . 2012-02-20 06:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFCC3A1-749F-461D-9F8D-EE14576618E5}\mpengine.dll
2012-02-23 14:31 . 2012-02-23 14:36 -------- d-----w- c:\program files (x86)\Inkscape
2012-02-20 01:32 . 2012-02-20 01:32 -------- d-----w- c:\program files (x86)\Datasqueeze Software
2012-02-19 23:26 . 2012-02-19 23:26 -------- d-----w- c:\programdata\Norton
2012-02-19 21:44 . 2012-02-19 21:44 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-02-19 21:05 . 2012-02-19 21:05 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 21:05 . 2012-02-19 21:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-19 21:05 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 20:44 . 2008-08-08 07:09 108032 ----a-w- c:\windows\system32\E_ILMFDA.DLL
2012-02-19 20:44 . 2007-12-07 07:01 81408 ----a-w- c:\windows\system32\E_IBCBFDA.DLL
2012-02-19 20:44 . 2012-02-19 20:45 -------- d-----w- c:\programdata\EPSON
2012-02-19 19:20 . 2012-02-20 11:50 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-02-19 19:16 . 2012-02-22 13:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-19 18:17 . 2012-02-19 18:17 -------- d-----w- c:\program files\7-Zip
2012-02-19 17:50 . 2012-02-19 17:50 -------- d-----w- c:\program files (x86)\uTorrent
2012-02-19 17:38 . 2012-02-19 17:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-19 17:38 . 2012-02-19 17:38 -------- d-----w- c:\program files (x86)\Java
2012-02-19 17:33 . 2012-02-19 19:09 -------- d-----w- c:\program files\PeerGuardian2
2012-02-19 16:29 . 2012-02-19 18:25 -------- d-----w- c:\programdata\BackupClient
2012-02-16 12:50 . 2011-12-14 07:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 12:50 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-16 12:50 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-16 12:50 . 2011-12-14 07:04 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 12:50 . 2011-12-14 02:59 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-02-16 12:50 . 2011-12-14 07:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-15 17:53 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:53 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 17:53 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:53 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 17:53 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:53 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:53 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:53 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-09 17:36 . 2012-02-19 17:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-07 19:17 . 2012-02-07 19:17 -------- d-----w- C:\SWTOOLS
2012-02-07 19:17 . 2012-02-21 19:07 -------- d-----w- c:\programdata\Lenovo
2012-02-06 19:51 . 2012-02-06 19:51 -------- d-----w- c:\program files (x86)\Google
2012-02-03 13:50 . 2012-02-03 13:50 -------- d-----w- c:\program files\Synaptics
2012-02-03 13:47 . 2010-10-15 00:24 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-02-03 13:47 . 2010-10-15 00:24 215336 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-02-03 13:47 . 2010-10-15 00:24 148264 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-02-03 13:47 . 2010-10-15 00:26 1395760 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-02-03 13:47 . 2010-10-15 00:24 273704 ----a-w- c:\windows\system32\SynCtrl.dll
2012-02-03 13:47 . 2010-10-15 00:24 218408 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-02-03 13:47 . 2010-10-15 00:24 400168 ----a-w- c:\windows\system32\SynCOM.dll
2012-02-03 13:47 . 2010-10-15 00:24 173352 ----a-w- c:\windows\SysWow64\SynCOM.dll
2012-02-03 00:06 . 2012-02-03 00:06 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-02-03 00:00 . 2012-02-03 00:00 -------- d-----w- c:\program files (x86)\Ifeffit
2012-02-02 18:44 . 2012-02-02 18:44 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-02-02 18:44 . 2012-02-02 18:44 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-02-02 18:42 . 2012-02-02 18:42 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
2012-02-02 18:41 . 2012-02-02 18:41 -------- d-----w- c:\program files (x86)\Application Verifier
2012-02-02 18:41 . 2012-02-02 18:41 -------- d-----w- c:\program files\Application Verifier (x64)
2012-02-02 16:47 . 2012-02-02 16:47 -------- d-----w- c:\windows\symbols
2012-02-02 16:47 . 2012-02-02 16:47 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-02 16:38 . 2012-02-02 16:38 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-02 16:37 . 2012-02-02 16:38 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-02 16:34 . 2012-02-02 16:34 -------- d-----w- c:\program files\Microsoft SDKs
2012-02-02 12:25 . 2012-02-02 12:32 -------- d-----w- c:\programdata\Accelrys
2012-02-02 12:25 . 2012-02-02 12:29 -------- d-----w- c:\program files (x86)\Common Files\Accelrys
2012-02-02 12:25 . 2012-02-02 12:27 -------- d-----w- c:\program files (x86)\Accelrys
2012-02-01 19:47 . 2010-11-20 10:03 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui
2012-02-01 19:47 . 2010-11-20 10:02 13312 ----a-w- c:\windows\system32\drivers\en-US\vpcvmm.sys.mui
2012-02-01 19:47 . 2010-11-20 10:02 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcuxd.sys.mui
2012-02-01 19:47 . 2010-11-20 10:09 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui
2012-02-01 19:47 . 2010-11-20 10:02 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcnfltr.sys.mui
2012-02-01 19:47 . 2010-11-20 11:35 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2012-02-01 19:46 . 2010-11-20 13:25 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2012-02-01 19:46 . 2010-11-20 10:52 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2012-02-01 19:46 . 2010-11-20 11:35 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2012-02-01 19:46 . 2010-11-20 13:34 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2012-02-01 19:46 . 2010-11-20 13:34 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2012-02-01 19:46 . 2010-11-20 13:27 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2012-02-01 19:46 . 2010-11-20 13:25 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2012-02-01 19:46 . 2010-11-20 11:35 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2012-02-01 19:46 . 2010-11-20 13:25 4514816 ----a-w- c:\windows\system32\vpc.exe
2012-02-01 19:46 . 2010-11-20 11:37 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2012-02-01 19:46 . 2010-11-20 11:37 936448 ----a-w- c:\windows\system32\vmsal.exe
2012-02-01 19:34 . 2012-02-01 19:35 -------- d-----w- c:\program files\Windows XP Mode
2012-02-01 17:02 . 2012-02-01 17:02 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-01 17:02 . 2012-02-01 17:02 -------- d-----r- c:\program files (x86)\Skype
2012-02-01 17:02 . 2012-02-01 17:02 -------- d-----w- c:\programdata\Skype
2012-02-01 16:38 . 2010-01-15 18:23 132648 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-02-01 16:38 . 2009-04-07 19:33 35104 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-02-01 16:38 . 2010-01-15 18:23 98344 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-02-01 16:38 . 2010-01-15 18:23 21288 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-02-01 16:37 . 2012-02-01 16:37 -------- d-----w- c:\program files\DIFX
2012-02-01 16:37 . 2010-04-09 04:11 54824 ----a-w- c:\windows\system32\drivers\btusbflt.sys
2012-02-01 15:44 . 2012-02-01 15:44 -------- d-----w- c:\program files (x86)\Analog Devices
2012-02-01 14:08 . 2012-02-01 14:08 -------- d-----w- c:\program files (x86)\OriginLab
2012-02-01 02:26 . 2011-12-01 08:05 527424 ------w- c:\windows\PWMBTHLV.EXE
2012-02-01 02:26 . 2011-12-01 08:05 31344 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2012-02-01 02:26 . 2011-12-01 08:05 14960 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2012-02-01 02:26 . 2011-12-01 08:05 1036352 ----a-w- c:\windows\system32\PWMCP64V.cpl
2012-02-01 02:24 . 2012-02-01 02:24 -------- d-----w- c:\program files\Common Files\Lenovo
2012-02-01 02:24 . 2012-02-01 02:24 -------- d-----w- c:\program files (x86)\Common Files\Lenovo
2012-02-01 02:23 . 2012-02-01 02:24 -------- d-----w- c:\program files\Lenovo
2012-02-01 02:23 . 2010-09-07 19:09 15472 ----a-w- c:\windows\system32\drivers\smiifx64.sys
2012-02-01 02:22 . 2012-02-03 13:51 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-02-01 02:22 . 2012-02-01 02:22 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-02-01 02:22 . 2011-08-11 16:20 45928 ----a-w- c:\windows\system32\ibmpmsvc.exe
2012-02-01 02:22 . 2011-08-11 16:20 39024 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2012-02-01 02:22 . 2011-08-11 16:20 38760 ----a-w- c:\windows\system32\tpinspm.dll
2012-02-01 02:20 . 2012-02-01 02:21 -------- d-----w- c:\program files (x86)\Mendeley Desktop
2012-01-31 22:06 . 2012-01-31 22:11 -------- d-----w- C:\Perl64
2012-01-31 21:56 . 2012-01-31 21:57 -------- d-----w- c:\program files\Gatan
2012-01-31 21:56 . 2012-02-02 12:38 -------- d-----w- c:\programdata\Gatan
2012-01-31 21:08 . 2011-04-07 23:36 27200 ----a-w- c:\windows\system32\drivers\fwleaf.sys
2012-01-31 21:07 . 2012-01-31 21:07 -------- d-----w- c:\program files (x86)\NETGEAR ReadyNAS
2012-01-31 21:07 . 2012-01-31 21:07 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-01-31 20:44 . 2012-01-31 20:44 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-01-31 20:34 . 2012-01-31 20:34 -------- d-----w- c:\program files (x86)\Common Files\Thomson ResearchSoft
2012-01-31 20:33 . 2012-01-31 20:34 -------- d-----w- c:\program files (x86)\EndNote X1
2012-01-31 20:32 . 2012-01-31 20:32 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-01-31 20:24 . 2012-01-31 20:34 -------- d-----w- c:\program files (x86)\Common Files\Risxtd
2012-01-31 20:18 . 2012-01-31 20:19 -------- d-----w- c:\program files (x86)\ImageJ
2012-01-31 20:11 . 2010-12-29 10:57 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 03:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-31 03:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-26_02.37.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-02-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-29 13:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-29 13:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-26 01:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-29 13:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-30 22:04 . 2012-02-28 13:00 242260 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-01-31 00:39 . 2012-02-29 13:40 268026 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 04:46 . 2012-02-28 18:12 109576 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ReadyNAS Remote"="c:\program files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe" [2011-05-31 362304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-05-11 115560]
"SecureW2 Tray"="c:\program files (x86)\SecureW2\sw2_tray.exe" [2011-09-27 287112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Cobian Backup 10"="c:\program files (x86)\Cobian Backup 10\Cobian.exe" [2010-09-23 421376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MaterialsStudioGateway(18888);Materials Studio Gateway (18888);c:\progra~2\Accelrys\MATERI~1.4\etc\Gateway\apache\bin\Apache.exe [2008-11-14 20550]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [x]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94530341
*NewlyCreated* - ASWMBR
*Deregistered* - 94530341
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902059793-1108849850-3784890769-1000Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 13:47]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902059793-1108849850-3784890769-1000UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 13:47]
.
2012-02-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2012-02-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 128.91.2.13 128.91.254.1 128.91.251.158
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\m1gs4c5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-29 09:02:18
ComboFix-quarantined-files.txt 2012-02-29 14:02
ComboFix2.txt 2012-02-28 14:04
ComboFix3.txt 2012-02-26 02:55
ComboFix4.txt 2012-02-20 00:24
.
Pre-Run: 365,429,751,808 bytes free
Post-Run: 365,196,918,784 bytes free
.
- - End Of File - - 770F0E154B64EA2AEB07765DA024CC7F

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:11 AM

Posted 29 February 2012 - 10:51 AM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tgor

tgor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 29 February 2012 - 03:58 PM

No problems running these three programs. Computer seems fine, no popups from symantec either.

MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tom :: TGOR [administrator]

2/29/2012 1:58:24 PM
mbam-log-2012-02-29 (13-58-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190370
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:31 PM, on 2/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Cobian Backup 10] "C:\Program Files (x86)\Cobian Backup 10\Cobian.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [C:\Windows\SysWOW64\V0400Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0400Ext.ax
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ReadyNAS Remote] C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
O4 - Startup: Dropbox.lnk = Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: leaf - {3C4A8A13-029E-430D-B8C1-46E834D20B31} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Materials Studio Gateway (18888) (MaterialsStudioGateway(18888)) - Apache Software Foundation - C:\PROGRA~2\Accelrys\MATERI~1.4\etc\Gateway\apache\bin\Apache.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12399 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:11 AM

Posted 01 March 2012 - 07:51 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [C:\Windows\SysWOW64\V0400Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0400Ext.ax
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - Startup: Dropbox.lnk = Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tgor

tgor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 01 March 2012 - 03:03 PM

Hi Gringo,

I couldn't find a way to copy the result of the Eset scan, but nothing was found by the scanner. I also ran hijackthis as you described, thanks for that suggestion, should improve the performance of the system.

BTW, I did have another Symantec pop-up. I fixed this problem by deleting the quarantine files from Symantec Endpoint Protection, as described in the link you provided above. So, now I am pop-up free. Thanks for all your help.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:11 AM

Posted 01 March 2012 - 05:36 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tgor

tgor
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 01 March 2012 - 06:38 PM

Great, thank you for all of your help.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:11 AM

Posted 01 March 2012 - 09:20 PM

You are more than welcome and glad we was able to help


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users