Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated Warnings of PDM.Keylogger/PDM.Hidden


  • This topic is locked This topic is locked
12 replies to this topic

#1 oliverrp

oliverrp

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 09 March 2012 - 11:18 AM

Windows 7 Pro 64 bit. Kaperkey AV 2012 gives me repeated waarnings of PDM.Keylogger-type activity from explorer.exe. Have scanned that file w/Kapersky and Malwarebyte with negative results. However, in Process Explorer, explorer.exe is "unable to verify" (not signed) which seems strange for a MS file. Also, besides explorer.exe, Windows directory contains "explorer.exe.Back" and "explorer_.exe.Back.2.38137490226951" which I don't recognize.

DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Bob at 9:51:41 on 2012-03-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16351.13718 [GMT -6:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\WinUtilities\ToolMemoryOptimizer.exe
C:\Program Files (x86)\WizMouse\WizMouse.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\PROGRAM FILES (X86)\SECUNIA\PSI\psi_tray.exe
C:\Users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWow64\perfhost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ReImage Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll
BHO: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO: PriceBlink.Plugin: {f904f51b-52dd-42ec-9dc8-d0856a0d1d67} - mscoree.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [robotaskbaricon.exe] C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
uRun: [SmartRAM] "C:\Program Files (x86)\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m
uRun: [Gadwin PrintScreen] "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
mRun: [<NO NAME>]
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\Advanced SystemCare 5\ASCTray.exe" /AutoStart
dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\CNETTE~1.LNK - C:\Users\Bob\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
StartupFolder: C:\Users\Bob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\PROGRAM FILES (X86)\SECUNIA\PSI\psi_tray.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: DisallowCpl = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F50} - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F55} - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D1C30D1E-A648-46E9-8011-3554511CD7C7} : DhcpNameServer = 192.168.1.254
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ReImage Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll
BHO-X64: Update Timer - No File
BHO-X64: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll
BHO-X64: script helper for ie - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: PriceBlink.Plugin: {f904f51b-52dd-42ec-9dc8-d0856a0d1d67} - mscoree.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun-x64: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun-x64: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
mRun-x64: [(Default)]
mRun-x64: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2012-2-9 922240]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2012-2-9 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-2-9 586880]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
R2 FileOpenManagerSvc;FileOpen Manager Service;C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-12-9 334720]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-10-28 219496]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-1-10 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-1-10 8456]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
S3 SystemExplorerHelpService;System Explorer Service;C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-2-14 776848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-1-11 3450832]
.
=============== File Associations ===============
.
.txt=PolyEdit Lite
.
=============== Created Last 30 ================
.
2012-03-09 15:26:44 -------- d-----w- C:\Users\Bob\AppData\Roaming\Runscanner.net
2012-03-07 03:36:54 -------- d-----w- C:\Users\Bob\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
2012-03-07 02:51:41 -------- d-----w- C:\Windows\Downloaded Installations
2012-03-06 15:22:41 -------- d-----w- C:\ProgramData\YouTube Downloader
2012-03-06 15:22:38 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2012-03-05 14:54:20 4113488 ----a-w- C:\Windows\PE_File.dll
2012-03-05 14:35:29 5187744 ----a-w- C:\Windows\PE_Rom.dll
2012-03-05 04:10:02 59 ----a-w- C:\Windows\wpd99.drv
2012-03-05 04:10:02 47616 ----a-w- C:\Windows\System32\pdf995mon64.dll
2012-03-05 04:10:02 314368 ----a-w- C:\Windows\System32\pdfmona64.dll
2012-03-05 04:10:02 11264 ----a-w- C:\Windows\System32\pdf995mon64ui.dll
2012-03-05 04:10:02 -------- d-----w- C:\ProgramData\pdf995
2012-03-05 04:10:01 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll
2012-03-05 04:10:01 -------- d-----w- C:\pdf995
2012-03-04 21:34:03 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2012-03-04 21:34:03 -------- d-----w- C:\Program Files\CPUID
2012-03-04 15:10:42 -------- d-----w- C:\Users\Bob\AppData\Roaming\Participatory Culture Foundation
2012-03-04 15:10:34 -------- d-----w- C:\Program Files (x86)\Participatory Culture Foundation
2012-03-03 22:13:24 -------- d-----w- C:\Users\Bob\AppData\Roaming\JAM Software
2012-03-03 22:13:23 -------- d-----w- C:\Program Files (x86)\JAM Software
2012-03-02 21:14:49 -------- d-----w- C:\Program Files (x86)\APC
2012-03-01 06:10:50 -------- d-----w- C:\rei
2012-03-01 06:10:48 -------- d-----w- C:\Program Files\Reimage
2012-03-01 06:10:45 -------- d-----w- C:\Program Files (x86)\ReImageCompanion
2012-02-24 16:43:59 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2012-02-24 15:40:01 -------- d-----w- C:\Program Files (x86)\Sunrise Seven
2012-02-24 03:34:36 -------- d-----w- C:\Users\Bob\AppData\Roaming\com.amazon.music.uploader
2012-02-23 21:23:38 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-02-23 20:52:16 86016 ----a-w- C:\Windows\unvise32.exe
2012-02-23 20:52:15 -------- d-----w- C:\Program Files (x86)\Savings Bond Wizard
2012-02-23 19:04:41 -------- d-----w- C:\Users\Bob\AppData\Local\Morphyre
2012-02-23 19:04:41 -------- d-----w- C:\Program Files (x86)\Morphyre
2012-02-22 22:44:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-02-20 03:09:46 -------- d-----w- C:\Program Files\ProcessExplorer
2012-02-18 19:31:15 -------- d-----w- C:\ProgramData\Tarma Installer
2012-02-18 19:25:26 -------- d-----w- C:\Windows\PIXTRAN
2012-02-18 19:25:22 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared
2012-02-18 19:06:28 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.5
2012-02-17 14:55:47 -------- d-----w- C:\Users\Bob\AppData\Roaming\MyHeritage
2012-02-17 14:55:47 -------- d-----w- C:\ProgramData\MyHeritage
2012-02-17 14:55:41 454656 ----a-w- C:\Windows\SysWow64\PaintX.dll
2012-02-17 14:55:41 372736 ----a-w- C:\Windows\SysWow64\ijl15.dll
2012-02-17 14:55:41 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2012-02-17 14:55:41 -------- d-----w- C:\Users\Bob\AppData\Roaming\The Complete Genealogy Reporter - FTB
2012-02-17 14:54:54 -------- d-----w- C:\Program Files (x86)\MyHeritage
2012-02-15 16:25:30 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 16:25:30 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 16:25:29 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 16:25:29 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 16:25:28 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 16:25:28 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 16:25:26 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 16:25:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-13 18:21:17 -------- d-----w- C:\Program Files (x86)\WizMouse
2012-02-11 05:30:52 -------- d-----w- C:\Temp
2012-02-11 05:30:03 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2012-02-09 23:45:05 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2012-02-09 23:13:48 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2012-02-09 23:11:45 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2012-02-09 23:09:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-02-09 23:09:52 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-02-09 23:09:52 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-02-09 23:09:52 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-02-09 23:09:52 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-02-09 23:09:16 -------- d-----w- C:\ProgramData\ASUS
2012-02-09 23:09:12 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll
2012-02-09 23:09:12 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2012-02-09 23:09:12 -------- d-----w- C:\Program Files (x86)\ASUS
2012-02-09 23:09:11 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2012-02-09 23:09:11 10216 ------w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
.
==================== Find3M ====================
.
2012-03-06 21:01:50 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-27 22:32:41 2871808 ----a-w- C:\Windows\explorer.exe
2012-02-16 06:32:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-04 15:43:49 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-01-29 03:14:40 60296 ---ha-w- C:\Windows\System32\drivers\PROCMON20.SYS
2012-01-20 23:08:23 3006264 ----a-w- C:\Windows\System32\auto_reactivate.exe
2012-01-20 19:27:18 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-01-20 19:24:25 848 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-01-16 17:06:10 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-01-16 04:09:52 0 ----a-w- C:\Users\Bob\AppData\Roaming\tcedition.09.tmp
2012-01-13 03:39:56 255352 ------w- C:\Windows\SysWow64\awrdscdc.ax
2012-01-12 00:05:26 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2012-01-12 00:05:21 1285216 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2012-01-12 00:05:19 211040 ----a-w- C:\Windows\System32\drivers\vididr.sys
2012-01-12 00:05:18 142944 ----a-w- C:\Windows\System32\drivers\vsflt61.sys
2012-01-12 00:05:16 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-01-12 00:05:14 133728 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2012-01-11 23:39:46 986208 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-01-11 23:39:37 142944 ----a-w- C:\Windows\System32\drivers\vsflt58.sys
2012-01-09 20:03:22 3478016 ------w- C:\Windows\SysWow64\ffdshow.ax
2012-01-09 20:00:48 4346880 ------w- C:\Windows\SysWow64\ffmpeg.dll
2012-01-09 03:15:38 152576 ------w- C:\Windows\SysWow64\msclmd.dll
2012-01-09 03:15:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-09 01:33:40 0 ----a-w- C:\Windows\ativpsrm.bin
2012-01-07 22:24:16 568320 ----a-w- C:\Windows\System32\LAVVideo.ax
2012-01-07 22:24:16 552448 ----a-w- C:\Windows\System32\LAVSplitter.ax
2012-01-07 22:24:12 243200 ----a-w- C:\Windows\System32\LAVAudio.ax
2012-01-07 22:24:08 202240 ----a-w- C:\Windows\System32\libbluray.dll
2012-01-07 22:24:00 6557838 ----a-w- C:\Windows\System32\avcodec-lav-53.dll
2012-01-07 22:24:00 379129 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2012-01-07 22:24:00 209331 ----a-w- C:\Windows\System32\avutil-lav-51.dll
2012-01-07 22:24:00 125782 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
2012-01-07 22:24:00 1020391 ----a-w- C:\Windows\System32\avformat-lav-53.dll
2012-01-07 22:22:08 460800 ------w- C:\Windows\SysWow64\LAVSplitter.ax
2012-01-07 22:22:04 448000 ------w- C:\Windows\SysWow64\LAVVideo.ax
2012-01-07 22:22:04 212992 ------w- C:\Windows\SysWow64\LAVAudio.ax
2012-01-07 22:22:00 172032 ------w- C:\Windows\SysWow64\libbluray.dll
2012-01-07 22:21:50 6366094 ------w- C:\Windows\SysWow64\avcodec-lav-53.dll
2012-01-07 22:21:50 354979 ------w- C:\Windows\SysWow64\swscale-lav-2.dll
2012-01-07 22:21:50 203306 ------w- C:\Windows\SysWow64\avutil-lav-51.dll
2012-01-07 22:21:50 138727 ------w- C:\Windows\SysWow64\avfilter-lav-2.dll
2012-01-07 22:21:50 1007151 ------w- C:\Windows\SysWow64\avformat-lav-53.dll
2012-01-07 22:20:24 142336 ------w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2012-01-07 22:19:56 169984 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2012-01-05 18:23:36 4369920 ----a-w- C:\Windows\System32\ffdshow.ax
2012-01-05 18:19:36 4431872 ----a-w- C:\Windows\System32\ffmpeg.dll
2011-12-21 15:32:14 404496 ----a-w- C:\Windows\SysWow64\FTBSaver.scr
2011-12-20 18:53:04 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2011-12-20 18:53:02 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2011-12-20 18:52:22 114176 ----a-w- C:\Windows\System32\ff_wmv9.dll
2011-12-20 18:52:16 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2011-12-20 18:52:14 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2011-12-20 18:52:14 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2011-12-20 18:52:10 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2011-12-20 18:52:10 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
2011-12-20 18:51:56 359424 ----a-w- C:\Windows\System32\ff_libfaad2.dll
2011-12-20 18:51:32 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
2011-12-20 18:50:04 79360 ------w- C:\Windows\SysWow64\ff_vfw.dll
2011-12-20 18:49:56 99328 ------w- C:\Windows\SysWow64\ff_wmv9.dll
2011-12-20 18:49:54 158720 ------w- C:\Windows\SysWow64\ff_unrar.dll
2011-12-20 18:49:54 146944 ------w- C:\Windows\SysWow64\ff_libmad.dll
2011-12-20 18:49:52 212480 ------w- C:\Windows\SysWow64\ff_libdts.dll
2011-12-20 18:49:52 1525248 ------w- C:\Windows\SysWow64\ff_samplerate.dll
2011-12-20 18:49:52 115200 ------w- C:\Windows\SysWow64\ff_liba52.dll
2011-12-20 18:49:50 328704 ------w- C:\Windows\SysWow64\ff_libfaad2.dll
2011-12-20 18:49:50 260608 ------w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2011-12-20 18:49:50 137728 ------w- C:\Windows\SysWow64\libmpeg2_ff.dll
2011-12-15 00:46:42 222904 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 9:52:07.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 12 March 2012 - 11:56 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 oliverrp

oliverrp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 13 March 2012 - 11:42 AM

Thanks for the help :clapping:

Only problem was that ComboFix disabled AV, even tho it was paused, but got it back w/o too much trouble. Very interested in what you find.
Bob.

ComboFix Log:
ComboFix 12-03-12.03 - Bob 03/13/2012 9:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16351.13689 [GMT -5:00]
Running from: c:\users\Bob\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\_Setup.dll
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.dat
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.exe
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.ico
c:\programdata\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\TsuDll.dll
c:\users\Bob\AppData\Roaming\tcedition.09.tmp
c:\users\Bob\en_res.dll
c:\users\Bob\es_res.dll
c:\users\Bob\fr_res.dll
c:\users\Bob\grm_res.dll
c:\users\Bob\it_res.dll
c:\users\Bob\jp_res.dll
c:\users\Bob\mfc80u.dll
c:\users\Bob\msvcr80.dll
c:\users\Bob\PCPE Setup.exe
c:\users\Bob\pt_res.dll
c:\users\Bob\ResourceReader.dll
c:\users\Bob\ru_res.dll
c:\users\Bob\zh_res.dll
c:\windows\isRS-000.tmp
c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 04:14 . 2012-03-08 21:51 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe
2012-03-13 04:14 . 2012-03-08 21:51 3321728 ----a-w- c:\windows\system32\BootMan.exe
2012-03-13 04:14 . 2011-07-29 18:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-03-13 04:14 . 2011-07-29 18:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2012-03-13 04:14 . 2011-07-29 18:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2012-03-13 04:14 . 2011-07-29 18:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2012-03-13 04:14 . 2011-07-29 18:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2012-03-13 04:14 . 2011-07-29 18:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2012-03-13 04:14 . 2011-07-29 18:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2012-03-13 04:14 . 2011-07-29 18:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-03-12 05:12 . 2012-03-12 05:12 -------- d-----w- c:\program files (x86)\EASEUS
2012-03-09 15:26 . 2012-03-09 15:26 -------- d-----w- c:\users\Bob\AppData\Roaming\Runscanner.net
2012-03-07 03:36 . 2012-03-07 03:36 -------- d-----w- c:\users\Bob\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
2012-03-07 02:51 . 2012-03-07 02:51 -------- d-----w- c:\windows\Downloaded Installations
2012-03-06 15:22 . 2012-03-06 15:22 -------- d-----w- c:\programdata\YouTube Downloader
2012-03-06 15:22 . 2012-03-06 15:22 -------- d-----w- c:\program files (x86)\YouTube Downloader
2012-03-05 14:54 . 2012-03-05 15:33 4113488 ----a-w- c:\windows\PE_File.dll
2012-03-05 14:35 . 2012-03-05 15:34 5187744 ----a-w- c:\windows\PE_Rom.dll
2012-03-05 04:13 . 2012-03-05 04:13 -------- d-----w- c:\users\Bob\AppData\Roaming\pdf995
2012-03-05 04:10 . 2012-03-12 05:11 59 ----a-w- c:\windows\wpd99.drv
2012-03-05 04:10 . 2012-03-05 04:29 -------- d-----w- c:\programdata\pdf995
2012-03-05 04:10 . 2008-09-24 20:05 320000 ----a-w- c:\windows\system32\pdfmona64.dll
2012-03-05 04:10 . 2006-10-20 03:44 47616 ----a-w- c:\windows\system32\pdf995mon64.dll
2012-03-05 04:10 . 2005-06-30 20:29 11264 ----a-w- c:\windows\system32\pdf995mon64ui.dll
2012-03-05 04:10 . 2012-03-12 05:11 47616 ----a-w- c:\windows\SysWow64\pdf995mon64.dll
2012-03-05 04:10 . 2012-03-05 04:11 -------- d-----w- C:\pdf995
2012-03-04 21:34 . 2012-03-04 21:34 -------- d-----w- c:\program files\CPUID
2012-03-04 21:34 . 2011-09-21 16:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
2012-03-04 15:17 . 2012-03-04 15:18 -------- d-----w- c:\users\Bob\AppData\Roaming\gtk-2.0
2012-03-04 15:10 . 2012-03-04 15:10 -------- d-----w- c:\users\Bob\AppData\Roaming\Participatory Culture Foundation
2012-03-04 15:10 . 2012-03-04 15:10 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2012-03-03 22:13 . 2012-03-03 22:13 -------- d-----w- c:\users\Bob\AppData\Roaming\JAM Software
2012-03-03 22:13 . 2012-03-03 22:13 -------- d-----w- c:\program files (x86)\JAM Software
2012-03-02 21:14 . 2012-03-02 21:14 -------- d-----w- c:\program files (x86)\APC
2012-03-02 21:13 . 2012-03-02 21:13 13338112 ----a-w- c:\users\Bob\PCPE_3.0.1.msi
2012-03-01 06:10 . 2012-03-01 06:11 -------- d-----w- C:\rei
2012-03-01 06:10 . 2012-03-01 06:10 -------- d-----w- c:\program files\Reimage
2012-03-01 06:10 . 2012-03-01 06:10 -------- d-----w- c:\program files (x86)\ReImageCompanion
2012-02-27 22:29 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe.Back
2012-02-24 16:43 . 2008-03-18 10:07 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-02-24 15:40 . 2012-02-27 22:33 -------- d-----w- c:\program files (x86)\Sunrise Seven
2012-02-24 03:34 . 2012-02-24 03:34 -------- d-----w- c:\users\Bob\AppData\Roaming\com.amazon.music.uploader
2012-02-23 21:23 . 2012-02-23 21:23 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-02-23 20:52 . 1999-12-17 15:13 86016 ----a-w- c:\windows\unvise32.exe
2012-02-23 20:52 . 2012-02-23 20:52 -------- d-----w- c:\program files (x86)\Savings Bond Wizard
2012-02-23 19:04 . 2012-02-23 19:10 -------- d-----w- c:\users\Bob\AppData\Local\Morphyre
2012-02-23 19:04 . 2012-02-23 19:04 -------- d-----w- c:\program files (x86)\Morphyre
2012-02-22 22:44 . 2012-02-22 22:44 -------- d-----w- c:\program files (x86)\VideoLAN
2012-02-20 03:35 . 2012-02-20 03:35 -------- d-----w- c:\users\Bob\AppData\Roaming\Amazon
2012-02-20 03:09 . 2012-02-20 03:15 -------- d-----w- c:\program files\ProcessExplorer
2012-02-18 19:25 . 2012-02-18 19:25 -------- d-----w- c:\windows\PIXTRAN
2012-02-18 19:25 . 2012-02-18 19:35 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared
2012-02-18 19:06 . 2012-02-18 19:06 -------- d-----w- c:\program files (x86)\LibreOffice 3.5
2012-02-17 14:55 . 2012-02-17 14:57 -------- d-----w- c:\programdata\MyHeritage
2012-02-17 14:55 . 2012-02-17 14:56 -------- d-----w- c:\users\Bob\AppData\Roaming\MyHeritage
2012-02-17 14:55 . 2012-02-17 14:55 -------- d-----w- c:\users\Bob\AppData\Roaming\The Complete Genealogy Reporter - FTB
2012-02-17 14:55 . 2003-07-06 19:07 372736 ----a-w- c:\windows\SysWow64\ijl15.dll
2012-02-17 14:55 . 2002-03-07 06:19 454656 ----a-w- c:\windows\SysWow64\PaintX.dll
2012-02-17 14:55 . 2000-03-14 05:00 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-02-17 14:54 . 2012-02-17 14:55 -------- d-----w- c:\program files (x86)\MyHeritage
2012-02-16 06:32 . 2012-02-16 06:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-16 06:32 . 2012-02-16 06:32 -------- d-----w- c:\program files (x86)\Java
2012-02-15 16:25 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 16:25 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 16:25 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 16:25 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 16:25 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 16:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 16:25 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 16:25 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-13 18:50 . 2012-02-13 19:48 -------- d-----w- c:\users\Bob\AppData\Roaming\Audacity
2012-02-13 18:21 . 2012-02-13 18:21 -------- d-----w- c:\program files (x86)\WizMouse
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 21:01 . 2012-01-11 22:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-27 22:32 . 2012-01-09 00:53 2871808 ----a-w- c:\windows\explorer_.exe.Back.2.38137490226951
2012-02-16 06:32 . 2012-01-12 01:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-04 15:43 . 2012-01-11 05:58 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-29 03:14 . 2012-01-29 03:14 60296 ---ha-w- c:\windows\system32\drivers\PROCMON20.SYS
2012-01-26 19:09 . 2012-01-26 19:09 388096 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-20 23:08 . 2012-01-12 22:51 3006264 ----a-w- c:\windows\system32\auto_reactivate.exe
2012-01-20 20:10 . 2012-01-20 20:10 883712 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{8D03A164-B586-4318-AFE6-870A5E2739C1}\Icon8D03A164.exe
2012-01-20 19:24 . 2012-01-20 19:19 848 --sha-w- c:\programdata\KGyGaAvL.sys
2012-01-16 17:06 . 2012-01-09 00:25 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-01-13 03:39 . 2012-01-13 03:39 255352 ------w- c:\windows\SysWow64\awrdscdc.ax
2012-01-12 00:05 . 2012-01-12 00:05 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-01-12 00:05 . 2012-01-11 23:39 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-01-12 00:05 . 2012-01-12 00:05 211040 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-01-12 00:05 . 2012-01-12 00:05 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2012-01-12 00:05 . 2012-01-11 23:39 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-01-12 00:05 . 2012-01-11 23:39 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-01-11 23:39 . 2012-01-11 23:39 986208 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-01-11 23:39 . 2012-01-11 23:39 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys
2012-01-11 05:59 . 2012-01-11 05:59 53248 ----a-r- c:\users\Bob\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-09 20:03 . 2012-01-09 20:03 3478016 ------w- c:\windows\SysWow64\ffdshow.ax
2012-01-09 20:00 . 2012-01-09 20:00 4346880 ------w- c:\windows\SysWow64\ffmpeg.dll
2012-01-09 03:15 . 2009-07-14 02:36 152576 ------w- c:\windows\SysWow64\msclmd.dll
2012-01-09 03:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-09 01:15 . 2012-01-09 01:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-09 01:15 . 2012-01-09 01:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-09 01:15 . 2012-01-09 01:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-09 01:15 . 2012-01-09 01:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-09 01:15 . 2012-01-09 01:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-09 01:15 . 2012-01-09 01:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-09 01:15 . 2012-01-09 01:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-09 01:15 . 2012-01-09 01:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-09 01:15 . 2012-01-09 01:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-09 01:15 . 2012-01-09 01:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-09 01:15 . 2012-01-09 01:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-09 01:15 . 2012-01-09 01:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-09 01:15 . 2012-01-09 01:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-09 01:15 . 2012-01-09 01:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-09 01:15 . 2012-01-09 01:15 448512 ----a-w- c:\windows\system32\html.iec
2012-01-09 01:15 . 2012-01-09 01:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-09 01:15 . 2012-01-09 01:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-09 01:15 . 2012-01-09 01:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-09 01:15 . 2012-01-09 01:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-09 01:15 . 2012-01-09 01:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-09 01:15 . 2012-01-09 01:15 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-09 01:15 . 2012-01-09 01:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-09 01:15 . 2012-01-09 01:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-09 01:15 . 2012-01-09 01:15 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-09 01:15 . 2012-01-09 01:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-09 01:15 . 2012-01-09 01:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-09 01:15 . 2012-01-09 01:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-09 01:15 . 2012-01-09 01:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-09 01:15 . 2012-01-09 01:15 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-09 01:15 . 2012-01-09 01:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-09 01:15 . 2012-01-09 01:15 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-09 01:15 . 2012-01-09 01:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-09 01:15 . 2012-01-09 01:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-09 01:15 . 2012-01-09 01:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-07 22:24 . 2012-01-07 22:24 568320 ----a-w- c:\windows\system32\LAVVideo.ax
2012-01-07 22:24 . 2012-01-07 22:24 552448 ----a-w- c:\windows\system32\LAVSplitter.ax
2012-01-07 22:24 . 2012-01-07 22:24 243200 ----a-w- c:\windows\system32\LAVAudio.ax
2012-01-07 22:24 . 2012-01-07 22:24 202240 ----a-w- c:\windows\system32\libbluray.dll
2012-01-07 22:24 . 2012-01-07 22:24 6557838 ----a-w- c:\windows\system32\avcodec-lav-53.dll
2012-01-07 22:24 . 2012-01-07 22:24 379129 ----a-w- c:\windows\system32\swscale-lav-2.dll
2012-01-07 22:24 . 2012-01-07 22:24 209331 ----a-w- c:\windows\system32\avutil-lav-51.dll
2012-01-07 22:24 . 2012-01-07 22:24 125782 ----a-w- c:\windows\system32\avfilter-lav-2.dll
2012-01-07 22:24 . 2012-01-07 22:24 1020391 ----a-w- c:\windows\system32\avformat-lav-53.dll
2012-01-07 22:22 . 2012-01-07 22:22 460800 ------w- c:\windows\SysWow64\LAVSplitter.ax
2012-01-07 22:22 . 2012-01-07 22:22 448000 ------w- c:\windows\SysWow64\LAVVideo.ax
2012-01-07 22:22 . 2012-01-07 22:22 212992 ------w- c:\windows\SysWow64\LAVAudio.ax
2012-01-07 22:22 . 2012-01-07 22:22 172032 ------w- c:\windows\SysWow64\libbluray.dll
2012-01-07 22:21 . 2012-01-07 22:21 6366094 ------w- c:\windows\SysWow64\avcodec-lav-53.dll
2012-01-07 22:21 . 2012-01-07 22:21 354979 ------w- c:\windows\SysWow64\swscale-lav-2.dll
2012-01-07 22:21 . 2012-01-07 22:21 203306 ------w- c:\windows\SysWow64\avutil-lav-51.dll
2012-01-07 22:21 . 2012-01-07 22:21 138727 ------w- c:\windows\SysWow64\avfilter-lav-2.dll
2012-01-07 22:21 . 2012-01-07 22:21 1007151 ------w- c:\windows\SysWow64\avformat-lav-53.dll
2012-01-07 22:20 . 2012-01-07 22:20 142336 ------w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
2012-01-07 22:19 . 2012-01-07 22:19 169984 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2012-01-05 18:23 . 2012-01-05 18:23 4369920 ----a-w- c:\windows\system32\ffdshow.ax
2012-01-05 18:19 . 2012-01-05 18:19 4431872 ----a-w- c:\windows\system32\ffmpeg.dll
2011-12-21 15:32 . 2011-12-21 15:32 404496 ----a-w- c:\windows\SysWow64\FTBSaver.scr
2011-12-20 18:53 . 2011-12-20 18:53 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2011-12-20 18:53 . 2011-12-20 18:53 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2011-12-20 18:52 . 2011-12-20 18:52 114176 ----a-w- c:\windows\system32\ff_wmv9.dll
2011-12-20 18:52 . 2011-12-20 18:52 156672 ----a-w- c:\windows\system32\ff_libmad.dll
2011-12-20 18:52 . 2011-12-20 18:52 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
2011-12-20 18:52 . 2011-12-20 18:52 116224 ----a-w- c:\windows\system32\ff_liba52.dll
2011-12-20 18:52 . 2011-12-20 18:52 222720 ----a-w- c:\windows\system32\ff_libdts.dll
2011-12-20 18:52 . 2011-12-20 18:52 183808 ----a-w- c:\windows\system32\ff_unrar.dll
2011-12-20 18:51 . 2011-12-20 18:51 359424 ----a-w- c:\windows\system32\ff_libfaad2.dll
2011-12-20 18:51 . 2011-12-20 18:51 190464 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2011-12-20 18:50 . 2011-12-20 18:50 79360 ------w- c:\windows\SysWow64\ff_vfw.dll
2011-12-20 18:49 . 2011-12-20 18:49 99328 ------w- c:\windows\SysWow64\ff_wmv9.dll
2011-12-20 18:49 . 2011-12-20 18:49 158720 ------w- c:\windows\SysWow64\ff_unrar.dll
2011-12-20 18:49 . 2011-12-20 18:49 146944 ------w- c:\windows\SysWow64\ff_libmad.dll
2011-12-20 18:49 . 2011-12-20 18:49 212480 ------w- c:\windows\SysWow64\ff_libdts.dll
2011-12-20 18:49 . 2011-12-20 18:49 1525248 ------w- c:\windows\SysWow64\ff_samplerate.dll
2011-12-20 18:49 . 2011-12-20 18:49 115200 ------w- c:\windows\SysWow64\ff_liba52.dll
2011-12-20 18:49 . 2011-12-20 18:49 328704 ------w- c:\windows\SysWow64\ff_libfaad2.dll
2011-12-20 18:49 . 2011-12-20 18:49 260608 ------w- c:\windows\SysWow64\TomsMoComp_ff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2012-02-09 09:45 141176 ----a-w- c:\program files (x86)\ReImageCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a0e8bc7d-6959-40b6-8e05-204d9768ad6e}]
2012-02-09 09:44 225656 ----a-w- c:\program files (x86)\ReImageCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f904f51b-52dd-42ec-9dc8-d0856a0d1d67}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"robotaskbaricon.exe"="c:\program files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe" [2012-03-12 108136]
"SmartRAM"="c:\program files (x86)\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2011-12-31 421208]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-12 108136]
"Advanced SystemCare 5"="c:\program files (x86)\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-10-29 51120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-12 108136]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe [2012-1-30 5492048]
.
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\Bob\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]
Dropbox.lnk - c:\users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe [2012-1-30 5492048]
.
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
CNET TechTracker.lnk - c:\users\Bob\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
Secunia PSI Tray.lnk - c:\program files (x86)\SECUNIA\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R3 cpuz134;cpuz134;c:\users\Bob\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-12-16 5881952]
R3 SystemExplorerHelpService;System Explorer Service;c:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [2012-02-22 776848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-12 3450832]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-12-10 334720]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-10-29 219496]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-786123379-2523838320-624102883-1003Core.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 18:40]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-786123379-2523838320-624102883-1003UA.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 18:40]
.
2012-03-13 c:\windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
- c:\program files (x86)\WinUtilities\ToolMemoryOptimizer.exe [2012-03-12 16:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"FileOpenBroker"="c:\program files\fileopen\services\fileopenbroker64.exe" [2011-12-10 900992]
"EvtMgr6"="c:\program files\logitech\setpointp\setpoint.exe" [2011-10-07 1744152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm TaskBar Icon - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\ReImageCompanion\tdataprotocol.dll
.
.
------- File Associations -------
.
.txt=PolyEdit Lite
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-TaxACT 2010 - o:\taxret~1\Unta10.exe
AddRemove-TaxACT 2010 Tennessee - o:\taxret~1\UnStTax.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:60,7f,bf,82,dc,d4,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,be,2d,cd,09,d5,1f,44,ae,b2,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,be,2d,cd,09,d5,1f,44,ae,b2,2c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOBT01.00.00.01PRO"="36F9537CBA9B0A112F78ABC58F150A3972F9E953B976387C7646B1639A4D42C248F3FD35DBE3790EF3AE624EA1A29E267FC559134F4D3798F3882424D2867103F87DB49990309C3081DEB283CF88B281026C82C1BB2E66B33E0AED227E61D3E1A0B2C45E59A02FE628B72A575F8C10896452D6AEB125C3F77683002C564E3896B74141EC99ACEF17DB7E1D6E7E4A086D317309DE4512500363C39141F91270CA5E6E00E3971FA099B58A2225BE32EC521A5A9208F0270F676E2E9995EAC4D01F58101B93809208B86E47158A1283FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98085D575E7D6A3B9808A6A0AC4980AC7933FC5C6CC798B4C116078CD2930B676F865E399B804B6434A372367D5CA99D135629759BB5F908D3CE5C2AB5639323F0B15B2EDCCC5DCB9E8D824140136DE0D7A66795097A37B8038B06AD422FCDE1A8028D0754D32A3F2EBAB69512E413E32C5EA4934EE282CED5E1631B8959AC69E233E815AEAE08E0162CACF156BE704750E2D1B92A52500A32BAD46946DCE6B450D15D9BBC8A8D8870358C0719A51E5DE36D65C87F425C5963D54486D2C377F105C2E556732897423C7D7CFA87ADF931EF0B5871553CA364194398512F2F1E03F9BC7BEF6B5EC4CCD9812BE7F281247EDD9A295DD6E06983E7E8C31D7F535EFE0B499F8BE115FA1C8D10C6DCD06003347AD35825D2613244C481B6B38AF8FDB07947D43CB74A62D7824D86DABC9ABFF87ABCEC59BB064A690C1AE74EBDFB0A9668EA220C728E665B453121D8F3194624F2B3EE7CA92BBE677E145421A84BCF62E0399578B90737B5478754BFD8D348435F69ED85563F6168BD26764C006DE3FB508E3C71DAEE49AADDEFDFEDEFDA3C161DE1FADF20C44848515954E91A791DFC05982C5DC71154B2C2DD89B5634F58116EF5AA6A8CD34E1AA68CF385F21C953435DA7B139350D478131A995D81E79DDCFAD218773F1812248B70601FAA952E24F7AA4561F8A10B5C50BF5C1E3C6EC956CB79DFCF85D0F3DD320CA6AA07390883CA35AA0A530D7BF05F3E2326AA42638DCF3E24ACCC4F1CF534B6D990EC700BBB0EF64F3F25326D7D8AD9419884D4B3C7DACA89BD29FDF3CD8CA0912CEA37646D0544592C1240EDFD7FA9110AA92CC8FB211A3BA651D5A8FB1A4A684EAE1E016958C2F56DE3FC4CA24E9BED05996371583D7FE6FC9FE62D481F8AFBBA0EC8933695EED39486C21DCDED6CB888FCA745BDAF1DBC4D1354B730C589EF297E6F150FAC15A7A58A7EB797B53257851CBC1B3E586DF315CE55C2661747E9C51F6040E2715AA81AA6AFB94C65D2B0E1647712A47FBCC4C819B50C5005931631ADF813D21DB3915EB26E03E91C0CB278E9430A6D4E2BEDCE"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\WizMouse\WizMouse.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\windows\SysWow64\perfhost.exe
.
**************************************************************************
.
Completion time: 2012-03-13 10:26:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 15:26
.
Pre-Run: 312,813,051,904 bytes free
Post-Run: 314,042,773,504 bytes free
.
- - End Of File - - 746D64C1AEF97A6789D0709CB1426BD0

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 13 March 2012 - 12:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 oliverrp

oliverrp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 13 March 2012 - 08:37 PM

Hi,

Results below. The aswMBR also saved a Disk 1 MBR.dat file. Do you want that also (I don't know that I can open and copy it)? :

18:51:53.0918 5760 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:51:54.0464 5760 ============================================================
18:51:54.0464 5760 Current date / time: 2012/03/13 18:51:54.0464
18:51:54.0464 5760 SystemInfo:
18:51:54.0464 5760
18:51:54.0464 5760 OS Version: 6.1.7601 ServicePack: 1.0
18:51:54.0464 5760 Product type: Workstation
18:51:54.0464 5760 ComputerName: BOB-PC
18:51:54.0464 5760 UserName: Bob
18:51:54.0464 5760 Windows directory: C:\Windows
18:51:54.0464 5760 System windows directory: C:\Windows
18:51:54.0464 5760 Running under WOW64
18:51:54.0464 5760 Processor architecture: Intel x64
18:51:54.0464 5760 Number of processors: 4
18:51:54.0464 5760 Page size: 0x1000
18:51:54.0464 5760 Boot type: Normal boot
18:51:54.0464 5760 ============================================================
18:51:55.0665 5760 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:51:55.0665 5760 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x2DD78, SectorsPerTrack: 0x33, TracksPerCylinder: 0x66, Type 'K0', Flags 0x00000040
18:51:55.0681 5760 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:51:55.0681 5760 Drive \Device\Harddisk10\DR10 - Size: 0x1DCC00000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:51:55.0696 5760 Drive \Device\Harddisk3\DR3 - Size: 0x2BA9F400000 (2794.49 Gb), SectorSize: 0x1000, Cylinders: 0xB21F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:52:13.0792 5760 Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:52:23.0995 5760 Drive \Device\Harddisk9\DR9 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:52:34.0088 5760 \Device\Harddisk1\DR1:
18:52:34.0088 5760 MBR used
18:52:34.0088 5760 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:52:34.0088 5760 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
18:52:34.0088 5760 \Device\Harddisk0\DR0:
18:52:34.0088 5760 MBR used
18:52:34.0088 5760 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x33, BlocksNum 0x2C10500D
18:52:34.0088 5760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2C106490, BlocksNum 0xE27EB70
18:52:34.0088 5760 \Device\Harddisk2\DR2:
18:52:34.0104 5760 MBR used
18:52:34.0104 5760 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1994B65C
18:52:34.0104 5760 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x4949F27A, BlocksNum 0x2B266747
18:52:34.0119 5760 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x1994B6DA, BlocksNum 0x2FB53BA0
18:52:34.0119 5760 \Device\Harddisk10\DR10:
18:52:34.0119 5760 MBR used
18:52:34.0119 5760 \Device\Harddisk10\DR10\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE4080
18:52:34.0119 5760 \Device\Harddisk3\DR3:
18:52:34.0119 5760 MBR used
18:52:34.0119 5760 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x2BA9F300
18:52:34.0119 5760 \Device\Harddisk4\DR4:
18:52:34.0119 5760 MBR used
18:52:34.0119 5760 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8C9C000
18:52:34.0119 5760 \Device\Harddisk9\DR9:
18:52:34.0119 5760 MBR used
18:52:34.0119 5760 \Device\Harddisk9\DR9\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8C9C000
18:52:35.0196 5760 Initialize success
18:52:35.0196 5760 ============================================================
18:52:44.0306 5440 ============================================================
18:52:44.0306 5440 Scan started
18:52:44.0306 5440 Mode: Manual;
18:52:44.0306 5440 ============================================================
18:52:46.0521 5440 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:52:46.0521 5440 1394ohci - ok
18:52:46.0552 5440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:52:46.0552 5440 ACPI - ok
18:52:46.0584 5440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:52:46.0584 5440 AcpiPmi - ok
18:52:46.0615 5440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:52:46.0615 5440 adp94xx - ok
18:52:46.0630 5440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:52:46.0630 5440 adpahci - ok
18:52:46.0646 5440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:52:46.0646 5440 adpu320 - ok
18:52:46.0740 5440 afcdp (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys
18:52:46.0755 5440 afcdp - ok
18:52:46.0802 5440 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:52:46.0802 5440 AFD - ok
18:52:46.0833 5440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:52:46.0833 5440 agp440 - ok
18:52:46.0864 5440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:52:46.0864 5440 aliide - ok
18:52:46.0880 5440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:52:46.0880 5440 amdide - ok
18:52:46.0911 5440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:52:46.0911 5440 AmdK8 - ok
18:52:47.0052 5440 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
18:52:47.0192 5440 amdkmdag - ok
18:52:47.0208 5440 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
18:52:47.0208 5440 amdkmdap - ok
18:52:47.0208 5440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:52:47.0208 5440 AmdPPM - ok
18:52:47.0239 5440 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:52:47.0239 5440 amdsata - ok
18:52:47.0254 5440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:52:47.0254 5440 amdsbs - ok
18:52:47.0270 5440 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:52:47.0270 5440 amdxata - ok
18:52:47.0348 5440 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:52:47.0348 5440 AppID - ok
18:52:47.0364 5440 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:52:47.0364 5440 arc - ok
18:52:47.0364 5440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:52:47.0364 5440 arcsas - ok
18:52:47.0410 5440 AsIO - ok
18:52:47.0442 5440 asmthub3 (8569af4c73747671194ea9ebb2f2d6cf) C:\Windows\system32\DRIVERS\asmthub3.sys
18:52:47.0457 5440 asmthub3 - ok
18:52:47.0473 5440 asmtxhci (073716fbffac7057cd5ff00a1b558331) C:\Windows\system32\DRIVERS\asmtxhci.sys
18:52:47.0488 5440 asmtxhci - ok
18:52:47.0520 5440 AsUpIO - ok
18:52:47.0566 5440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:52:47.0566 5440 AsyncMac - ok
18:52:47.0582 5440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:52:47.0582 5440 atapi - ok
18:52:47.0644 5440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:52:47.0660 5440 b06bdrv - ok
18:52:47.0660 5440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:52:47.0676 5440 b57nd60a - ok
18:52:47.0676 5440 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:52:47.0676 5440 Beep - ok
18:52:47.0707 5440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:52:47.0707 5440 blbdrive - ok
18:52:47.0722 5440 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:52:47.0722 5440 bowser - ok
18:52:47.0738 5440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:52:47.0738 5440 BrFiltLo - ok
18:52:47.0738 5440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:52:47.0738 5440 BrFiltUp - ok
18:52:47.0816 5440 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:52:47.0816 5440 BridgeMP - ok
18:52:47.0863 5440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:52:47.0863 5440 Brserid - ok
18:52:47.0863 5440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:52:47.0863 5440 BrSerWdm - ok
18:52:47.0878 5440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:52:47.0878 5440 BrUsbMdm - ok
18:52:47.0878 5440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:52:47.0878 5440 BrUsbSer - ok
18:52:47.0878 5440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:52:47.0878 5440 BTHMODEM - ok
18:52:47.0910 5440 catchme - ok
18:52:47.0925 5440 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:52:47.0925 5440 cdfs - ok
18:52:47.0972 5440 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:52:47.0972 5440 cdrom - ok
18:52:47.0988 5440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:52:47.0988 5440 circlass - ok
18:52:48.0050 5440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:52:48.0050 5440 CLFS - ok
18:52:48.0066 5440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:52:48.0066 5440 CmBatt - ok
18:52:48.0081 5440 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:52:48.0081 5440 cmdide - ok
18:52:48.0112 5440 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:52:48.0112 5440 CNG - ok
18:52:48.0144 5440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:52:48.0144 5440 Compbatt - ok
18:52:48.0175 5440 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:52:48.0175 5440 CompositeBus - ok
18:52:48.0346 5440 cpuz134 - ok
18:52:48.0393 5440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:52:48.0393 5440 crcdisk - ok
18:52:48.0424 5440 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:52:48.0424 5440 CSC - ok
18:52:48.0456 5440 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
18:52:48.0456 5440 dc3d - ok
18:52:48.0487 5440 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:52:48.0487 5440 DfsC - ok
18:52:48.0518 5440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:52:48.0518 5440 discache - ok
18:52:48.0549 5440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:52:48.0565 5440 Disk - ok
18:52:48.0596 5440 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:52:48.0596 5440 drmkaud - ok
18:52:48.0658 5440 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:52:48.0658 5440 DXGKrnl - ok
18:52:48.0690 5440 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
18:52:48.0690 5440 e1cexpress - ok
18:52:48.0736 5440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:52:48.0783 5440 ebdrv - ok
18:52:48.0814 5440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:52:48.0830 5440 elxstor - ok
18:52:48.0892 5440 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
18:52:48.0892 5440 epmntdrv - ok
18:52:48.0939 5440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:52:48.0939 5440 ErrDev - ok
18:52:48.0986 5440 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
18:52:48.0986 5440 EuGdiDrv - ok
18:52:49.0267 5440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:52:49.0267 5440 exfat - ok
18:52:49.0282 5440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:52:49.0282 5440 fastfat - ok
18:52:49.0329 5440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:52:49.0329 5440 fdc - ok
18:52:49.0345 5440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:52:49.0345 5440 FileInfo - ok
18:52:49.0407 5440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:52:49.0407 5440 Filetrace - ok
18:52:49.0407 5440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:52:49.0407 5440 flpydisk - ok
18:52:49.0438 5440 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:52:49.0454 5440 FltMgr - ok
18:52:49.0501 5440 fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys
18:52:49.0501 5440 fltsrv - ok
18:52:49.0516 5440 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:52:49.0516 5440 FsDepends - ok
18:52:49.0532 5440 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:52:49.0532 5440 Fs_Rec - ok
18:52:49.0610 5440 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:52:49.0610 5440 fvevol - ok
18:52:49.0626 5440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:52:49.0626 5440 gagp30kx - ok
18:52:49.0704 5440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:52:49.0704 5440 hcw85cir - ok
18:52:49.0735 5440 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:52:49.0735 5440 HdAudAddService - ok
18:52:49.0766 5440 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:52:49.0766 5440 HDAudBus - ok
18:52:49.0782 5440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:52:49.0782 5440 HidBatt - ok
18:52:49.0782 5440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:52:49.0782 5440 HidBth - ok
18:52:49.0797 5440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:52:49.0797 5440 HidIr - ok
18:52:49.0844 5440 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:52:49.0844 5440 HidUsb - ok
18:52:49.0891 5440 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:52:49.0891 5440 HpSAMD - ok
18:52:49.0922 5440 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:52:49.0938 5440 HTTP - ok
18:52:49.0969 5440 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:52:49.0969 5440 hwpolicy - ok
18:52:49.0984 5440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:52:49.0984 5440 i8042prt - ok
18:52:50.0016 5440 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:52:50.0016 5440 iaStorV - ok
18:52:50.0062 5440 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
18:52:50.0062 5440 ICCWDT - ok
18:52:50.0094 5440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:52:50.0109 5440 iirsp - ok
18:52:50.0172 5440 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
18:52:50.0187 5440 IntcAzAudAddService - ok
18:52:50.0218 5440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:52:50.0218 5440 intelide - ok
18:52:50.0234 5440 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:52:50.0234 5440 intelppm - ok
18:52:50.0265 5440 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:52:50.0265 5440 IpFilterDriver - ok
18:52:50.0296 5440 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:52:50.0296 5440 IPMIDRV - ok
18:52:50.0328 5440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:52:50.0328 5440 IPNAT - ok
18:52:50.0343 5440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:52:50.0343 5440 IRENUM - ok
18:52:50.0359 5440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:52:50.0359 5440 isapnp - ok
18:52:50.0390 5440 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:52:50.0390 5440 iScsiPrt - ok
18:52:50.0437 5440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:52:50.0437 5440 kbdclass - ok
18:52:50.0453 5440 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:52:50.0453 5440 kbdhid - ok
18:52:50.0515 5440 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
18:52:50.0515 5440 KeyScrambler - ok
18:52:50.0546 5440 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
18:52:50.0546 5440 KL1 - ok
18:52:50.0562 5440 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
18:52:50.0562 5440 kl2 - ok
18:52:50.0609 5440 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
18:52:50.0609 5440 KLIF - ok
18:52:50.0655 5440 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
18:52:50.0655 5440 KLIM6 - ok
18:52:50.0671 5440 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
18:52:50.0671 5440 klmouflt - ok
18:52:50.0702 5440 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:52:50.0702 5440 KSecDD - ok
18:52:50.0702 5440 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:52:50.0718 5440 KSecPkg - ok
18:52:50.0733 5440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:52:50.0733 5440 ksthunk - ok
18:52:50.0796 5440 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
18:52:50.0796 5440 LEqdUsb - ok
18:52:50.0811 5440 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
18:52:50.0811 5440 LHidEqd - ok
18:52:50.0827 5440 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:52:50.0827 5440 LHidFilt - ok
18:52:50.0905 5440 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:52:50.0905 5440 lltdio - ok
18:52:50.0952 5440 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:52:50.0952 5440 LMouFilt - ok
18:52:50.0983 5440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:52:50.0983 5440 LSI_FC - ok
18:52:50.0999 5440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:52:50.0999 5440 LSI_SAS - ok
18:52:50.0999 5440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:52:50.0999 5440 LSI_SAS2 - ok
18:52:51.0014 5440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:52:51.0014 5440 LSI_SCSI - ok
18:52:51.0014 5440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:52:51.0014 5440 luafv - ok
18:52:51.0045 5440 MCSTRM - ok
18:52:51.0077 5440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:52:51.0077 5440 megasas - ok
18:52:51.0077 5440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:52:51.0092 5440 MegaSR - ok
18:52:51.0123 5440 MEIx64 (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\DRIVERS\HECIx64.sys
18:52:51.0139 5440 MEIx64 - ok
18:52:51.0170 5440 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:52:51.0170 5440 Modem - ok
18:52:51.0217 5440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:52:51.0217 5440 monitor - ok
18:52:51.0248 5440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:52:51.0248 5440 mouclass - ok
18:52:51.0264 5440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:52:51.0264 5440 mouhid - ok
18:52:51.0311 5440 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:52:51.0311 5440 mountmgr - ok
18:52:51.0342 5440 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:52:51.0342 5440 mpio - ok
18:52:51.0357 5440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:52:51.0357 5440 mpsdrv - ok
18:52:51.0389 5440 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:52:51.0404 5440 MRxDAV - ok
18:52:51.0435 5440 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:52:51.0435 5440 mrxsmb - ok
18:52:51.0451 5440 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:52:51.0451 5440 mrxsmb10 - ok
18:52:51.0467 5440 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:52:51.0467 5440 mrxsmb20 - ok
18:52:51.0498 5440 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:52:51.0498 5440 msahci - ok
18:52:51.0529 5440 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:52:51.0545 5440 msdsm - ok
18:52:51.0576 5440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:52:51.0576 5440 Msfs - ok
18:52:51.0591 5440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:52:51.0591 5440 mshidkmdf - ok
18:52:51.0607 5440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:52:51.0623 5440 msisadrv - ok
18:52:51.0638 5440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:52:51.0638 5440 MSKSSRV - ok
18:52:51.0654 5440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:52:51.0654 5440 MSPCLOCK - ok
18:52:51.0701 5440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:52:51.0701 5440 MSPQM - ok
18:52:51.0732 5440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:52:51.0732 5440 MsRPC - ok
18:52:51.0747 5440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:52:51.0747 5440 mssmbios - ok
18:52:51.0763 5440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:52:51.0763 5440 MSTEE - ok
18:52:51.0763 5440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:52:51.0763 5440 MTConfig - ok
18:52:51.0794 5440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:52:51.0794 5440 Mup - ok
18:52:51.0825 5440 mvs91xx (1af5922003b6801bfce2478bc8f5c014) C:\Windows\system32\DRIVERS\mvs91xx.sys
18:52:51.0825 5440 mvs91xx - ok
18:52:51.0841 5440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:52:51.0857 5440 NativeWifiP - ok
18:52:51.0903 5440 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:52:51.0903 5440 NDIS - ok
18:52:51.0919 5440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:52:51.0919 5440 NdisCap - ok
18:52:51.0935 5440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:52:51.0935 5440 NdisTapi - ok
18:52:51.0997 5440 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:52:51.0997 5440 Ndisuio - ok
18:52:52.0044 5440 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:52:52.0044 5440 NdisWan - ok
18:52:52.0075 5440 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:52:52.0091 5440 NDProxy - ok
18:52:52.0137 5440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:52:52.0137 5440 NetBIOS - ok
18:52:52.0169 5440 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:52:52.0169 5440 NetBT - ok
18:52:52.0231 5440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:52:52.0231 5440 nfrd960 - ok
18:52:52.0262 5440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:52:52.0262 5440 Npfs - ok
18:52:52.0278 5440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:52:52.0278 5440 nsiproxy - ok
18:52:52.0325 5440 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:52:52.0356 5440 Ntfs - ok
18:52:52.0387 5440 NuidFltr (77eb11da191d12d12e28d7bd8905c42c) C:\Windows\system32\DRIVERS\NuidFltr.sys
18:52:52.0387 5440 NuidFltr - ok
18:52:52.0403 5440 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:52:52.0403 5440 Null - ok
18:52:52.0434 5440 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:52:52.0434 5440 nvraid - ok
18:52:52.0449 5440 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:52:52.0449 5440 nvstor - ok
18:52:52.0481 5440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:52:52.0481 5440 nv_agp - ok
18:52:52.0496 5440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:52:52.0512 5440 ohci1394 - ok
18:52:52.0527 5440 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:52:52.0527 5440 Parport - ok
18:52:52.0559 5440 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:52:52.0559 5440 partmgr - ok
18:52:52.0605 5440 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:52:52.0605 5440 pci - ok
18:52:52.0637 5440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:52:52.0637 5440 pciide - ok
18:52:52.0652 5440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:52:52.0668 5440 pcmcia - ok
18:52:52.0683 5440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:52:52.0683 5440 pcw - ok
18:52:52.0777 5440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:52:52.0777 5440 PEAUTH - ok
18:52:52.0855 5440 Point64 (9abff71ff6f3b9492686d3403fa5dcdb) C:\Windows\system32\DRIVERS\point64k.sys
18:52:52.0871 5440 Point64 - ok
18:52:52.0902 5440 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:52:52.0902 5440 PptpMiniport - ok
18:52:52.0917 5440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:52:52.0917 5440 Processor - ok
18:52:52.0949 5440 PROCEXP150 - ok
18:52:53.0011 5440 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:52:53.0011 5440 Psched - ok
18:52:53.0042 5440 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
18:52:53.0042 5440 PSI - ok
18:52:53.0089 5440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:52:53.0105 5440 ql2300 - ok
18:52:53.0120 5440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:52:53.0120 5440 ql40xx - ok
18:52:53.0183 5440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:52:53.0183 5440 QWAVEdrv - ok
18:52:53.0198 5440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:52:53.0198 5440 RasAcd - ok
18:52:53.0229 5440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:52:53.0229 5440 RasAgileVpn - ok
18:52:53.0292 5440 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:52:53.0292 5440 Rasl2tp - ok
18:52:53.0307 5440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:52:53.0307 5440 RasPppoe - ok
18:52:53.0323 5440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:52:53.0323 5440 RasSstp - ok
18:52:53.0354 5440 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:52:53.0370 5440 rdbss - ok
18:52:53.0385 5440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:52:53.0385 5440 rdpbus - ok
18:52:53.0401 5440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:52:53.0401 5440 RDPCDD - ok
18:52:53.0448 5440 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:52:53.0448 5440 RDPDR - ok
18:52:53.0463 5440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:52:53.0479 5440 RDPENCDD - ok
18:52:53.0495 5440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:52:53.0495 5440 RDPREFMP - ok
18:52:53.0526 5440 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:52:53.0541 5440 RDPWD - ok
18:52:53.0573 5440 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:52:53.0573 5440 rdyboost - ok
18:52:53.0635 5440 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
18:52:53.0651 5440 Revoflt - ok
18:52:53.0682 5440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:52:53.0682 5440 rspndr - ok
18:52:53.0729 5440 RTHDMIAzAudService (c20f64fcd5e2b40310a1774495877acd) C:\Windows\system32\drivers\RtHDMIVX.sys
18:52:53.0744 5440 RTHDMIAzAudService - ok
18:52:53.0775 5440 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:52:53.0775 5440 s3cap - ok
18:52:53.0822 5440 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:52:53.0838 5440 sbp2port - ok
18:52:53.0869 5440 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:52:53.0869 5440 scfilter - ok
18:52:53.0900 5440 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:52:53.0900 5440 secdrv - ok
18:52:53.0963 5440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:52:53.0963 5440 Serenum - ok
18:52:53.0978 5440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:52:53.0978 5440 Serial - ok
18:52:54.0009 5440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:52:54.0009 5440 sermouse - ok
18:52:54.0056 5440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:52:54.0056 5440 sffdisk - ok
18:52:54.0056 5440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:52:54.0056 5440 sffp_mmc - ok
18:52:54.0072 5440 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:52:54.0072 5440 sffp_sd - ok
18:52:54.0087 5440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:52:54.0087 5440 sfloppy - ok
18:52:54.0181 5440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:52:54.0181 5440 SiSRaid2 - ok
18:52:54.0197 5440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:52:54.0197 5440 SiSRaid4 - ok
18:52:54.0212 5440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:52:54.0212 5440 Smb - ok
18:52:54.0275 5440 snapman (bbfb94699c8c265a6af5fd51bde26dfc) C:\Windows\system32\DRIVERS\snapman.sys
18:52:54.0275 5440 snapman - ok
18:52:54.0306 5440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:52:54.0306 5440 spldr - ok
18:52:54.0368 5440 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:52:54.0384 5440 srv - ok
18:52:54.0399 5440 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:52:54.0399 5440 srv2 - ok
18:52:54.0431 5440 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:52:54.0431 5440 srvnet - ok
18:52:54.0462 5440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:52:54.0462 5440 stexstor - ok
18:52:54.0493 5440 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:52:54.0493 5440 StillCam - ok
18:52:54.0524 5440 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:52:54.0524 5440 storflt - ok
18:52:54.0555 5440 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:52:54.0555 5440 storvsc - ok
18:52:54.0587 5440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:52:54.0587 5440 swenum - ok
18:52:54.0711 5440 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:52:54.0727 5440 Tcpip - ok
18:52:54.0774 5440 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:52:54.0774 5440 TCPIP6 - ok
18:52:54.0836 5440 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:52:54.0836 5440 tcpipreg - ok
18:52:54.0867 5440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:52:54.0867 5440 TDPIPE - ok
18:52:54.0914 5440 tdrpman (9c1a823d4e729c965167b6e71e984296) C:\Windows\system32\DRIVERS\tdrpman.sys
18:52:54.0930 5440 tdrpman - ok
18:52:54.0945 5440 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:52:54.0945 5440 TDTCP - ok
18:52:54.0977 5440 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:52:54.0977 5440 tdx - ok
18:52:55.0008 5440 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:52:55.0008 5440 TermDD - ok
18:52:55.0039 5440 timounter (990447334615a0db84f620e1426dcfe0) C:\Windows\system32\DRIVERS\timntr.sys
18:52:55.0070 5440 timounter - ok
18:52:55.0101 5440 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:52:55.0101 5440 tssecsrv - ok
18:52:55.0133 5440 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:52:55.0133 5440 TsUsbFlt - ok
18:52:55.0164 5440 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:52:55.0179 5440 tunnel - ok
18:52:55.0195 5440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:52:55.0195 5440 uagp35 - ok
18:52:55.0226 5440 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:52:55.0242 5440 udfs - ok
18:52:55.0273 5440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:52:55.0273 5440 uliagpkx - ok
18:52:55.0304 5440 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:52:55.0304 5440 umbus - ok
18:52:55.0320 5440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:52:55.0320 5440 UmPass - ok
18:52:55.0382 5440 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:52:55.0382 5440 usbccgp - ok
18:52:55.0413 5440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:52:55.0413 5440 usbcir - ok
18:52:55.0445 5440 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:52:55.0445 5440 usbehci - ok
18:52:55.0445 5440 UsbFltr - ok
18:52:55.0460 5440 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:52:55.0476 5440 usbhub - ok
18:52:55.0491 5440 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:52:55.0491 5440 usbohci - ok
18:52:55.0523 5440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:52:55.0523 5440 usbprint - ok
18:52:55.0554 5440 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:52:55.0554 5440 usbscan - ok
18:52:55.0585 5440 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:52:55.0585 5440 USBSTOR - ok
18:52:55.0601 5440 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:52:55.0601 5440 usbuhci - ok
18:52:55.0647 5440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:52:55.0647 5440 vdrvroot - ok
18:52:55.0663 5440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:52:55.0663 5440 vga - ok
18:52:55.0679 5440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:52:55.0679 5440 VgaSave - ok
18:52:55.0710 5440 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:52:55.0710 5440 vhdmp - ok
18:52:55.0741 5440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:52:55.0741 5440 viaide - ok
18:52:55.0772 5440 vididr (ee12faffdd1fb13be0d6ef67cb0d1617) C:\Windows\system32\DRIVERS\vididr.sys
18:52:55.0772 5440 vididr - ok
18:52:55.0788 5440 vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys
18:52:55.0788 5440 vidsflt61 - ok
18:52:55.0819 5440 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:52:55.0835 5440 vmbus - ok
18:52:55.0850 5440 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:52:55.0850 5440 VMBusHID - ok
18:52:55.0866 5440 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:52:55.0866 5440 volmgr - ok
18:52:55.0913 5440 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:52:55.0913 5440 volmgrx - ok
18:52:55.0959 5440 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:52:55.0959 5440 volsnap - ok
18:52:56.0011 5440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:52:56.0013 5440 vsmraid - ok
18:52:56.0036 5440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:52:56.0037 5440 vwifibus - ok
18:52:56.0092 5440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:52:56.0093 5440 WacomPen - ok
18:52:56.0142 5440 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:52:56.0149 5440 WANARP - ok
18:52:56.0153 5440 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:52:56.0154 5440 Wanarpv6 - ok
18:52:56.0187 5440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:52:56.0188 5440 Wd - ok
18:52:56.0224 5440 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:52:56.0225 5440 WDC_SAM - ok
18:52:56.0247 5440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:52:56.0252 5440 Wdf01000 - ok
18:52:56.0315 5440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:52:56.0316 5440 WfpLwf - ok
18:52:56.0351 5440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:52:56.0352 5440 WIMMount - ok
18:52:56.0407 5440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:52:56.0408 5440 WmiAcpi - ok
18:52:56.0443 5440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:52:56.0444 5440 ws2ifsl - ok
18:52:56.0483 5440 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:52:56.0484 5440 WSDPrintDevice - ok
18:52:56.0525 5440 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:52:56.0527 5440 WudfPf - ok
18:52:56.0547 5440 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:52:56.0549 5440 WUDFRd - ok
18:52:56.0600 5440 MBR (0x1B8) (eaed5b4867d37a3af7da220d62167c12) \Device\Harddisk1\DR1
18:52:56.0815 5440 \Device\Harddisk1\DR1 - ok
18:52:56.0817 5440 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:52:56.0819 5440 \Device\Harddisk0\DR0 - ok
18:52:56.0830 5440 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
18:52:56.0871 5440 \Device\Harddisk2\DR2 - ok
18:52:56.0875 5440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk10\DR10
18:52:58.0216 5440 \Device\Harddisk10\DR10 - ok
18:52:58.0218 5440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
18:52:58.0220 5440 \Device\Harddisk3\DR3 - ok
18:52:58.0223 5440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
18:52:58.0225 5440 \Device\Harddisk4\DR4 - ok
18:52:58.0228 5440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk9\DR9
18:52:58.0230 5440 \Device\Harddisk9\DR9 - ok
18:52:58.0247 5440 Boot (0x1200) (58142ed856bbd50302c5e40d7e852f31) \Device\Harddisk1\DR1\Partition0
18:52:58.0248 5440 \Device\Harddisk1\DR1\Partition0 - ok
18:52:58.0256 5440 Boot (0x1200) (f37733bda74ce3756f9dcf901be64e06) \Device\Harddisk1\DR1\Partition1
18:52:58.0257 5440 \Device\Harddisk1\DR1\Partition1 - ok
18:52:58.0259 5440 Boot (0x1200) (7cecba189d0fb7285d9a1613c71161b6) \Device\Harddisk0\DR0\Partition0
18:52:58.0260 5440 \Device\Harddisk0\DR0\Partition0 - ok
18:52:58.0261 5440 Boot (0x1200) (a2653fd589b4405242905292ae0f7895) \Device\Harddisk0\DR0\Partition1
18:52:58.0262 5440 \Device\Harddisk0\DR0\Partition1 - ok
18:52:58.0263 5440 Boot (0x1200) (c39d6ac9b4cd8567d30b6882358ae0bd) \Device\Harddisk2\DR2\Partition0
18:52:58.0264 5440 \Device\Harddisk2\DR2\Partition0 - ok
18:52:58.0265 5440 Boot (0x1200) (2bcf3c5be4ce9d5da2296345730433ae) \Device\Harddisk2\DR2\Partition1
18:52:58.0266 5440 \Device\Harddisk2\DR2\Partition1 - ok
18:52:58.0287 5440 Boot (0x1200) (be4c5adfd86a22d3fa34cf467e0dde7e) \Device\Harddisk2\DR2\Partition2
18:52:58.0288 5440 \Device\Harddisk2\DR2\Partition2 - ok
18:52:58.0290 5440 Boot (0x1200) (5ee17c1eaddf0ddea8d6553ea3781dc7) \Device\Harddisk10\DR10\Partition0
18:52:58.0291 5440 \Device\Harddisk10\DR10\Partition0 - ok
18:52:58.0293 5440 Boot (0x1200) (56a94f02c80039e90636552a3370e776) \Device\Harddisk3\DR3\Partition0
18:52:58.0293 5440 \Device\Harddisk3\DR3\Partition0 - ok
18:52:58.0295 5440 Boot (0x1200) (795b9d7a33e83e5b479b7633578df725) \Device\Harddisk4\DR4\Partition0
18:52:58.0297 5440 \Device\Harddisk4\DR4\Partition0 - ok
18:52:58.0299 5440 Boot (0x1200) (ba98896af3549ffd3e1ac05769455040) \Device\Harddisk9\DR9\Partition0
18:52:58.0300 5440 \Device\Harddisk9\DR9\Partition0 - ok
18:52:58.0301 5440 ============================================================
18:52:58.0301 5440 Scan finished
18:52:58.0301 5440 ============================================================
18:52:58.0306 5216 Detected object count: 0
18:52:58.0306 5216 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 18:55:25
-----------------------------
18:55:25.565 OS Version: Windows x64 6.1.7601 Service Pack 1
18:55:25.565 Number of processors: 4 586 0x2A07
18:55:25.565 ComputerName: BOB-PC UserName: Bob
18:55:49.089 Initialize success
18:56:52.043 AVAST engine defs: 12031301
18:57:09.859 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7
18:57:09.859 Disk 0 Vendor: WDC_WD5000KS-60MNB0 08.02E08 Size: 476940MB BusType: 11
18:57:09.859 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
18:57:09.859 Disk 1 Vendor: ST500DM002-1BC142 JC4B Size: 476940MB BusType: 11
18:57:09.874 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP6T0L0-8
18:57:09.874 Disk 2 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 11
18:57:09.890 Disk 1 MBR read successfully
18:57:09.890 Disk 1 MBR scan
18:57:09.890 Disk 1 unknown MBR code
18:57:09.905 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:57:09.905 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:57:09.921 Disk 1 scanning C:\Windows\system32\drivers
18:57:20.794 Service scanning
18:57:39.171 Modules scanning
18:57:39.171 Disk 1 trace - called modules:
18:57:39.187 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt61.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:57:39.187 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800d833790]
18:57:39.187 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800d71ed90]
18:57:39.202 5 vsflt61.sys[fffff88000e520fd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800d560060]
18:57:43.180 AVAST engine scan C:\Windows
18:57:46.862 AVAST engine scan C:\Windows\system32
19:00:45.326 AVAST engine scan C:\Windows\system32\drivers
19:00:58.680 AVAST engine scan C:\Users\Bob
19:15:44.149 File: C:\Users\Bob\Downloads\AmazonWishListSetup.exe **INFECTED** Win32:Adware-AAN [Adw]
19:20:19.786 AVAST engine scan C:\ProgramData
19:25:41.371 Scan finished successfully
20:29:14.322 Disk 1 MBR has been saved successfully to "C:\Users\Bob\Desktop\MBR.dat"
20:29:14.322 The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 13 March 2012 - 08:55 PM

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 oliverrp

oliverrp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 13 March 2012 - 11:56 PM

Computer seems to be slowing down preceptably. Shut down takes over 5 minutes. Opening programs has about 5 sec. lag. Other than that, all is OK.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bob :: BOB-PC [administrator]

3/13/2012 11:25:11 PM
mbam-log-2012-03-13 (23-25-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 238040
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Bob\Downloads\Miro_setup.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

(end)
--------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:03 PM, on 3/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\WizMouse\WizMouse.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\Advanced SystemCare 5\Suo10_SmartRAM.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\PROGRAM FILES (X86)\SECUNIA\PSI\psi_tray.exe
C:\Users\Bob\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
C:\Program Files (x86)\SuperFinder\SuperFinder.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\PolyEdit Lite\PolyEdit.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bob\Desktop\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\ReImageCompanion\updatebhoWin32.dll
O2 - BHO: script helper for ie - {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - C:\Program Files (x86)\ReImageCompanion\jsloader.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: PriceBlink.Plugin - {f904f51b-52dd-42ec-9dc8-d0856a0d1d67} - mscoree.dll (file missing)
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [robotaskbaricon.exe] C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files (x86)\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: CNET TechTracker.lnk = Bob\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
O4 - Startup: Dropbox.lnk = Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
O4 - Startup: Super Finder XT.lnk = C:\Program Files (x86)\SuperFinder\SuperFinder.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Global Startup: Secunia PSI Tray.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FileOpen Manager Service (FileOpenManagerSvc) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

--
End of file - 15570 bytes

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 14 March 2012 - 12:08 AM

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files (x86)\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m
      O4 - Startup: AutorunsDisabled
      O4 - Startup: CNET TechTracker.lnk = Bob\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
      O4 - Startup: Dropbox.lnk = Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: Super Finder XT.lnk = C:\Program Files (x86)\SuperFinder\SuperFinder.exe
      O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 oliverrp

oliverrp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 14 March 2012 - 08:45 PM

Hi,

ESET Scan results:

C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res a variant of Win32/HiddenStart.A application
C:\Documents and Settings\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res a variant of Win32/HiddenStart.A application
C:\Documents and Settings\Bob\Downloads\aTube_Catcher (1).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\aTube_Catcher (2).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\aTube_Catcher(1).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\aTube_Catcher(2).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\aTube_Catcher(3).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\aTube_Catcher.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\aTube_Catcher_Setup.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\cnet2_KindleForPC-installer_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Bob\Downloads\cnet2_OrbitDownloaderSetup_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Bob\Downloads\CNET_TechTracker_2_0_3_59_a_Setup.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\CrystalDiskInfo4_0_2a-en.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\CrystalDiskInfo4_0_3-en.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\CrystalDiskInfo4_1_3a-en.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup(1).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup(2).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup(5).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup3005.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup4001(1).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup4001.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup4002(1).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup4002.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitSetup4.0.3.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitSetup4.0.5.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.00.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.01.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.02 (1).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.02 (2).exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application
C:\Documents and Settings\Bob\Downloads\UBCD4WinV360.exe Win32/PrcView application
C:\Documents and Settings\Bob\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application
C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res a variant of Win32/HiddenStart.A application
C:\Users\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res a variant of Win32/HiddenStart.A application
C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res a variant of Win32/HiddenStart.A application
C:\Users\Bob\Downloads\aTube_Catcher (1).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\aTube_Catcher (2).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\aTube_Catcher(1).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\aTube_Catcher(2).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\aTube_Catcher(3).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\aTube_Catcher.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\aTube_Catcher_Setup.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\cnet2_KindleForPC-installer_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Bob\Downloads\cnet2_OrbitDownloaderSetup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Bob\Downloads\CNET_TechTracker_2_0_3_59_a_Setup.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\CrystalDiskInfo4_0_2a-en.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\CrystalDiskInfo4_0_3-en.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\CrystalDiskInfo4_1_3a-en.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup(1).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup(2).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup(5).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup3005.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup4001(1).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup4001.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup4002(1).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitDownloaderSetup4002.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitSetup4.0.3.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitSetup4.0.5.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitSetup4.1.00.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitSetup4.1.01.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitSetup4.1.02 (1).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitSetup4.1.02 (2).exe Win32/OpenCandy application
C:\Users\Bob\Downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application
C:\Users\Bob\Downloads\UBCD4WinV360.exe Win32/PrcView application
C:\Users\Bob\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application
Q:\Current Files and Programs\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application
Q:\Current Files and Programs\OrbitSetup4.1.02 (1).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Documents\Web Downloads\UBCD4WinV350.exe Win32/PrcView application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher (1).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher (2).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher(1).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher(2).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher(3).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher_Setup.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CNET_TechTracker_2_0_3_59_a_Setup.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CrystalDiskInfo4_0_2a-en.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CrystalDiskInfo4_0_3-en.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CrystalDiskInfo4_1_3a-en.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup(1).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup(2).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup(5).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup3005.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup4001(1).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup4001.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup4002(1).exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup4002.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.0.3.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.0.5.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.1.00.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.1.01.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application
Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\UBCD4WinV360.exe Win32/PrcView application

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 14 March 2012 - 09:09 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
    del /f /s /q "C:\Documents and Settings\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\aTube_Catcher (1).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\aTube_Catcher (2).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\aTube_Catcher(1).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\aTube_Catcher(2).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\aTube_Catcher(3).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\aTube_Catcher.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\aTube_Catcher_Setup.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\cnet2_KindleForPC-installer_exe.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\cnet2_OrbitDownloaderSetup_exe.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\CNET_TechTracker_2_0_3_59_a_Setup.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\CNET_TechTracker_2_0_4_Setup.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\CrystalDiskInfo4_0_2a-en.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\CrystalDiskInfo4_0_3-en.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\CrystalDiskInfo4_1_3a-en.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup(1).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup(2).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup(5).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup3005.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup4001(1).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup4001.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup4002(1).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitDownloaderSetup4002.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitSetup4.0.3.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitSetup4.0.5.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.00.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.01.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.02 (1).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.02 (2).exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\OrbitSetup4.1.02.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\UBCD4WinV360.exe"
    del /f /s /q "C:\Documents and Settings\Bob\Downloads\YouTubeDownloaderSetup35.exe"
    del /f /s /q "C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
    del /f /s /q "C:\Users\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
    del /f /s /q "C:\Users\All Users\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}\setup.res"
    del /f /s /q "C:\Users\Bob\Downloads\aTube_Catcher (1).exe"
    del /f /s /q "C:\Users\Bob\Downloads\aTube_Catcher (2).exe"
    del /f /s /q "C:\Users\Bob\Downloads\aTube_Catcher(1).exe"
    del /f /s /q "C:\Users\Bob\Downloads\aTube_Catcher(2).exe"
    del /f /s /q "C:\Users\Bob\Downloads\aTube_Catcher(3).exe"
    del /f /s /q "C:\Users\Bob\Downloads\aTube_Catcher.exe"
    del /f /s /q "C:\Users\Bob\Downloads\aTube_Catcher_Setup.exe"
    del /f /s /q "C:\Users\Bob\Downloads\cnet2_KindleForPC-installer_exe.exe"
    del /f /s /q "C:\Users\Bob\Downloads\cnet2_OrbitDownloaderSetup_exe.exe"
    del /f /s /q "C:\Users\Bob\Downloads\CNET_TechTracker_2_0_3_59_a_Setup.exe"
    del /f /s /q "C:\Users\Bob\Downloads\CNET_TechTracker_2_0_4_Setup.exe"
    del /f /s /q "C:\Users\Bob\Downloads\CrystalDiskInfo4_0_2a-en.exe"
    del /f /s /q "C:\Users\Bob\Downloads\CrystalDiskInfo4_0_3-en.exe"
    del /f /s /q "C:\Users\Bob\Downloads\CrystalDiskInfo4_1_3a-en.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup(1).exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup(2).exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup(5).exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup3005.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup4001(1).exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup4001.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup4002(1).exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitDownloaderSetup4002.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitSetup4.0.3.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitSetup4.0.5.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitSetup4.1.00.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitSetup4.1.01.exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitSetup4.1.02 (1).exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitSetup4.1.02 (2).exe"
    del /f /s /q "C:\Users\Bob\Downloads\OrbitSetup4.1.02.exe"
    del /f /s /q "C:\Users\Bob\Downloads\UBCD4WinV360.exe"
    del /f /s /q "C:\Users\Bob\Downloads\YouTubeDownloaderSetup35.exe"
    del /f /s /q "Q:\Current Files and Programs\CNET_TechTracker_2_0_4_Setup.exe"
    del /f /s /q "Q:\Current Files and Programs\OrbitSetup4.1.02 (1).exe Win32/OpenCandy application"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Documents\Web Downloads\UBCD4WinV350.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher (1).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher (2).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher(1).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher(2).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher(3).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\aTube_Catcher_Setup.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CNET_TechTracker_2_0_3_59_a_Setup.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CNET_TechTracker_2_0_4_Setup.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CrystalDiskInfo4_0_2a-en.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CrystalDiskInfo4_0_3-en.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\CrystalDiskInfo4_1_3a-en.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup(1).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup(2).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup(5).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup3005.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup4001(1).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup4001.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup4002(1).exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitDownloaderSetup4002.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.0.3.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.0.5.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.1.00.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.1.01.exe"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\OrbitSetup4.1.02.exe:"
    del /f /s /q "Q:\Current Files and Programs\Bob - User Files\Bob\Downloads\UBCD4WinV360.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 oliverrp

oliverrp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 14 March 2012 - 11:28 PM

Hi Gringo,

I have done all the clean-up actions you suggested. The original problem has been solved - no PDM.Keylogger alerts since we began work on the computer. I feel clean once again - peace of mind is a great thing, but it only fully lasts until the next inet session. Thank you for the great support. I have made a small contribution via PayPal. It is not what I think you're worth, just what I could afford. Best of everything in the future.
Bob.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 14 March 2012 - 11:35 PM

I thank you very much (it was very nice!!) and you are more than welcome, I am glad I was able to help



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:12 AM

Posted 19 March 2012 - 09:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users