Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero access rootkit


  • This topic is locked This topic is locked
21 replies to this topic

#1 iamphet

iamphet

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 17 March 2012 - 12:08 PM

Hi, I discovered my PC is infected by zero access rootkit. I managed to restore windows firewall but the rootkit keeps disabling it back.

I tried to run combofix, it deleted consrv.dll, after that the systems became unbootable. Luckily I had a backup of it.

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by sergey at 19:46:32 on 2012-03-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.2773 [GMT 4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
D:\Inet\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\Develop\Cygwin\bin\cygrunsrv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Develop\Cygwin\usr\sbin\sshd.exe
d:\Inet\Dyn Updater\DynUpSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Develop\TortoiseSVN\bin\TSVNCache.exe
D:\Develop\TortoiseHg\TortoiseHgOverlayServer.exe
D:\Inet\Dyn Updater\DynTray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\sergey\AppData\Local\Citrix\ICA Client\concentr.exe
D:\Design\Adobe Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Users\sergey\AppData\Local\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Utils\Far\Far.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:8118
uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - d:\Inet\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [ConnectionCenter] "C:\Users\sergey\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Bonus.SSR.FR10] "D:\Design\FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe Reader Speed Launcher] "D:\Design\Adobe Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Dyn Updater Tray Icon.lnk - D:\Inet\Dyn Updater\DynTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: check in my books
IE: Copy to Semagic - d:\Inet\Semagic\copy.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Semagic - d:\Inet\Semagic\link.htm
IE: Translate this web page with Babylon - D:\Utils\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - D:\Utils\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: gs.com\access
Trusted Zone: gs.com\emea-login
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.123.1 192.168.123.1
TCP: Interfaces\{4BDA2E30-F110-4858-A45A-A49120ED3369} : DhcpNameServer = 192.168.123.1
TCP: Interfaces\{9569B86E-A676-423C-B369-95798B689C35} : DhcpNameServer = 192.168.123.1
TCP: Interfaces\{DC6FC509-ED34-4BBF-B492-861D2F598F69} : DhcpNameServer = 192.168.123.1 192.168.123.1
TCP: Interfaces\{DC6FC509-ED34-4BBF-B492-861D2F598F69}\D4453525F657475627 : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Inet\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [ConnectionCenter] "C:\Users\sergey\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Bonus.SSR.FR10] "D:\Design\FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Adobe Reader Speed Launcher] "D:\Design\Adobe Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {8DAE90AD-4583-4977-9DD4-4360F7A45C74}
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sergey\AppData\Roaming\Mozilla\Firefox\Profiles\u640ew9s.default\
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-6 660768]
R2 Dyn Updater;Dyn Updater;D:\Inet\Dyn Updater\DynUpSvc.exe [2011-11-15 95608]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-10-20 341312]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-10-20 67904]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 sshd;CYGWIN sshd;D:\Develop\Cygwin\bin\cygrunsrv.exe [2010-1-6 68096]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVUVC64;Logitech Webcam C100(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 PsxDrv;PsxDrv;C:\Windows\system32\drivers\psxdrv.sys --> C:\Windows\system32\drivers\psxdrv.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-4 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-9 2255464]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-18 1038088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 gupdatem;Служба Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-4 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys --> C:\Windows\system32\DRIVERS\s0016nd5.sys [?]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);C:\Windows\system32\DRIVERS\s1039bus.sys --> C:\Windows\system32\DRIVERS\s1039bus.sys [?]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1039mdfl.sys --> C:\Windows\system32\DRIVERS\s1039mdfl.sys [?]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1039mdm.sys --> C:\Windows\system32\DRIVERS\s1039mdm.sys [?]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1039mgmt.sys --> C:\Windows\system32\DRIVERS\s1039mgmt.sys [?]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1039nd5.sys --> C:\Windows\system32\DRIVERS\s1039nd5.sys [?]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1039obex.sys --> C:\Windows\system32\DRIVERS\s1039obex.sys [?]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1039unic.sys --> C:\Windows\system32\DRIVERS\s1039unic.sys [?]
S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 61976]
S4 privoxy;Privoxy (privoxy);"d:\Inet\Privoxy\privoxy.exe" --service --> d:\Inet\Privoxy\privoxy.exe [?]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SirefefRemover;SirefefRemover;\??\C:\Windows\system32\Drivers\SirefefRemover.sys --> C:\Windows\system32\Drivers\SirefefRemover.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-2-28 430440]
.
=============== Created Last 30 ================
.
2012-03-17 19:30:50 51712 ----a-w- C:\Windows\System32\consrv.dll
2012-03-17 15:23:56 -------- d-----w- C:\Users\sergey\AppData\Local\temp
2012-03-17 15:20:21 -------- d-----w- C:\$RECYCLE.BIN
2012-03-17 15:10:30 98816 ----a-w- C:\Windows\sed.exe
2012-03-17 15:10:30 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-17 15:10:30 256000 ----a-w- C:\Windows\PEV.exe
2012-03-17 15:10:30 208896 ----a-w- C:\Windows\MBR.exe
2012-03-17 14:49:44 23856 ----a-w- C:\Windows\System32\drivers\SirefefRemover.sys
2012-03-17 14:08:24 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-17 14:08:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-17 14:08:23 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-17 14:03:52 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-17 14:03:52 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-17 14:03:51 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-17 14:03:51 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-17 14:03:51 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-17 14:03:51 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-17 14:03:51 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-17 14:03:50 -------- d-----w- C:\Windows\System32\000000000
2012-03-17 14:03:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-17 14:03:49 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-17 14:03:49 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-17 14:03:49 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-17 13:11:13 -------- d-----w- C:\Users\sergey\AppData\Local\ElevatedDiagnostics
2012-03-14 03:41:21 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-03-11 16:31:19 -------- d-----w- C:\Users\sergey\AppData\Roaming\LJ-Sec
2012-03-10 11:04:02 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F94FA34A-D5A4-45A0-9A74-5B43A96B82D6}\mpengine.dll
2012-03-09 14:50:38 -------- d-----w- C:\Users\sergey\AppData\Local\CrashRpt
2012-03-09 14:50:28 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2012-02-19 14:32:10 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-19 14:32:10 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-19 14:32:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-19 14:32:09 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-19 14:31:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-19 14:31:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-19 14:31:58 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
==================== Find3M ====================
.
2012-03-14 03:22:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-25 03:56:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-23 05:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:47:24.84 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 17 March 2012 - 03:12 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 iamphet

iamphet
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 17 March 2012 - 11:53 PM

Thanks, here is FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 18-03-2012 08:46:27
Running from J:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [TortoiseHgOverlayIconServer] D:\Develop\TortoiseHg\TortoiseHgOverlayServer.exe [x]
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2009-10-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [ConnectionCenter] "C:\Users\sergey\AppData\Local\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR10] "D:\Design\FineReader 10\Bonus.ScreenshotReader.exe" /autorun [x]
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "D:\Design\Adobe Reader 9.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [634880 2011-12-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [x]
HKU\Default User\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [x]
HKU\UpdatusUser\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.123.1 192.168.123.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ABBYY.Licensing.FineReader.Professional.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service [660768 2007-12-06] (ABBYY (BIT Software))
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2009-10-18] (Acresso Software Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-06] (Logitech Inc.)
2 mi-raysat_3dsmax2010_64; "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe" [86016 2009-03-12] ()
2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
3 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57960296 2011-02-28] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [61976 2009-03-30] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4466688 2007-11-06] (Microsoft Corporation)
2 NitroDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe" [341312 2010-10-20] (Nitro PDF Software)
2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [67904 2010-10-20] (Nalpeiron Ltd.)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-06-09] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189480 2010-08-28] ()
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-30] (Microsoft Corporation)
3 Sony SCSI Helper Service; "C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2009-11-09] (Sony Corporation)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [430440 2011-02-28] (Microsoft Corporation)
4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [254808 2009-03-29] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [154968 2010-09-17] (Microsoft Corporation)
2 UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-17] (Logitech Inc.)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-30] (Microsoft Corporation)
2 winmtsrv; C:\Windows\System32\BRCMDECO.dll [6656 2009-07-13] (Oak Technology Inc.)
2 Dyn Updater; C:\Inet\Dyn Updater\DynUpSvc.exe [x]
4 privoxy; "C:\Inet\Privoxy\privoxy.exe" --service [x]
2 sshd; C:\Develop\Cygwin\bin\cygrunsrv.exe [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [86584 2009-10-23] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [86584 2009-10-23] (Adobe Systems, Inc.)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-03-06] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [6144 2009-01-29] (Motorola Inc)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)
3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-04-21] (EnTech Taiwan)
3 ggflt; C:\Windows\System32\Drivers\ggflt.sys [13352 2010-07-31] (Sony Ericsson Mobile Communications)
3 ggsemc; C:\Windows\System32\Drivers\ggsemc.sys [27176 2010-07-31] (Sony Ericsson Mobile Communications)
3 grmnusb; C:\Windows\System32\Drivers\grmnusb.sys [20520 2009-05-07] (GARMIN Corp.)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-01] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\Drivers\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-03-06] ()
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola)
3 motccgp; C:\Windows\System32\Drivers\motccgp.sys [21504 2011-04-04] (Motorola)
3 motccgpfl; C:\Windows\System32\Drivers\motccgpfl.sys [9216 2009-01-29] (Motorola)
3 motmodem; C:\Windows\System32\Drivers\motmodem.sys [30208 2011-03-31] (Motorola)
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [8576 2007-11-02] (Motorola)
3 Motousbnet; C:\Windows\System32\Drivers\Motousbnet.sys [26624 2010-04-01] (Motorola)
3 motusbdevice; C:\Windows\System32\Drivers\motusbdevice.sys [11776 2011-05-12] (Motorola Inc)
3 netr7364; C:\Windows\System32\Drivers\netr7364.sys [726816 2010-02-23] (Ralink Technology, Corp.)
3 PsxDrv; C:\Windows\System32\Drivers\PsxDrv.sys [10240 2009-07-13] (Microsoft Corporation)
4 RsFx0103; C:\Windows\System32\Drivers\RsFx0103.sys [311656 2009-03-29] (Microsoft Corporation)
3 s0016bus; C:\Windows\System32\Drivers\s0016bus.sys [115240 2008-05-15] (MCCI Corporation)
3 s0016mdfl; C:\Windows\System32\Drivers\s0016mdfl.sys [19496 2008-05-15] (MCCI Corporation)
3 s0016mdm; C:\Windows\System32\Drivers\s0016mdm.sys [158760 2008-05-15] (MCCI Corporation)
3 s0016mgmt; C:\Windows\System32\Drivers\s0016mgmt.sys [137256 2008-05-15] (MCCI Corporation)
3 s0016nd5; C:\Windows\System32\Drivers\s0016nd5.sys [34344 2008-05-15] (MCCI Corporation)
3 s0016obex; C:\Windows\System32\Drivers\s0016obex.sys [136744 2008-05-15] (MCCI Corporation)
3 s0016unic; C:\Windows\System32\Drivers\s0016unic.sys [151592 2008-05-15] (MCCI Corporation)
3 s1039bus; C:\Windows\System32\Drivers\s1039bus.sys [127600 2010-03-14] (MCCI Corporation)
3 s1039mdfl; C:\Windows\System32\Drivers\s1039mdfl.sys [19568 2010-03-14] (MCCI Corporation)
3 s1039mdm; C:\Windows\System32\Drivers\s1039mdm.sys [161904 2010-03-14] (MCCI Corporation)
3 s1039mgmt; C:\Windows\System32\Drivers\s1039mgmt.sys [141424 2010-03-14] (MCCI Corporation)
3 s1039nd5; C:\Windows\System32\Drivers\s1039nd5.sys [34416 2010-03-14] (MCCI Corporation)
3 s1039obex; C:\Windows\System32\Drivers\s1039obex.sys [137328 2010-03-14] (MCCI Corporation)
3 s1039unic; C:\Windows\System32\Drivers\s1039unic.sys [158320 2010-03-14] (MCCI Corporation)
3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [16000 2009-06-10] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43264 2009-06-10] (Saitek)
3 seehcri; C:\Windows\System32\Drivers\seehcri.sys [34032 2010-07-31] (Sony Ericsson Mobile Communications)
4 SirefefRemover; C:\Windows\System32\Drivers\SirefefRemover.sys [23856 2012-03-17] (ESET spol. s r.o.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-07] (Duplex Secure Ltd.)
1 VBoxDrv; C:\Windows\System32\Drivers\VBoxDrv.sys [193808 2010-05-09] (Sun Microsystems, Inc.)
3 VBoxNetAdp; C:\Windows\System32\Drivers\VBoxNetAdp.sys [145936 2010-05-09] (Sun Microsystems, Inc.)
3 VBoxNetFlt; C:\Windows\System32\Drivers\VBoxNetFlt.sys [165776 2010-05-09] (Sun Microsystems, Inc.)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43664 2009-12-17] (Sun Microsystems, Inc.)
1 VBoxUSBMon; C:\Windows\System32\Drivers\VBoxUSBMon.sys [53264 2010-05-09] (Sun Microsystems, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: winmtsrv

============ One Month Created Files and Folders ==============

2012-03-17 11:30 - 2012-03-17 11:30 - 0051712 ____A C:\Windows\System32\consrv.dll
2012-03-17 07:44 - 2012-03-17 07:44 - 0000166 ____A C:\Users\sergey\defogger_reenable
2012-03-17 07:23 - 2012-03-17 07:23 - 0034649 ____A C:\ComboFix.txt
2012-03-17 07:20 - 2012-03-17 07:20 - 0000000 ____D C:\$RECYCLE.BIN
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-17 07:10 - 2012-03-17 07:23 - 0000000 ____D C:\Qoobox
2012-03-17 07:10 - 2012-03-17 07:22 - 0000000 ____D C:\Windows\ERDNT
2012-03-17 07:10 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-03-17 07:10 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-03-17 07:10 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-03-17 07:10 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-03-17 07:10 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-03-17 07:10 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-03-17 07:10 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-03-17 07:10 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-03-17 07:04 - 2012-03-17 07:04 - 0000444 ____A C:\Users\sergey\Desktop\Win32kDiag.txt
2012-03-17 06:59 - 2012-03-17 06:59 - 0003904 ____A C:\TDSSKiller.2.7.20.0_17.03.2012_18.59.38_log.txt
2012-03-17 06:57 - 2012-03-17 06:58 - 0187122 ____A C:\TDSSKiller.2.7.20.0_17.03.2012_18.57.35_log.txt
2012-03-17 06:49 - 2012-03-17 06:49 - 0023856 ____A (ESET spol. s r.o.) C:\Windows\System32\Drivers\SirefefRemover.sys
2012-03-17 06:08 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-17 06:08 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-17 06:08 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-17 06:03 - 2012-03-17 06:03 - 0000000 ____D C:\Windows\System32\000000000
2012-03-17 06:03 - 2012-02-16 22:38 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-03-17 06:03 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-17 06:03 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-17 06:03 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-17 06:03 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-17 06:03 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-17 06:03 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-17 06:03 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-17 06:03 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-17 06:03 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-17 06:03 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-17 05:11 - 2012-03-17 05:11 - 0000000 ____D C:\Users\sergey\AppData\Local\ElevatedDiagnostics
2012-03-13 19:22 - 2012-03-13 19:22 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-11 08:31 - 2012-03-11 08:31 - 0000000 ____D C:\Users\sergey\AppData\Roaming\LJ-Sec
2012-03-09 23:36 - 2012-03-09 23:36 - 0000000 ____D C:\Users\alexey\Local Settings\CrashRpt
2012-03-09 23:36 - 2012-03-09 23:36 - 0000000 ____D C:\Users\alexey\AppData\Local\CrashRpt
2012-03-09 06:50 - 2012-03-09 06:50 - 0000000 ____D C:\Users\sergey\AppData\Local\CrashRpt
2012-02-24 19:56 - 2012-02-24 19:56 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-24 19:56 - 2012-02-24 19:56 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-24 19:56 - 2012-02-24 19:56 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-23 08:15 - 2012-03-04 02:56 - 0002182 ____A C:\Users\alexey\.kdiff3rc
2012-02-23 07:13 - 2012-02-23 07:13 - 0000200 ____A C:\Users\alexey\.hgrc
2012-02-19 06:33 - 2011-12-13 23:43 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-19 06:33 - 2011-12-13 23:16 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-19 06:33 - 2011-12-13 23:11 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-19 06:33 - 2011-12-13 23:04 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-19 06:33 - 2011-12-13 23:04 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-19 06:33 - 2011-12-13 23:03 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-19 06:33 - 2011-12-13 23:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-19 06:33 - 2011-12-13 23:01 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-19 06:33 - 2011-12-13 23:00 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-19 06:33 - 2011-12-13 22:59 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-19 06:33 - 2011-12-13 22:57 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-19 06:33 - 2011-12-13 22:57 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-19 06:33 - 2011-12-13 22:53 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-19 06:33 - 2011-12-13 19:30 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-19 06:33 - 2011-12-13 19:10 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-19 06:33 - 2011-12-13 19:04 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-19 06:33 - 2011-12-13 18:57 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-19 06:33 - 2011-12-13 18:57 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-19 06:33 - 2011-12-13 18:56 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-19 06:33 - 2011-12-13 18:55 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-19 06:33 - 2011-12-13 18:54 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-19 06:33 - 2011-12-13 18:53 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-19 06:33 - 2011-12-13 18:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-19 06:33 - 2011-12-13 18:50 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-19 06:33 - 2011-12-13 18:50 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-19 06:33 - 2011-12-13 18:47 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-19 06:32 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-02-19 06:32 - 2012-01-04 02:44 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-02-19 06:32 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-02-19 06:32 - 2012-01-04 00:58 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-02-19 06:32 - 2011-12-16 00:46 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-02-19 06:32 - 2011-12-15 23:52 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-02-19 06:31 - 2011-12-29 22:26 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-02-19 06:31 - 2011-12-29 21:27 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-02-19 06:31 - 2011-12-27 19:59 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys


============ 3 Months Modified Files and Folders =============

2012-03-18 08:46 - 2012-03-18 08:46 - 0000000 ____D C:\FRST
2012-03-17 20:44 - 2009-10-23 20:09 - 0000000 ____D C:\Users\sergey\AppData\Local\TSVNCache
2012-03-17 20:44 - 2009-10-16 11:43 - 1683409 ____A C:\Windows\WindowsUpdate.log
2012-03-17 20:43 - 2009-10-18 07:34 - 0000000 ____D C:\Users\sergey\AppData\Roaming\uTorrent
2012-03-17 20:38 - 2009-11-03 21:49 - 0000968 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-17 20:17 - 2009-07-13 20:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-17 20:17 - 2009-07-13 20:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-17 20:10 - 2012-02-12 01:09 - 0000000 ____D C:\Users\sergey\AppData\Roaming\TortoiseHg
2012-03-17 20:10 - 2011-09-21 19:27 - 0000000 ____D C:\Users\sergey\AppData\Local\Htc
2012-03-17 20:10 - 2009-11-03 21:49 - 0000964 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-17 20:09 - 2010-05-16 00:26 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-03-17 20:09 - 2009-10-16 21:24 - 0478484 ____A C:\Windows\PFRO.log
2012-03-17 20:09 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-17 20:09 - 2009-07-13 20:51 - 0162205 ____A C:\Windows\setupact.log
2012-03-17 11:30 - 2012-03-17 11:30 - 0051712 ____A C:\Windows\System32\consrv.dll
2012-03-17 07:44 - 2012-03-17 07:44 - 0000166 ____A C:\Users\sergey\defogger_reenable
2012-03-17 07:44 - 2009-10-16 20:41 - 0000000 ____D C:\users\sergey
2012-03-17 07:23 - 2012-03-17 07:23 - 0034649 ____A C:\ComboFix.txt
2012-03-17 07:23 - 2012-03-17 07:10 - 0000000 ____D C:\Qoobox
2012-03-17 07:23 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-03-17 07:22 - 2012-03-17 07:10 - 0000000 ____D C:\Windows\ERDNT
2012-03-17 07:20 - 2012-03-17 07:20 - 0000000 ____D C:\$RECYCLE.BIN
2012-03-17 07:20 - 2011-08-03 09:07 - 0005878 _RASH C:\Users\All Users\ntuser.pol
2012-03-17 07:20 - 2011-08-03 09:07 - 0005878 _RASH C:\ProgramData\ntuser.pol
2012-03-17 07:20 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-03-17 07:19 - 2009-07-13 18:34 - 33292288 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-17 07:19 - 2009-07-13 18:34 - 2621440 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-17 07:19 - 2009-07-13 18:34 - 120061952 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-17 07:19 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-17 07:19 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-17 07:18 - 2012-03-17 07:18 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-17 07:04 - 2012-03-17 07:04 - 0000444 ____A C:\Users\sergey\Desktop\Win32kDiag.txt
2012-03-17 06:59 - 2012-03-17 06:59 - 0003904 ____A C:\TDSSKiller.2.7.20.0_17.03.2012_18.59.38_log.txt
2012-03-17 06:58 - 2012-03-17 06:57 - 0187122 ____A C:\TDSSKiller.2.7.20.0_17.03.2012_18.57.35_log.txt
2012-03-17 06:55 - 2010-02-24 06:20 - 0000000 ____D C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2012-03-17 06:49 - 2012-03-17 06:49 - 0023856 ____A (ESET spol. s r.o.) C:\Windows\System32\Drivers\SirefefRemover.sys
2012-03-17 06:40 - 2009-07-13 20:45 - 3056848 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-17 06:29 - 2011-12-02 08:52 - 0731510 ____A C:\Windows\ntbtlog.txt
2012-03-17 06:05 - 2009-10-16 21:17 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-17 06:03 - 2012-03-17 06:03 - 0000000 ____D C:\Windows\System32\000000000
2012-03-17 05:11 - 2012-03-17 05:11 - 0000000 ____D C:\Users\sergey\AppData\Local\ElevatedDiagnostics
2012-03-17 01:01 - 2010-03-20 02:02 - 0000344 ____A C:\Windows\Tasks\At1.job
2012-03-16 20:31 - 2011-10-11 08:15 - 0000000 ____D C:\Users\sergey\AppData\Roaming\cabal
2012-03-14 08:29 - 2010-04-20 08:26 - 0000000 ____D C:\Users\sergey\Documents\BioWare
2012-03-13 20:16 - 2009-10-16 21:27 - 0791776 ____A C:\Windows\System32\perfh019.dat
2012-03-13 20:16 - 2009-10-16 21:27 - 0175792 ____A C:\Windows\System32\perfc019.dat
2012-03-13 20:16 - 2009-07-13 21:13 - 1833772 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-13 19:42 - 2009-07-13 21:08 - 0032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-13 19:41 - 2011-10-09 06:20 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-13 19:40 - 2009-10-19 07:46 - 0788445 ____A C:\Windows\DirectX.log
2012-03-13 19:22 - 2012-03-13 19:22 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-13 19:22 - 2011-07-11 08:11 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-13 09:57 - 2011-10-01 20:06 - 0000000 ____D C:\Users\alexey\Local Settings\TSVNCache
2012-03-13 09:57 - 2011-10-01 20:06 - 0000000 ____D C:\Users\alexey\AppData\Local\TSVNCache
2012-03-13 09:04 - 2012-02-12 03:53 - 0000000 ____D C:\Users\alexey\Application Data\TortoiseHg
2012-03-13 09:04 - 2012-02-12 03:53 - 0000000 ____D C:\Users\alexey\AppData\Roaming\TortoiseHg
2012-03-13 09:04 - 2011-10-01 20:05 - 0000000 ____D C:\Users\alexey\Local Settings\Htc
2012-03-13 09:04 - 2011-10-01 20:05 - 0000000 ____D C:\Users\alexey\AppData\Local\Htc
2012-03-11 08:31 - 2012-03-11 08:31 - 0000000 ____D C:\Users\sergey\AppData\Roaming\LJ-Sec
2012-03-10 19:56 - 2009-10-22 20:45 - 0000000 ____D C:\Users\sergey\Documents\Visual Studio 2008
2012-03-09 23:36 - 2012-03-09 23:36 - 0000000 ____D C:\Users\alexey\Local Settings\CrashRpt
2012-03-09 23:36 - 2012-03-09 23:36 - 0000000 ____D C:\Users\alexey\AppData\Local\CrashRpt
2012-03-09 06:50 - 2012-03-09 06:50 - 0000000 ____D C:\Users\sergey\AppData\Local\CrashRpt
2012-03-09 06:50 - 2010-06-28 19:37 - 0000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2012-03-08 20:26 - 2009-11-10 21:58 - 0000000 ____D C:\Users\sergey\AppData\Local\Paint.NET
2012-03-04 05:32 - 2012-02-12 04:20 - 0000000 ____D C:\Users\alexey\My Documents\PythonProjects
2012-03-04 05:32 - 2012-02-12 04:20 - 0000000 ____D C:\Users\alexey\Documents\PythonProjects
2012-03-04 02:56 - 2012-02-23 08:15 - 0002182 ____A C:\Users\alexey\.kdiff3rc
2012-03-03 03:55 - 2010-03-20 10:04 - 0000000 ____D C:\Users\sergey\.sn
2012-03-02 22:44 - 2009-10-17 08:04 - 0000000 ____D C:\Users\sergey\AppData\Local\Microsoft Help
2012-02-24 19:56 - 2012-02-24 19:56 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-02-24 19:56 - 2012-02-24 19:56 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-02-24 19:56 - 2012-02-24 19:56 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-02-24 19:56 - 2011-04-06 19:31 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-02-23 08:15 - 2009-10-23 21:32 - 0000000 ____D C:\users\alexey
2012-02-23 08:14 - 2012-02-12 04:25 - 0000077 ____A C:\Users\alexey\mercurial.ini
2012-02-23 07:24 - 2011-10-01 20:10 - 0000000 ___RD C:\Users\alexey\Virtual Machines
2012-02-23 07:24 - 2011-10-01 20:08 - 0000402 __ASH C:\Users\alexey\My Documents\desktop.ini
2012-02-23 07:24 - 2011-10-01 20:07 - 0000174 ___SH C:\Users\alexey\Start Menu\Programs\Startup\desktop.ini
2012-02-23 07:24 - 2011-10-01 20:07 - 0000174 ___SH C:\Users\alexey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-23 07:13 - 2012-02-23 07:13 - 0000200 ____A C:\Users\alexey\.hgrc
2012-02-22 21:18 - 2009-10-16 21:07 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 08:57 - 2009-10-17 06:47 - 0000000 ___RD C:\Users\sergey\Virtual Machines
2012-02-19 06:54 - 2009-10-16 20:41 - 0000174 ___SH C:\Users\sergey\Start Menu\Programs\Startup\desktop.ini
2012-02-19 06:54 - 2009-10-16 20:41 - 0000174 ___SH C:\Users\sergey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-19 06:47 - 2010-05-16 00:26 - 0006926 ____A C:\Windows\System32\lvcoinst.log
2012-02-19 06:37 - 2010-05-16 00:26 - 0000000 ____D C:\Program Files\Common Files\logishrd
2012-02-16 22:38 - 2012-03-17 06:03 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-02-16 22:38 - 2012-03-17 06:03 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-17 06:03 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-17 06:03 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-17 06:03 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-11 09:02 - 2011-04-17 08:52 - 0000000 ____D C:\Users\sergey\AppData\Roaming\foobar2000
2012-02-10 23:09 - 2009-10-23 22:22 - 0000000 ____D C:\Users\sergey\key
2012-02-09 22:36 - 2012-03-17 06:03 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-17 06:03 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 04:50 - 2011-10-01 20:07 - 0000000 ____D C:\Users\alexey\Application Data\HTC
2012-02-08 04:50 - 2011-10-01 20:07 - 0000000 ____D C:\Users\alexey\AppData\Roaming\HTC
2012-02-08 04:50 - 2011-10-01 20:06 - 0000000 ____D C:\Users\alexey\Local Settings\VirtualStore
2012-02-08 04:50 - 2011-10-01 20:06 - 0000000 ____D C:\Users\alexey\AppData\Local\VirtualStore
2012-02-07 04:48 - 2011-11-07 03:57 - 0000000 ____D C:\Windows\rescache
2012-02-06 19:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\ru-RU
2012-02-06 19:26 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-02-04 07:21 - 2012-02-04 07:15 - 0000000 ____D C:\Users\sergey\Documents\Witcher 2
2012-02-04 07:15 - 2012-02-04 07:15 - 0000000 ____D C:\Users\sergey\AppData\Local\The Witcher 2
2012-02-02 20:34 - 2012-03-17 06:03 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-29 00:42 - 2012-01-29 00:42 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2012-01-29 00:40 - 2012-01-29 00:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2012-01-29 00:40 - 2012-01-29 00:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motoandroid_01007.Wdf
2012-01-29 00:40 - 2012-01-29 00:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2012-01-29 00:40 - 2012-01-29 00:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2012-01-29 00:40 - 2012-01-29 00:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2012-01-29 00:40 - 2012-01-29 00:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2012-01-29 00:39 - 2012-01-29 00:39 - 0000000 ____D C:\Program Files\Motorola Inc
2012-01-29 00:39 - 2012-01-29 00:39 - 0000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-01-29 00:39 - 2012-01-29 00:39 - 0000000 ____D C:\Program Files (x86)\Motorola
2012-01-25 20:03 - 2012-01-25 20:01 - 0000000 ____D C:\Users\sergey\AppData\Roaming\XnView
2012-01-24 22:38 - 2012-03-17 06:03 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-17 06:03 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-17 06:03 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 09:47 - 2010-05-20 09:28 - 0000000 ____D C:\Users\sergey\AppData\Roaming\vlc
2012-01-21 03:51 - 2012-01-21 03:51 - 0000000 ____D C:\Users\sergey\AppData\Roaming\pcPlayer
2012-01-20 00:39 - 2012-01-20 00:39 - 0000688 ____A C:\Users\All Users\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
2012-01-20 00:39 - 2012-01-20 00:39 - 0000000 ____D C:\Users\All Users\Dyn
2012-01-20 00:39 - 2012-01-20 00:39 - 0000000 ____D C:\ProgramData\Dyn
2012-01-18 20:59 - 2012-01-18 20:59 - 0001094 ____A C:\Users\Public\Desktop\HTC Sync.lnk
2012-01-18 20:59 - 2011-04-15 19:47 - 0000000 ____D C:\Users\sergey\AppData\Roaming\HTC
2012-01-18 20:59 - 2011-04-15 19:46 - 0000000 ____D C:\Users\sergey\AppData\Local\Downloaded Installations
2012-01-18 20:58 - 2010-07-31 03:40 - 0594616 ____A C:\Windows\DPINST.LOG
2012-01-17 18:44 - 2012-01-17 18:44 - 4865568 ____A (Logitech Inc.) C:\Windows\System32\Drivers\lvuvc64.sys
2012-01-17 18:44 - 2012-01-17 18:44 - 10920984 ____A C:\Windows\SysWOW64\LogiDPP.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 10920984 ____A C:\Windows\System32\LogiDPP.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0769312 ____A (Logitech Inc.) C:\Windows\System32\LVUI64.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0561440 ____A (Logitech Inc.) C:\Windows\System32\LVUIRC64.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0545056 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0540960 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0336408 ____A C:\Windows\SysWOW64\DevManagerCore.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0336408 ____A C:\Windows\System32\DevManagerCore.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0307488 ____A (Logitech Inc.) C:\Windows\SysWOW64\lvcodec2.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0263456 ____A (Logitech Inc.) C:\Windows\System32\lvco13311044.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0176416 ____A (Logitech Inc.) C:\Windows\System32\lvcod64.dll
2012-01-17 18:44 - 2012-01-17 18:44 - 0104472 ____A C:\Windows\SysWOW64\LogiDPPApp.exe
2012-01-17 18:44 - 2012-01-17 18:44 - 0104472 ____A C:\Windows\System32\LogiDPPApp.exe
2012-01-14 00:36 - 2010-10-08 19:17 - 0001705 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-14 00:36 - 2009-10-18 08:09 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-14 00:36 - 2009-10-18 08:09 - 0000000 ____D C:\ProgramData\Adobe
2012-01-09 01:22 - 2012-01-09 01:22 - 0009048 ____A C:\Users\sergey\Downloads\config.bin
2012-01-04 02:44 - 2012-02-19 06:32 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 02:44 - 2012-02-19 06:32 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 00:59 - 2012-02-19 06:32 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 00:58 - 2012-02-19 06:32 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2011-12-29 22:26 - 2012-02-19 06:31 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2011-12-29 21:27 - 2012-02-19 06:31 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2011-12-27 19:59 - 2012-02-19 06:31 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-25 08:04 - 2011-10-29 07:27 - 0000000 ____D C:\Users\sergey\AppData\Roaming\Free Download Manager

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 4094.18 MB
Available physical RAM: 3413.04 MB
Total Pagefile: 4092.33 MB
Available Pagefile: 3409.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (System) (Fixed) (Total:49.9 GB) (Free:1.48 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:500 GB) (Free:12.43 GB) NTFS
3 Drive e: (Programs) (Fixed) (Total:585.94 GB) (Free:0.85 GB) NTFS
4 Drive f: (XP) (Fixed) (Total:61.25 GB) (Free:3.27 GB) NTFS
5 Drive h: (Programs) (Fixed) (Total:200.07 GB) (Free:1.29 GB) NTFS
7 Drive j: () (Removable) (Total:14.91 GB) (Free:5.77 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 3072 KB
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 49 GB 101 MB
Partition 3 Primary 200 GB 50 GB
Partition 0 Extended 1147 GB 250 GB
Partition 4 Logical 500 GB 250 GB
Partition 5 Logical 585 GB 750 GB
Partition 6 Logical 61 GB 1336 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C System NTFS Partition 49 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 H Programs NTFS Partition 200 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D Data NTFS Partition 500 GB Healthy

======================================================================================================

Disk: 0
Partition 5
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E Programs NTFS Partition 585 GB Healthy

======================================================================================================

Disk: 0
Partition 6
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F XP NTFS Partition 61 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 14 GB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-03-10 03:06

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 18 March 2012 - 06:35 AM

Hello

I would like you to run the fix below and when it is complete I need you to rerun combofix and send me the report.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 winmtsrv; C:\Windows\System32\BRCMDECO.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\BRCMDECO.dll
NETSVC: winmtsrv
2012-03-17 01:01 - 2010-03-20 02:02 - 0000344 ____A C:\Windows\Tasks\At1.job

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 iamphet

iamphet
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 18 March 2012 - 07:37 AM

Thank you, the problem appears to be fixed. If you don't mind my asking, how you determined it is BRCMDECO.dll?

Fixlog.txt
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-18 16:12:58 R:1
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager\SubSystems\\Windows Value was restored.
winmtsrv service deleted successfully.
C:\Windows\System32\BRCMDECO.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs winmtsrv Deleted successfully.
C:\Windows\Tasks\At1.job moved successfully.

==== End of Fixlog ====


ComboFix.txt
ComboFix 12-03-16.05 - sergey 18/03/2012 16:16:20.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.2614 [GMT 4:00]
Running from: e:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 16:46 . 2012-03-18 16:47 -------- d-----w- C:\FRST
2012-03-18 12:22 . 2012-03-18 12:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-18 12:22 . 2012-03-18 12:22 -------- d-----w- c:\users\sshd_server\AppData\Local\temp
2012-03-18 12:22 . 2012-03-18 12:22 -------- d-----w- c:\users\sergey\AppData\Local\temp
2012-03-18 12:22 . 2012-03-18 12:22 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-03-18 12:22 . 2012-03-18 12:22 -------- d-----w- c:\users\julia\AppData\Local\temp
2012-03-18 12:22 . 2012-03-18 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 12:22 . 2012-03-18 12:22 -------- d-----w- c:\users\alexey\AppData\Local\temp
2012-03-18 09:22 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19F4755C-1A4C-4A8B-A411-609474B9EF61}\mpengine.dll
2012-03-17 14:49 . 2012-03-17 14:49 23856 ----a-w- c:\windows\system32\drivers\SirefefRemover.sys
2012-03-17 14:08 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-17 14:08 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-17 14:08 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-17 14:03 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 14:03 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-17 14:03 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-17 14:03 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 14:03 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-17 14:03 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 14:03 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 14:03 . 2012-03-18 07:21 -------- d-----w- c:\windows\system32\000000000
2012-03-17 14:03 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 14:03 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 14:03 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 14:03 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 13:11 . 2012-03-17 13:11 -------- d-----w- c:\users\sergey\AppData\Local\ElevatedDiagnostics
2012-03-14 03:41 . 2012-03-14 03:41 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-03-14 03:22 . 2012-03-14 03:22 -------- d-----w- c:\windows\system32\Macromed
2012-03-11 16:31 . 2012-03-11 16:31 -------- d-----w- c:\users\sergey\AppData\Roaming\LJ-Sec
2012-03-10 07:36 . 2012-03-10 07:36 -------- d-----w- c:\users\alexey\AppData\Local\CrashRpt
2012-03-09 14:50 . 2012-03-09 14:50 -------- d-----w- c:\users\sergey\AppData\Local\CrashRpt
2012-03-09 14:50 . 2012-03-09 14:50 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
2012-02-25 03:57 . 2012-02-25 03:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-19 14:32 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-19 14:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-19 14:32 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-19 14:32 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-19 14:31 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-19 14:31 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-19 14:31 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:22 . 2011-07-11 16:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-25 03:56 . 2011-04-07 03:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 05:18 . 2009-10-17 05:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-18 02:44 . 2012-01-18 02:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 02:44 . 2012-01-18 02:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 02:44 . 2012-01-18 02:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 02:44 . 2012-01-18 02:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 02:44 . 2012-01-18 02:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 02:44 . 2012-01-18 02:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 02:44 . 2012-01-18 02:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 02:44 . 2012-01-18 02:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 02:44 . 2012-01-18 02:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 02:44 . 2012-01-18 02:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 02:44 . 2012-01-18 02:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 02:44 . 2012-01-18 02:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 02:44 . 2012-01-18 02:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 02:44 . 2012-01-18 02:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_15.20.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-17 15:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-18 07:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-17 15:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 07:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-17 15:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 07:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-17 05:29 . 2012-03-18 12:15 61894 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-18 12:15 52462 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-17 04:50 . 2012-03-18 12:15 27136 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181007309-1228823779-3126726313-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-03-18 08:17 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-02-19 14:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-10-16 19:44 . 2012-03-18 04:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-16 19:44 . 2012-03-17 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-16 19:44 . 2012-03-17 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-16 19:44 . 2012-03-18 04:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 04:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-17 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-16 19:43 . 2012-03-18 12:10 10794 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-10-16 19:43 . 2012-03-17 15:18 10794 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-03-17 15:19 . 2012-03-17 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-18 12:14 . 2012-03-18 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 15:19 . 2012-03-17 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-18 12:14 . 2012-03-18 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-17 05:27 . 2012-03-14 04:16 791776 c:\windows\system32\perfh019.dat
+ 2009-10-17 05:27 . 2012-03-18 05:06 791776 c:\windows\system32\perfh019.dat
- 2009-07-14 02:36 . 2012-03-14 04:16 720416 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-18 05:06 720416 c:\windows\system32\perfh009.dat
- 2009-10-17 05:27 . 2012-03-14 04:16 175792 c:\windows\system32\perfc019.dat
+ 2009-10-17 05:27 . 2012-03-18 05:06 175792 c:\windows\system32\perfc019.dat
+ 2009-07-14 02:36 . 2012-03-18 05:06 147336 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-14 04:16 147336 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-03-18 08:17 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-19 14:37 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-19 14:37 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-03-18 08:17 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-03-18 12:10 526396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-17 15:18 526396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-14 03:28 . 2012-03-18 07:37 223744 c:\windows\assembly\temp\twl.dll
- 2012-03-14 03:28 . 2012-03-17 14:03 223744 c:\windows\assembly\temp\twl.dll
+ 2011-06-30 18:46 . 2012-03-18 12:10 2549856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1181007309-1228823779-3126726313-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-10-24 611712]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ConnectionCenter"="c:\users\sergey\AppData\Local\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Bonus.SSR.FR10"="d:\design\FineReader 10\Bonus.ScreenshotReader.exe" [2011-06-08 941320]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="d:\design\Adobe Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dyn Updater Tray Icon.lnk - d:\inet\Dyn Updater\DynTray.exe [2011-11-15 78192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SirefefRemover]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-04 135664]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R2 sshd;CYGWIN sshd;d:\develop\Cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-18 1038088]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Служба Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-04 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 LVUVC64;Logitech Webcam C100(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 privoxy;Privoxy (privoxy);d:\inet\Privoxy\privoxy.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SirefefRemover;SirefefRemover;c:\windows\system32\Drivers\SirefefRemover.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-02-28 430440]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 Dyn Updater;Dyn Updater;d:\inet\Dyn Updater\DynUpSvc.exe [2011-11-15 95608]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-10-20 341312]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-10-20 67904]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-04 05:49]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-04 05:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"TortoiseHgOverlayIconServer"="d:\develop\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-01-02 52688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8118
uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: check in my books
IE: Copy to Semagic - d:\inet\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Semagic - d:\inet\Semagic\link.htm
IE: Translate this web page with Babylon - d:\utils\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - d:\utils\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
Trusted Zone: gs.com\access
Trusted Zone: gs.com\emea-login
TCP: DhcpNameServer = 192.168.123.1 192.168.123.1
FF - ProfilePath - c:\users\sergey\AppData\Roaming\Mozilla\Firefox\Profiles\u640ew9s.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1181007309-1228823779-3126726313-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2F753648-D9B5-F3DD-8009-C235DD503B1B}*]
"najkcnflhjenejojbbdgipkbahce"=hex:6a,61,70,64,63,6b,6f,6e,61,6c,6d,6a,65,67,
64,61,61,6c,63,63,00,00
.
[HKEY_USERS\S-1-5-21-1181007309-1228823779-3126726313-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,55,cd,40,96,df,ae,05,1f,e6,07,f0,04,ca,12,cc,08,bb,f9,db,e8,
a4,34,4d,03,9a,b2,0a,0d,9a,d8,24,62,e3,63,a7,6e,ae,ba,2b,f0,ee,0a,bd,59,09,\
"rkeysecu"=hex:69,a2,9d,a4,d6,df,97,e7,be,55,ea,0f,24,cb,d1,bc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-18 16:24:46
ComboFix-quarantined-files.txt 2012-03-18 12:24
.
Pre-Run: 1,628,749,824 bytes free
Post-Run: 1,543,983,104 bytes free
.
- - End Of File - - BD1DBAAB6FF6C01E55473ABC4BC762FC

Edited by iamphet, 18 March 2012 - 07:40 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 18 March 2012 - 07:41 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 iamphet

iamphet
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 18 March 2012 - 08:16 AM

TDSSKiller.2.7.20.0_18.03.2012_16.50.11_log.txt:

16:50:11.0105 3648 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:50:11.0695 3648 ============================================================
16:50:11.0695 3648 Current date / time: 2012/03/18 16:50:11.0695
16:50:11.0695 3648 SystemInfo:
16:50:11.0695 3648
16:50:11.0695 3648 OS Version: 6.1.7601 ServicePack: 1.0
16:50:11.0695 3648 Product type: Workstation
16:50:11.0695 3648 ComputerName: SHUTTLE
16:50:11.0695 3648 UserName: sergey
16:50:11.0695 3648 Windows directory: C:\Windows
16:50:11.0695 3648 System windows directory: C:\Windows
16:50:11.0695 3648 Running under WOW64
16:50:11.0695 3648 Processor architecture: Intel x64
16:50:11.0695 3648 Number of processors: 2
16:50:11.0695 3648 Page size: 0x1000
16:50:11.0695 3648 Boot type: Normal boot
16:50:11.0695 3648 ============================================================
16:50:12.0344 3648 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:50:12.0364 3648 \Device\Harddisk0\DR0:
16:50:12.0364 3648 MBR used
16:50:12.0364 3648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:50:12.0364 3648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x63CE000
16:50:12.0364 3648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6400800, BlocksNum 0x19024000
16:50:12.0375 3648 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1F425000, BlocksNum 0x3E800000
16:50:12.0390 3648 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x5DC25800, BlocksNum 0x493E0000
16:50:12.0405 3648 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0xA7006000, BlocksNum 0x7A81000
16:50:12.0860 3648 Initialize success
16:50:12.0860 3648 ============================================================
16:50:35.0632 2752 ============================================================
16:50:35.0632 2752 Scan started
16:50:35.0632 2752 Mode: Manual;
16:50:35.0632 2752 ============================================================
16:50:36.0104 2752 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:50:36.0120 2752 1394ohci - ok
16:50:36.0135 2752 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:50:36.0151 2752 ACPI - ok
16:50:36.0166 2752 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:50:36.0166 2752 AcpiPmi - ok
16:50:36.0198 2752 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
16:50:36.0198 2752 adfs - ok
16:50:36.0244 2752 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:50:36.0244 2752 adp94xx - ok
16:50:36.0276 2752 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:50:36.0276 2752 adpahci - ok
16:50:36.0291 2752 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:50:36.0291 2752 adpu320 - ok
16:50:36.0322 2752 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:50:36.0322 2752 AFD - ok
16:50:36.0338 2752 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:50:36.0338 2752 agp440 - ok
16:50:36.0369 2752 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:50:36.0369 2752 aliide - ok
16:50:36.0385 2752 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:50:36.0385 2752 amdide - ok
16:50:36.0400 2752 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:50:36.0400 2752 AmdK8 - ok
16:50:36.0416 2752 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:50:36.0416 2752 AmdPPM - ok
16:50:36.0510 2752 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:50:36.0510 2752 amdsata - ok
16:50:36.0510 2752 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:50:36.0510 2752 amdsbs - ok
16:50:36.0541 2752 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:50:36.0541 2752 amdxata - ok
16:50:36.0556 2752 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:50:36.0556 2752 AppID - ok
16:50:36.0572 2752 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:50:36.0572 2752 arc - ok
16:50:36.0588 2752 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:50:36.0588 2752 arcsas - ok
16:50:36.0603 2752 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:36.0603 2752 AsyncMac - ok
16:50:36.0623 2752 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:50:36.0624 2752 atapi - ok
16:50:36.0647 2752 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
16:50:36.0649 2752 atksgt - ok
16:50:36.0676 2752 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:50:36.0680 2752 b06bdrv - ok
16:50:36.0700 2752 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:50:36.0703 2752 b57nd60a - ok
16:50:36.0722 2752 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:50:36.0722 2752 Beep - ok
16:50:36.0739 2752 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:50:36.0740 2752 blbdrive - ok
16:50:36.0764 2752 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:50:36.0765 2752 bowser - ok
16:50:36.0773 2752 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:50:36.0774 2752 BrFiltLo - ok
16:50:36.0789 2752 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:50:36.0790 2752 BrFiltUp - ok
16:50:36.0811 2752 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:50:36.0812 2752 BridgeMP - ok
16:50:36.0829 2752 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:50:36.0832 2752 Brserid - ok
16:50:36.0843 2752 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:50:36.0844 2752 BrSerWdm - ok
16:50:36.0854 2752 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:50:36.0854 2752 BrUsbMdm - ok
16:50:36.0860 2752 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:50:36.0861 2752 BrUsbSer - ok
16:50:36.0883 2752 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
16:50:36.0884 2752 BTCFilterService - ok
16:50:36.0907 2752 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:50:36.0908 2752 BthEnum - ok
16:50:36.0924 2752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:50:36.0925 2752 BTHMODEM - ok
16:50:36.0971 2752 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:50:36.0973 2752 BthPan - ok
16:50:36.0999 2752 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:50:37.0012 2752 BTHPORT - ok
16:50:37.0028 2752 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:50:37.0029 2752 BTHUSB - ok
16:50:37.0054 2752 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
16:50:37.0054 2752 btusbflt - ok
16:50:37.0058 2752 catchme - ok
16:50:37.0075 2752 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:37.0076 2752 cdfs - ok
16:50:37.0101 2752 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:37.0103 2752 cdrom - ok
16:50:37.0116 2752 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:50:37.0117 2752 circlass - ok
16:50:37.0142 2752 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:50:37.0146 2752 CLFS - ok
16:50:37.0164 2752 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:37.0165 2752 CmBatt - ok
16:50:37.0176 2752 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:50:37.0177 2752 cmdide - ok
16:50:37.0205 2752 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:50:37.0209 2752 CNG - ok
16:50:37.0224 2752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:37.0225 2752 Compbatt - ok
16:50:37.0245 2752 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:50:37.0246 2752 CompositeBus - ok
16:50:37.0259 2752 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:50:37.0260 2752 crcdisk - ok
16:50:37.0291 2752 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:50:37.0296 2752 CSC - ok
16:50:37.0325 2752 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
16:50:37.0326 2752 ctxusbm - ok
16:50:37.0366 2752 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
16:50:37.0366 2752 dc3d - ok
16:50:37.0391 2752 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:50:37.0392 2752 DfsC - ok
16:50:37.0403 2752 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:50:37.0404 2752 discache - ok
16:50:37.0417 2752 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:50:37.0418 2752 Disk - ok
16:50:37.0511 2752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:50:37.0512 2752 drmkaud - ok
16:50:37.0550 2752 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:37.0554 2752 DXGKrnl - ok
16:50:37.0606 2752 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:50:37.0642 2752 ebdrv - ok
16:50:37.0658 2752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:50:37.0673 2752 elxstor - ok
16:50:37.0689 2752 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
16:50:37.0689 2752 ENTECH64 - ok
16:50:37.0704 2752 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:50:37.0704 2752 ErrDev - ok
16:50:37.0720 2752 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:50:37.0720 2752 exfat - ok
16:50:37.0736 2752 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:50:37.0736 2752 fastfat - ok
16:50:37.0751 2752 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:50:37.0751 2752 fdc - ok
16:50:37.0767 2752 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:50:37.0767 2752 FileInfo - ok
16:50:37.0767 2752 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:50:37.0767 2752 Filetrace - ok
16:50:37.0798 2752 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:37.0798 2752 flpydisk - ok
16:50:37.0814 2752 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:50:37.0829 2752 FltMgr - ok
16:50:37.0829 2752 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:50:37.0845 2752 FsDepends - ok
16:50:37.0860 2752 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
16:50:37.0860 2752 fssfltr - ok
16:50:37.0876 2752 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:37.0876 2752 Fs_Rec - ok
16:50:37.0892 2752 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:50:37.0892 2752 fvevol - ok
16:50:37.0907 2752 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:50:37.0907 2752 gagp30kx - ok
16:50:37.0923 2752 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
16:50:37.0938 2752 ggflt - ok
16:50:37.0954 2752 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
16:50:37.0954 2752 ggsemc - ok
16:50:37.0985 2752 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
16:50:37.0985 2752 grmnusb - ok
16:50:38.0001 2752 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:50:38.0001 2752 hcw85cir - ok
16:50:38.0032 2752 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:50:38.0032 2752 HdAudAddService - ok
16:50:38.0048 2752 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:50:38.0048 2752 HDAudBus - ok
16:50:38.0063 2752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:50:38.0063 2752 HidBatt - ok
16:50:38.0079 2752 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:50:38.0079 2752 HidBth - ok
16:50:38.0094 2752 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:50:38.0094 2752 HidIr - ok
16:50:38.0110 2752 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:38.0110 2752 HidUsb - ok
16:50:38.0141 2752 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:50:38.0141 2752 HpSAMD - ok
16:50:38.0157 2752 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:50:38.0157 2752 HTCAND64 - ok
16:50:38.0192 2752 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
16:50:38.0193 2752 htcnprot - ok
16:50:38.0235 2752 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:50:38.0294 2752 HTTP - ok
16:50:38.0343 2752 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:50:38.0343 2752 hwpolicy - ok
16:50:38.0354 2752 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:50:38.0368 2752 i8042prt - ok
16:50:38.0396 2752 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:50:38.0400 2752 iaStorV - ok
16:50:38.0421 2752 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:50:38.0422 2752 iirsp - ok
16:50:38.0506 2752 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:50:38.0507 2752 intelide - ok
16:50:38.0522 2752 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:38.0523 2752 intelppm - ok
16:50:38.0546 2752 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:38.0558 2752 IpFilterDriver - ok
16:50:38.0591 2752 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:50:38.0592 2752 IPMIDRV - ok
16:50:38.0607 2752 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:50:38.0608 2752 IPNAT - ok
16:50:38.0619 2752 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:50:38.0620 2752 IRENUM - ok
16:50:38.0628 2752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:50:38.0629 2752 isapnp - ok
16:50:38.0646 2752 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:50:38.0649 2752 iScsiPrt - ok
16:50:38.0664 2752 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:50:38.0664 2752 kbdclass - ok
16:50:38.0690 2752 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:50:38.0691 2752 kbdhid - ok
16:50:38.0713 2752 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:50:38.0714 2752 KSecDD - ok
16:50:38.0725 2752 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:50:38.0727 2752 KSecPkg - ok
16:50:38.0739 2752 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:50:38.0740 2752 ksthunk - ok
16:50:38.0765 2752 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
16:50:38.0766 2752 lirsgt - ok
16:50:38.0782 2752 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:50:38.0783 2752 lltdio - ok
16:50:38.0807 2752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:50:38.0808 2752 LSI_FC - ok
16:50:38.0819 2752 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:50:38.0820 2752 LSI_SAS - ok
16:50:38.0837 2752 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:50:38.0838 2752 LSI_SAS2 - ok
16:50:38.0850 2752 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:50:38.0852 2752 LSI_SCSI - ok
16:50:38.0862 2752 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:50:38.0863 2752 luafv - ok
16:50:38.0879 2752 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:50:38.0880 2752 LVPr2M64 - ok
16:50:38.0882 2752 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:50:38.0882 2752 LVPr2Mon - ok
16:50:38.0957 2752 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:50:39.0017 2752 LVUVC64 - ok
16:50:39.0036 2752 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:50:39.0037 2752 megasas - ok
16:50:39.0059 2752 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:50:39.0062 2752 MegaSR - ok
16:50:39.0083 2752 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:50:39.0084 2752 Modem - ok
16:50:39.0092 2752 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:50:39.0093 2752 monitor - ok
16:50:39.0118 2752 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
16:50:39.0119 2752 motandroidusb - ok
16:50:39.0135 2752 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
16:50:39.0136 2752 motccgp - ok
16:50:39.0156 2752 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
16:50:39.0157 2752 motccgpfl - ok
16:50:39.0165 2752 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
16:50:39.0165 2752 motmodem - ok
16:50:39.0180 2752 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
16:50:39.0180 2752 MotoSwitchService - ok
16:50:39.0196 2752 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
16:50:39.0196 2752 Motousbnet - ok
16:50:39.0211 2752 motusbdevice (4244e427cda5f6485e74461b5b48a7b6) C:\Windows\system32\DRIVERS\motusbdevice.sys
16:50:39.0227 2752 motusbdevice - ok
16:50:39.0227 2752 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:50:39.0227 2752 mouclass - ok
16:50:39.0243 2752 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:50:39.0243 2752 mouhid - ok
16:50:39.0258 2752 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:50:39.0258 2752 mountmgr - ok
16:50:39.0274 2752 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:50:39.0274 2752 mpio - ok
16:50:39.0289 2752 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:50:39.0289 2752 mpsdrv - ok
16:50:39.0305 2752 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:50:39.0305 2752 MRxDAV - ok
16:50:39.0336 2752 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:50:39.0336 2752 mrxsmb - ok
16:50:39.0336 2752 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:50:39.0352 2752 mrxsmb10 - ok
16:50:39.0367 2752 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:50:39.0367 2752 mrxsmb20 - ok
16:50:39.0383 2752 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:50:39.0383 2752 msahci - ok
16:50:39.0399 2752 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:50:39.0399 2752 msdsm - ok
16:50:39.0414 2752 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:50:39.0414 2752 Msfs - ok
16:50:39.0430 2752 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:50:39.0461 2752 mshidkmdf - ok
16:50:39.0492 2752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:50:39.0492 2752 msisadrv - ok
16:50:39.0508 2752 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:50:39.0539 2752 MSKSSRV - ok
16:50:39.0633 2752 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:50:39.0633 2752 MSPCLOCK - ok
16:50:39.0648 2752 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:50:39.0648 2752 MSPQM - ok
16:50:39.0664 2752 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:50:39.0664 2752 MsRPC - ok
16:50:39.0679 2752 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:50:39.0695 2752 mssmbios - ok
16:50:39.0695 2752 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:50:39.0695 2752 MSTEE - ok
16:50:39.0726 2752 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:50:39.0727 2752 MTConfig - ok
16:50:39.0739 2752 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:50:39.0739 2752 Mup - ok
16:50:39.0759 2752 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:50:39.0762 2752 NativeWifiP - ok
16:50:39.0810 2752 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:50:39.0818 2752 NDIS - ok
16:50:39.0825 2752 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:50:39.0825 2752 NdisCap - ok
16:50:39.0832 2752 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:50:39.0833 2752 NdisTapi - ok
16:50:39.0849 2752 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:50:39.0849 2752 Ndisuio - ok
16:50:39.0858 2752 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:50:39.0860 2752 NdisWan - ok
16:50:39.0885 2752 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:50:39.0886 2752 NDProxy - ok
16:50:39.0899 2752 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:50:39.0900 2752 NetBIOS - ok
16:50:39.0922 2752 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:50:39.0924 2752 NetBT - ok
16:50:39.0962 2752 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys
16:50:39.0965 2752 netr7364 - ok
16:50:39.0984 2752 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:50:39.0985 2752 nfrd960 - ok
16:50:40.0002 2752 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:50:40.0003 2752 Npfs - ok
16:50:40.0015 2752 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:50:40.0016 2752 nsiproxy - ok
16:50:40.0050 2752 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:50:40.0073 2752 Ntfs - ok
16:50:40.0092 2752 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:50:40.0092 2752 NuidFltr - ok
16:50:40.0111 2752 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:50:40.0111 2752 Null - ok
16:50:40.0276 2752 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:50:40.0332 2752 nvlddmkm - ok
16:50:40.0366 2752 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:50:40.0368 2752 nvraid - ok
16:50:40.0397 2752 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:50:40.0399 2752 nvstor - ok
16:50:40.0420 2752 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:50:40.0421 2752 nv_agp - ok
16:50:40.0508 2752 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:50:40.0509 2752 ohci1394 - ok
16:50:40.0527 2752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:50:40.0528 2752 Parport - ok
16:50:40.0546 2752 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:50:40.0546 2752 partmgr - ok
16:50:40.0573 2752 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:50:40.0574 2752 pci - ok
16:50:40.0588 2752 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:50:40.0588 2752 pciide - ok
16:50:40.0628 2752 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:50:40.0630 2752 pcmcia - ok
16:50:40.0643 2752 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:50:40.0644 2752 pcw - ok
16:50:40.0663 2752 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:50:40.0669 2752 PEAUTH - ok
16:50:40.0710 2752 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:50:40.0710 2752 Point64 - ok
16:50:40.0734 2752 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:50:40.0734 2752 PptpMiniport - ok
16:50:40.0749 2752 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:50:40.0749 2752 Processor - ok
16:50:40.0781 2752 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:50:40.0781 2752 Psched - ok
16:50:40.0796 2752 PsxDrv (fda6efb7014e8c4524cb6b5b885e8a95) C:\Windows\system32\drivers\psxdrv.sys
16:50:40.0796 2752 PsxDrv - ok
16:50:40.0827 2752 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:50:40.0843 2752 ql2300 - ok
16:50:40.0859 2752 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:50:40.0859 2752 ql40xx - ok
16:50:40.0874 2752 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:50:40.0874 2752 QWAVEdrv - ok
16:50:40.0890 2752 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:50:40.0890 2752 RasAcd - ok
16:50:40.0905 2752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:50:40.0905 2752 RasAgileVpn - ok
16:50:40.0921 2752 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:50:40.0921 2752 Rasl2tp - ok
16:50:40.0952 2752 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:50:40.0952 2752 RasPppoe - ok
16:50:40.0968 2752 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:50:40.0968 2752 RasSstp - ok
16:50:40.0983 2752 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:50:40.0983 2752 rdbss - ok
16:50:40.0983 2752 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:50:40.0983 2752 rdpbus - ok
16:50:40.0999 2752 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:50:40.0999 2752 RDPCDD - ok
16:50:41.0030 2752 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:50:41.0030 2752 RDPDR - ok
16:50:41.0046 2752 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:50:41.0046 2752 RDPENCDD - ok
16:50:41.0061 2752 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:50:41.0061 2752 RDPREFMP - ok
16:50:41.0077 2752 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:50:41.0077 2752 RdpVideoMiniport - ok
16:50:41.0093 2752 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:50:41.0093 2752 RDPWD - ok
16:50:41.0124 2752 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:50:41.0124 2752 rdyboost - ok
16:50:41.0155 2752 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:50:41.0155 2752 RFCOMM - ok
16:50:41.0186 2752 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
16:50:41.0186 2752 RsFx0103 - ok
16:50:41.0186 2752 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:50:41.0202 2752 rspndr - ok
16:50:41.0217 2752 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
16:50:41.0217 2752 s0016bus - ok
16:50:41.0249 2752 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
16:50:41.0249 2752 s0016mdfl - ok
16:50:41.0264 2752 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
16:50:41.0264 2752 s0016mdm - ok
16:50:41.0292 2752 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
16:50:41.0293 2752 s0016mgmt - ok
16:50:41.0320 2752 s0016nd5 (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
16:50:41.0321 2752 s0016nd5 - ok
16:50:41.0341 2752 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
16:50:41.0343 2752 s0016obex - ok
16:50:41.0356 2752 s0016unic (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
16:50:41.0358 2752 s0016unic - ok
16:50:41.0379 2752 s1039bus (0031dd0c5d4446da0a3e02617dc6d642) C:\Windows\system32\DRIVERS\s1039bus.sys
16:50:41.0381 2752 s1039bus - ok
16:50:41.0405 2752 s1039mdfl (98c7dbe2290d8cb0235e9528f6a1a53d) C:\Windows\system32\DRIVERS\s1039mdfl.sys
16:50:41.0406 2752 s1039mdfl - ok
16:50:41.0430 2752 s1039mdm (7ef052a067d862ecd2a2335914611074) C:\Windows\system32\DRIVERS\s1039mdm.sys
16:50:41.0462 2752 s1039mdm - ok
16:50:41.0536 2752 s1039mgmt (bcc3f31f1fe1e78a5ba2cd6a0e44ba64) C:\Windows\system32\DRIVERS\s1039mgmt.sys
16:50:41.0538 2752 s1039mgmt - ok
16:50:41.0556 2752 s1039nd5 (a0cf11bffa41176ccd54e701ceb68921) C:\Windows\system32\DRIVERS\s1039nd5.sys
16:50:41.0557 2752 s1039nd5 - ok
16:50:41.0579 2752 s1039obex (bd2da968c5dcef51ba8014fbac7a0b6a) C:\Windows\system32\DRIVERS\s1039obex.sys
16:50:41.0580 2752 s1039obex - ok
16:50:41.0601 2752 s1039unic (96b4051b65c1974258a8a33a03c0b082) C:\Windows\system32\DRIVERS\s1039unic.sys
16:50:41.0602 2752 s1039unic - ok
16:50:41.0612 2752 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:50:41.0613 2752 s3cap - ok
16:50:41.0629 2752 SaiMini (296d0cc623eeb6d2b9800ad421f9116a) C:\Windows\system32\DRIVERS\SaiMini.sys
16:50:41.0629 2752 SaiMini - ok
16:50:41.0656 2752 SaiNtBus (6a77d63b566df14da0e7dd0d2c594ef7) C:\Windows\system32\drivers\SaiBus.sys
16:50:41.0657 2752 SaiNtBus - ok
16:50:41.0681 2752 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:50:41.0683 2752 sbp2port - ok
16:50:41.0699 2752 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:50:41.0700 2752 scfilter - ok
16:50:41.0716 2752 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:50:41.0717 2752 secdrv - ok
16:50:41.0731 2752 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
16:50:41.0732 2752 seehcri - ok
16:50:41.0745 2752 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:50:41.0746 2752 Serenum - ok
16:50:41.0758 2752 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:50:41.0759 2752 Serial - ok
16:50:41.0775 2752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:50:41.0776 2752 sermouse - ok
16:50:41.0801 2752 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:50:41.0802 2752 sffdisk - ok
16:50:41.0811 2752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:50:41.0811 2752 sffp_mmc - ok
16:50:41.0822 2752 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:50:41.0823 2752 sffp_sd - ok
16:50:41.0836 2752 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:50:41.0837 2752 sfloppy - ok
16:50:41.0862 2752 SirefefRemover (a72d9ee1032d99b3a34bf7144f3c11fc) C:\Windows\system32\Drivers\SirefefRemover.sys
16:50:41.0863 2752 SirefefRemover - ok
16:50:41.0876 2752 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:50:41.0877 2752 SiSRaid2 - ok
16:50:41.0890 2752 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:50:41.0892 2752 SiSRaid4 - ok
16:50:41.0905 2752 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:50:41.0906 2752 Smb - ok
16:50:41.0932 2752 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:50:41.0933 2752 spldr - ok
16:50:41.0969 2752 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
16:50:41.0977 2752 sptd - ok
16:50:42.0008 2752 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:50:42.0013 2752 srv - ok
16:50:42.0040 2752 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:50:42.0044 2752 srv2 - ok
16:50:42.0061 2752 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:50:42.0063 2752 srvnet - ok
16:50:42.0103 2752 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:50:42.0104 2752 stexstor - ok
16:50:42.0122 2752 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:50:42.0122 2752 storflt - ok
16:50:42.0144 2752 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:50:42.0145 2752 storvsc - ok
16:50:42.0173 2752 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:50:42.0173 2752 swenum - ok
16:50:42.0180 2752 Synth3dVsc - ok
16:50:42.0230 2752 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:50:42.0255 2752 Tcpip - ok
16:50:42.0272 2752 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:50:42.0287 2752 TCPIP6 - ok
16:50:42.0303 2752 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:50:42.0303 2752 tcpipreg - ok
16:50:42.0319 2752 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:50:42.0319 2752 TDPIPE - ok
16:50:42.0350 2752 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:50:42.0350 2752 TDTCP - ok
16:50:42.0365 2752 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:50:42.0365 2752 tdx - ok
16:50:42.0381 2752 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:50:42.0381 2752 TermDD - ok
16:50:42.0412 2752 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:50:42.0412 2752 tssecsrv - ok
16:50:42.0506 2752 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:50:42.0506 2752 TsUsbFlt - ok
16:50:42.0506 2752 tsusbhub - ok
16:50:42.0537 2752 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:50:42.0537 2752 tunnel - ok
16:50:42.0553 2752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:50:42.0553 2752 uagp35 - ok
16:50:42.0568 2752 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:50:42.0568 2752 udfs - ok
16:50:42.0584 2752 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:50:42.0599 2752 uliagpkx - ok
16:50:42.0615 2752 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:50:42.0615 2752 umbus - ok
16:50:42.0631 2752 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:50:42.0631 2752 UmPass - ok
16:50:42.0662 2752 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:50:42.0662 2752 usbccgp - ok
16:50:42.0677 2752 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:50:42.0693 2752 usbcir - ok
16:50:42.0709 2752 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:50:42.0709 2752 usbehci - ok
16:50:42.0724 2752 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:50:42.0724 2752 usbhub - ok
16:50:42.0755 2752 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:50:42.0755 2752 usbohci - ok
16:50:42.0755 2752 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:50:42.0755 2752 usbprint - ok
16:50:42.0787 2752 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:50:42.0787 2752 usbscan - ok
16:50:42.0802 2752 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:50:42.0802 2752 USBSTOR - ok
16:50:42.0818 2752 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:50:42.0818 2752 usbuhci - ok
16:50:42.0851 2752 VBoxDrv (978cbda15fda89d15dd3b2db5c8719a8) C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:50:42.0852 2752 VBoxDrv - ok
16:50:42.0879 2752 VBoxNetAdp (833d09b04ad198a30d7c78cd1db043db) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
16:50:42.0880 2752 VBoxNetAdp - ok
16:50:42.0908 2752 VBoxNetFlt (f5d3ebefc1b15acf568242258b84a14a) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
16:50:42.0909 2752 VBoxNetFlt - ok
16:50:42.0932 2752 VBoxUSB (2a76d35b25fad15fe785b3bc834b9799) C:\Windows\system32\Drivers\VBoxUSB.sys
16:50:42.0933 2752 VBoxUSB - ok
16:50:42.0951 2752 VBoxUSBMon (2c564ebbd24156d482fab5c2554b2f54) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:50:42.0951 2752 VBoxUSBMon - ok
16:50:42.0958 2752 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:50:42.0959 2752 vdrvroot - ok
16:50:42.0974 2752 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:50:42.0975 2752 vga - ok
16:50:42.0987 2752 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:50:42.0988 2752 VgaSave - ok
16:50:42.0994 2752 VGPU - ok
16:50:43.0023 2752 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
16:50:43.0026 2752 vhdmp - ok
16:50:43.0042 2752 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:50:43.0043 2752 viaide - ok
16:50:43.0062 2752 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:50:43.0064 2752 vmbus - ok
16:50:43.0087 2752 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:50:43.0088 2752 VMBusHID - ok
16:50:43.0094 2752 VMnetAdapter - ok
16:50:43.0106 2752 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:50:43.0107 2752 volmgr - ok
16:50:43.0131 2752 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:50:43.0134 2752 volmgrx - ok
16:50:43.0155 2752 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:50:43.0158 2752 volsnap - ok
16:50:43.0181 2752 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
16:50:43.0182 2752 vpcbus - ok
16:50:43.0204 2752 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
16:50:43.0206 2752 vpcnfltr - ok
16:50:43.0228 2752 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
16:50:43.0229 2752 vpcusb - ok
16:50:43.0246 2752 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\drivers\vpcuxd.sys
16:50:43.0246 2752 vpcuxd - ok
16:50:43.0270 2752 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
16:50:43.0273 2752 vpcvmm - ok
16:50:43.0284 2752 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:50:43.0286 2752 vsmraid - ok
16:50:43.0295 2752 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:50:43.0295 2752 vwifibus - ok
16:50:43.0308 2752 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:50:43.0309 2752 vwififlt - ok
16:50:43.0316 2752 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:50:43.0317 2752 vwifimp - ok
16:50:43.0330 2752 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:50:43.0331 2752 WacomPen - ok
16:50:43.0346 2752 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:50:43.0347 2752 WANARP - ok
16:50:43.0350 2752 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:50:43.0350 2752 Wanarpv6 - ok
16:50:43.0369 2752 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:50:43.0370 2752 Wd - ok
16:50:43.0392 2752 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:50:43.0398 2752 Wdf01000 - ok
16:50:43.0412 2752 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:50:43.0413 2752 WfpLwf - ok
16:50:43.0496 2752 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
16:50:43.0498 2752 WimFltr - ok
16:50:43.0513 2752 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:50:43.0514 2752 WIMMount - ok
16:50:43.0545 2752 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:50:43.0546 2752 WinUsb - ok
16:50:43.0567 2752 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:50:43.0568 2752 WmiAcpi - ok
16:50:43.0581 2752 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:50:43.0582 2752 ws2ifsl - ok
16:50:43.0615 2752 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:50:43.0617 2752 WudfPf - ok
16:50:43.0631 2752 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:50:43.0633 2752 WUDFRd - ok
16:50:43.0655 2752 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:50:43.0659 2752 yukonw7 - ok
16:50:43.0684 2752 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk0\DR0
16:50:43.0935 2752 \Device\Harddisk0\DR0 - ok
16:50:43.0950 2752 Boot (0x1200) (49fe02e8ae77065df26a31a9158c225b) \Device\Harddisk0\DR0\Partition0
16:50:43.0950 2752 \Device\Harddisk0\DR0\Partition0 - ok
16:50:43.0950 2752 Boot (0x1200) (0d933d89757f1752ea991b9dae078551) \Device\Harddisk0\DR0\Partition1
16:50:43.0950 2752 \Device\Harddisk0\DR0\Partition1 - ok
16:50:43.0966 2752 Boot (0x1200) (ae73f0a42f0d7ee3231dd2f929b5739e) \Device\Harddisk0\DR0\Partition2
16:50:43.0966 2752 \Device\Harddisk0\DR0\Partition2 - ok
16:50:43.0981 2752 Boot (0x1200) (ac541a5c39b9362e1f1e503dfdd8ca19) \Device\Harddisk0\DR0\Partition3
16:50:43.0981 2752 \Device\Harddisk0\DR0\Partition3 - ok
16:50:43.0997 2752 Boot (0x1200) (51a0276a482381afcb054317d5697cc0) \Device\Harddisk0\DR0\Partition4
16:50:43.0997 2752 \Device\Harddisk0\DR0\Partition4 - ok
16:50:44.0013 2752 Boot (0x1200) (9d8e1683c1816886c87f8eea86ab12a2) \Device\Harddisk0\DR0\Partition5
16:50:44.0013 2752 \Device\Harddisk0\DR0\Partition5 - ok
16:50:44.0013 2752 ============================================================
16:50:44.0013 2752 Scan finished
16:50:44.0013 2752 ============================================================
16:50:44.0028 3016 Detected object count: 0
16:50:44.0028 3016 Actual detected object count: 0
16:50:56.0504 2900 Deinitialize success


aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-18 17:02:26
-----------------------------
17:02:26.169 OS Version: Windows x64 6.1.7601 Service Pack 1
17:02:26.169 Number of processors: 2 586 0x170A
17:02:26.169 ComputerName: SHUTTLE UserName: sergey
17:02:26.700 Initialize success
17:02:29.258 AVAST engine defs: 12031700
17:02:37.214 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:02:37.214 Disk 0 Vendor: WDC_WD1501FASS-00W2B0 01.00101 Size: 1430799MB BusType: 3
17:02:37.245 Disk 0 MBR read successfully
17:02:37.245 Disk 0 MBR scan
17:02:37.245 Disk 0 unknown MBR code
17:02:37.261 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:02:37.261 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51100 MB offset 206848
17:02:37.277 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 204872 MB offset 104859648
17:02:37.277 Disk 0 Partition - 00 0F Extended LBA 1174725 MB offset 524437504
17:02:37.308 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 512000 MB offset 524439552
17:02:37.308 Disk 0 Partition - 00 05 Extended 600001 MB offset 1573015552
17:02:37.339 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 600000 MB offset 1573017600
17:02:37.339 Disk 0 Partition - 00 05 Extended 62723 MB offset 3850395648
17:02:37.370 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 62722 MB offset 2801819648
17:02:37.401 Disk 0 scanning C:\Windows\system32\drivers
17:03:18.686 Service scanning
17:03:35.017 Modules scanning
17:03:35.021 Disk 0 trace - called modules:
17:03:35.048 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:03:35.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800491a530]
17:03:35.055 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80046d6520]
17:03:35.059 5 ACPI.sys[fffff88000ee77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80044dc060]
17:03:35.943 AVAST engine scan C:\Windows
17:03:48.113 AVAST engine scan C:\Windows\system32
17:04:17.099 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
17:06:41.648 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
17:06:41.695 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
17:06:41.726 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
17:06:41.882 AVAST engine scan C:\Windows\system32\drivers
17:06:54.175 AVAST engine scan C:\Users\sergey
17:13:07.034 AVAST engine scan C:\ProgramData
17:14:12.357 Scan finished successfully
17:14:26.284 Disk 0 MBR has been saved successfully to "E:\Downloads\MBR.dat"
17:14:26.284 The log file has been saved successfully to "E:\Downloads\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 18 March 2012 - 10:33 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

File::
C:\Windows\system32\consrv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 iamphet

iamphet
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 18 March 2012 - 11:09 AM

I do not see any anomalies anymore, everything looks ok now. Thanks vm.

ComboFix.txt:


ComboFix 12-03-16.05 - sergey 18/03/2012 19:38:28.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.1990 [GMT 4:00]
Running from: d:\utils\Combofix\ComboFix.exe
Command switches used :: d:\utils\Combofix\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 16:46 . 2012-03-18 16:47 -------- d-----w- C:\FRST
2012-03-18 15:44 . 2012-03-18 15:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-18 15:44 . 2012-03-18 15:44 -------- d-----w- c:\users\sshd_server\AppData\Local\temp
2012-03-18 15:44 . 2012-03-18 15:44 -------- d-----w- c:\users\sergey\AppData\Local\temp
2012-03-18 15:44 . 2012-03-18 15:44 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-03-18 15:44 . 2012-03-18 15:44 -------- d-----w- c:\users\julia\AppData\Local\temp
2012-03-18 15:44 . 2012-03-18 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 15:44 . 2012-03-18 15:44 -------- d-----w- c:\users\alexey\AppData\Local\temp
2012-03-18 09:22 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19F4755C-1A4C-4A8B-A411-609474B9EF61}\mpengine.dll
2012-03-17 14:49 . 2012-03-17 14:49 23856 ----a-w- c:\windows\system32\drivers\SirefefRemover.sys
2012-03-17 14:08 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-17 14:08 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-17 14:08 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-17 14:03 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-17 14:03 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-17 14:03 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-17 14:03 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 14:03 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-17 14:03 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 14:03 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 14:03 . 2012-03-18 07:21 -------- d-----w- c:\windows\system32\000000000
2012-03-17 14:03 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 14:03 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 14:03 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 14:03 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 13:11 . 2012-03-17 13:11 -------- d-----w- c:\users\sergey\AppData\Local\ElevatedDiagnostics
2012-03-14 03:41 . 2012-03-14 03:41 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-03-14 03:22 . 2012-03-14 03:22 -------- d-----w- c:\windows\system32\Macromed
2012-03-11 16:31 . 2012-03-11 16:31 -------- d-----w- c:\users\sergey\AppData\Roaming\LJ-Sec
2012-03-10 07:36 . 2012-03-10 07:36 -------- d-----w- c:\users\alexey\AppData\Local\CrashRpt
2012-03-09 14:50 . 2012-03-09 14:50 -------- d-----w- c:\users\sergey\AppData\Local\CrashRpt
2012-03-09 14:50 . 2012-03-09 14:50 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
2012-02-25 03:57 . 2012-02-25 03:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-19 14:32 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-19 14:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-19 14:32 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-19 14:32 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-19 14:31 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-19 14:31 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-19 14:31 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:22 . 2011-07-11 16:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-25 03:56 . 2011-04-07 03:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 05:18 . 2009-10-17 05:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-18 02:44 . 2012-01-18 02:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 02:44 . 2012-01-18 02:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 02:44 . 2012-01-18 02:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 02:44 . 2012-01-18 02:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 02:44 . 2012-01-18 02:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 02:44 . 2012-01-18 02:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 02:44 . 2012-01-18 02:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 02:44 . 2012-01-18 02:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 02:44 . 2012-01-18 02:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 02:44 . 2012-01-18 02:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 02:44 . 2012-01-18 02:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 02:44 . 2012-01-18 02:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 02:44 . 2012-01-18 02:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 02:44 . 2012-01-18 02:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_15.20.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-17 15:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-18 07:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-17 15:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 07:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-17 15:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 07:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-17 05:29 . 2012-03-18 12:33 61934 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-18 12:33 52470 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-17 04:50 . 2012-03-18 12:33 27152 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1181007309-1228823779-3126726313-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-03-18 08:17 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-02-19 14:37 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-10-16 19:44 . 2012-03-18 04:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-16 19:44 . 2012-03-17 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-16 19:44 . 2012-03-18 04:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-16 19:44 . 2012-03-17 15:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-17 15:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 04:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-16 19:43 . 2012-03-18 15:44 10794 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-10-16 19:43 . 2012-03-17 15:18 10794 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-03-18 15:45 . 2012-03-18 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 15:19 . 2012-03-17 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 15:19 . 2012-03-17 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-18 15:45 . 2012-03-18 15:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-18 15:45 . 2009-10-06 21:46 131608 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2009-10-17 05:27 . 2012-03-14 04:16 791776 c:\windows\system32\perfh019.dat
+ 2009-10-17 05:27 . 2012-03-18 05:06 791776 c:\windows\system32\perfh019.dat
- 2009-07-14 02:36 . 2012-03-14 04:16 720416 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-18 05:06 720416 c:\windows\system32\perfh009.dat
- 2009-10-17 05:27 . 2012-03-14 04:16 175792 c:\windows\system32\perfc019.dat
+ 2009-10-17 05:27 . 2012-03-18 05:06 175792 c:\windows\system32\perfc019.dat
- 2009-07-14 02:36 . 2012-03-14 04:16 147336 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-18 05:06 147336 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-02-19 14:37 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-18 08:17 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-19 14:37 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-03-18 08:17 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-03-17 15:18 526396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-18 15:45 526396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-14 03:28 . 2012-03-18 07:37 223744 c:\windows\assembly\temp\twl.dll
- 2012-03-14 03:28 . 2012-03-17 14:03 223744 c:\windows\assembly\temp\twl.dll
+ 2011-06-30 18:46 . 2012-03-18 12:10 2549856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1181007309-1228823779-3126726313-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-10-24 611712]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ConnectionCenter"="c:\users\sergey\AppData\Local\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Bonus.SSR.FR10"="d:\design\FineReader 10\Bonus.ScreenshotReader.exe" [2011-06-08 941320]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="d:\design\Adobe Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dyn Updater Tray Icon.lnk - d:\inet\Dyn Updater\DynTray.exe [2011-11-15 78192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SirefefRemover]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-04 135664]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-18 1038088]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Служба Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-04 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 LVUVC64;Logitech Webcam C100(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 61976]
R4 privoxy;Privoxy (privoxy);d:\inet\Privoxy\privoxy.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SirefefRemover;SirefefRemover;c:\windows\system32\Drivers\SirefefRemover.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-02-28 430440]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 Dyn Updater;Dyn Updater;d:\inet\Dyn Updater\DynUpSvc.exe [2011-11-15 95608]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-10-20 341312]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-10-20 67904]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 sshd;CYGWIN sshd;d:\develop\Cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-04 05:49]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-04 05:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 06:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"TortoiseHgOverlayIconServer"="d:\develop\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-01-02 52688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8118
uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: check in my books
IE: Copy to Semagic - d:\inet\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Semagic - d:\inet\Semagic\link.htm
IE: Translate this web page with Babylon - d:\utils\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - d:\utils\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
Trusted Zone: gs.com\access
Trusted Zone: gs.com\emea-login
TCP: DhcpNameServer = 192.168.123.1 192.168.123.1
FF - ProfilePath - c:\users\sergey\AppData\Roaming\Mozilla\Firefox\Profiles\u640ew9s.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1181007309-1228823779-3126726313-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2F753648-D9B5-F3DD-8009-C235DD503B1B}*]
"najkcnflhjenejojbbdgipkbahce"=hex:6a,61,70,64,63,6b,6f,6e,61,6c,6d,6a,65,67,
64,61,61,6c,63,63,00,00
.
[HKEY_USERS\S-1-5-21-1181007309-1228823779-3126726313-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,55,cd,40,96,df,ae,05,1f,e6,07,f0,04,ca,12,cc,08,bb,f9,db,e8,
a4,34,4d,03,9a,b2,0a,0d,9a,d8,24,62,e3,63,a7,6e,ae,ba,2b,f0,ee,0a,bd,59,09,\
"rkeysecu"=hex:69,a2,9d,a4,d6,df,97,e7,be,55,ea,0f,24,cb,d1,bc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\inet\uTorrent\uTorrent.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\develop\Cygwin\usr\sbin\sshd.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-03-18 19:51:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 15:51
ComboFix2.txt 2012-03-18 12:24
.
Pre-Run: 1,617,657,856 bytes free
Post-Run: 1,626,800,128 bytes free
.
- - End Of File - - 099C05A616BBC55E7669465E85134180

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 18 March 2012 - 12:50 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 iamphet

iamphet
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 19 March 2012 - 12:06 AM

Add-Remove Programs.txt:

Update for Microsoft Office 2007 (KB2508958)
"Minimal SYStem 1.0.11"
µTorrent
Карта Москвы MosMap Std v. 3.1
Космические Рейнджеры
1C\Космические Рейнджеры 2
7-Zip 9.20
ABBYY FineReader 10 Professional Edition
ABBYY FineReader 9.0 Professional Edition
AccuHash 2.0
ActivePerl 5.10.1 Build 1006
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.5.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced PDF Password Recovery
Advanced PDF Password Recovery Pro (remove only)
Alice Madness Returns
Alpha Protocol
American McGee's Alice™
And Yet It Moves
Android SDK Tools
Apple Application Support
Apple Software Update
audiosamples
Autodesk 3ds Max 2010 Tutorials Files
Autodesk Backburner 2008.1
AutoIt v3.3.0.0
Avanquest update
avstreamsamples
avstreamtools_ia64fre
avstreamtools_x64fre
avstreamtools_x86fre
Batman: Arkham Asylum GOTY Edition
Batman: Arkham City™ PC
Battleship Chess
biometricsamples
biometrictools_x64fre
biometrictools_x86fre
BioShock
BioShock 2
bluetoothsamples
bluetoothtools_ia64fre
bluetoothtools_x64fre
bluetoothtools_x86fre
buildsamples
buildtools_ia64fre
buildtools_x64fre
buildtools_x86fre
bussamples
calibre
cancelsample
Capsule
CDex - Open Source Digital Audio CD Extractor
chkinftool_x86fre
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Citrix Presentation Server Client - Web Only
Codename Gordon
Cogs
Coil
CollabNet Subversion Client 1.6.6
Command & Conquer™ 4 Tiberian Twilight
Company of Heroes
Company of Heroes: Tales of Valor
Connect
Dark Messiah Might and Magic Multi-Player
Dark Messiah Might and Magic Single Player
Darkspore™
Dead Space™ 2
debugfiles_win7
Deus Ex: Game of the Year Edition
Deus Ex: Invisible War
dfx_ia64fre
dfx_x64fre
dfx_x86fre
DHTML Editing Component
displaysamples
DjVuLibre+DjView
Doc Clock: The Toasted Sandwich of Time
Droplitz
drvtools_ia64fre
drvtools_x64fre
drvtools_x86fre
DSF-KitSetup
dsfsamples
Dual-Core Optimizer
Dyn Updater
EA Installer
EA Shared Game Component: Activation
eCub 1.11
Eufloria
eventsample
evntdrvsample
Exercitia Latina
Familia Romana
FastStone Image Viewer 4.6
ffdshow [rev 2527] [2008-12-19]
Fiction Book Designer
fireflysample
FlatOut
FlatOut 2
FlatOut: Ultimate Carnage
FontFlasher
FontLab BitFonter 3
FontLab Studio 5
foobar2000 v1.1.6
Foxit Reader 5.0
Free Download Manager 3.0
Futuremark SystemInfo
Garmin City Navigator Europe NT 2011.10
Garmin MapSource
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Garmin WebUpdater
Garry's Mod
generalsamples
generaltools_ia64fre
generaltools_x64fre
generaltools_x86fre
GHC 7.0.4
Gish
GoldenDict
GOM Player
Google Планета Земля
Google App Engine
Google Book Downloader
Google Chrome
Google Update Helper
Gothic 3
Gothic II: Gold Edition
GPL Ghostscript 8.70
GribUser Any to FB2 1.0 (remove only)
Grotesque-Tactics 1.0.0.4
GTK+ Runtime 2.14.7 rev a (remove only)
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life®
Half-Life® 2
headers
Hearts of Iron III Sprite Packs
HexEdit
hid_inputsamples
hidsampleinput
hidsamples
Hotfix for Microsoft Document Explorer 2008 (KB953196)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP USB Disk Storage Format Tool
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
HTML Help Workshop
HxD Hex Editor version 1.7.7.0
ICY Hexplorer (remove only)
IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1
ifssamples
imagingtools_ia64fre
imagingtools_x64fre
imagingtools_x86fre
ImgBurn
Indigo Prophecy
infsample_ia64fre
infsample_x64fre
infsample_x86fre
Inno Setup version 5.4.3
InnoIDE 1.0.0.55
installhelp
Instant Mode Support Utility
ioctlsample
Iron Grip: Warlord
irsamples
IsoBuster 2.8.5
ISTool 5.3.0.1
Jade Empire
Java Auto Updater
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 24
Jolly Rover
Junk Mail filter update
Just Another Printer 2.0.0
kuler
Lara Croft and the Guardian of Light
Left 4 Dead 2
libs_ia64fre
libs_x64fre
libs_x86fre
LJ-SecInstall
Machinarium
Magic Extractor 1.9.1
Magic ISO Maker v5.5 (build 0281)
Magicka
Mass Effect
Mass Effect 2
Mass Effect™ 3
Medieval II: Total War
Medieval II: Total War Kingdoms
Mercurial 1.4.2
Mercury 11.07.1
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Compatibility Toolkit 5.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Russian) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Обновление (KB963678)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Russian) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (Russian) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (Russian) 2007
Microsoft Office Language Pack 2007 - Russian/русский
Microsoft Office Live Add-in 1.5
Microsoft Office O MUI (Russian) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Russian) 2007
Microsoft Office Outlook 2007 Help Обновление (KB963677)
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Russian) 2007
Microsoft Office Powerpoint 2007 Help Обновление (KB963669)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Russian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Russian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Russian) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Russian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer MUI (Russian) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio Language Pack 2007 - Russian/русский
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio MUI (Russian) 2007
Microsoft Office Visio Professional 2007
Microsoft Office VisMUI (Russian) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word 2007 Help Обновление (KB963665)
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Russian) 2007
Microsoft Office X MUI (Russian) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server System CLR Types
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows Driver Kit 7.1.0.7600
Microsoft Windows Driver Kit Documentation 7600.091201
Microsoft XNA Framework Redistributable 3.1
MiKTeX 2.8
MinGW-Get version 0.1-alpha-4
MinGW 5.1.6
modemtools
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
Mount and Blade: Warband
Mozilla Firefox 7.0.1 (x86 en-US)
Mp3tag v2.48
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
myBase Desktop 5.3
networklibraries_ia64fre
networklibraries_x64fre
networklibraries_x86fre
networksamples
NTFS Undelete v0.94
NTFSUndelete 3.0.2.110
NVIDIA PhysX
oacr_x86fre
offreg_ia64fre
offreg_x64fre
offreg_x86fre
OpenAL
OpenOffice.org 3.2
Orca
Origin
Osmos
Overlord
Overlord - Raising Hell
Overlord II
pcidrvsample
PCStitch Pro 9
Pdf editor (Qt4 version)
PDF Settings CS4
PDFlite (remove only)
pdfsam
Peggle Extreme
pfd_ia64fre
pfd_x64fre
pfd_x86fre
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
Plants vs Zombies
PLT Scheme v4.2.3
pMetro 1.29
pnpportssample
pnptools_ia64fre
pnptools_x64fre
pnptools_x86fre
Portal
Portal 2
Portal 2 Authoring Tools - Beta
portiosample
powermanagement_ia64fre
powermanagement_x64fre
powermanagement_x86fre
printsamples
printtools_ia64fre
printtools_x64fre
printtools_x86fre
PunkBuster Services
Puzzle Agent
Puzzle Dimension
Python 2.6 pyclewn-1.2
Python 2.7 matplotlib-1.1.0
Python 2.7 numpy-1.6.1
Python 2.7 pyclewn-1.7.py2
Python 2.7 pywin32-216
Python 2.7 scipy-0.10.0
Python 2.7 Shapely-1.2.14
Python 3.2 matplotlib-1.2.x
Python 3.2 numpy-1.6.1
Python 3.2 pygame-1.9.2a0
Python 3.2 scipy-0.10.0
Python 3.2.1
Qualcomm Gobi 2000 PC Software SDK
QuantLibXL-bin 1.1.0 (remove only)
QuickTime
R-Studio 4.5
Racket v5.1.3
RAD Video Tools
Reader Library by Sony
readme
Realterm 2.0.0.57
Recettear: An Item Shop's Tale
Ricochet Infinity
Rome: Total War Alexander
Rome: Total War Gold
Sacrifice
Scan Tailor
sdv
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2553010)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Semagic (remove only)
sensorsamples
setupsamples
setuptools_ia64fre
setuptools_x64fre
setuptools_x86fre
Shatter
sideshowsamples
Sigil 0.4.2
SiN 1
SiN 1 Multiplayer
SiN Episodes: Emergence
Skype Toolbars
Skype™ 4.2
smartcardsamples
SMPlayer 0.6.8
Source SDK
Source SDK Base
Source SDK Base - Orange Box
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPORE™ Galactic Adventures
Spy Studio 1.0.1
Stamina 2.5
Starcraft
StarCraft II
StarDict (remove only)
Steam
storagesamples
streammediasamples
Suite Shared Configuration CS4
SuperTux 0.3.3
Supreme Commander 2
swtuner
System Requirements Lab
The Ball
The Chronicles of Riddick: Assault on Dark Athena
The Elder Scrolls III: Morrowind
The Elder Scrolls IV: Oblivion
The Ur-Quan Masters 0.7.0
The Witcher 2
The Witcher: Enhanced Edition
Tidalis
Tinker
Titan Quest
Titan Quest: Immortal Throne
toastermetadatapackagesample
toastersample
toolindex
tools_ia64fre
tools_x64fre
tools_x86fre
Total War: SHOGUN 2
tracingtool_ia64fre
tracingtool_x64fre
tracingtool_x86fre
TransType Pro
UltraISO Premium V9.36
umdfsamples
Universe Sandbox
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (KB2596560)
usbsamples
VC Runtimes MSI
vistalibs_ia64fre
vistalibs_x64fre
vistalibs_x86fre
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
VVVVVV
Warhammer 40,000: Dawn of War Gold Edition
Warhammer 40,000: Dawn of War – Dark Crusade
WarhammerВ® 40,000в„ў: Dawn of WarВ® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
wcoinstallers
wdftools_ia64fre
wdftools_x64fre
wdftools_x86fre
WhereIsIt? 3.97
WinDirStat 1.1.2
WinDjView 1.0.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows SDK Intellidocs
WinRAR archiver
wmisamples
wnetlibs_ia64fre
wnetlibs_x64fre
wnetlibs_x86fre
World of Goo
Worms Reloaded
wpdsamples
wpdtools_ia64fre
wpdtools_x64fre
wpdtools_x86fre
wsdtool_ia64fre
wsdtool_x64fre
wsdtool_x86fre
wxplibs_x86fre
Zeno Clash
Zeno Clash Models
«Мастер настройки Услуги "СТРИМ ТВ на ПК"»

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 19 March 2012 - 11:21 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 9.5.0
Java™ SE Development Kit 6 Update 24
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 iamphet

iamphet
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 20 March 2012 - 11:54 AM

Everything seems ok

hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:54:18, on 20/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
d:\Develop\Cygwin\bin\cygrunsrv.exe
D:\Develop\Cygwin\usr\sbin\sshd.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
D:\Inet\Dyn Updater\DynTray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Users\sergey\AppData\Local\Citrix\ICA Client\concentr.exe
C:\Users\sergey\AppData\Local\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Utils\Far\Far.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Utils\Far\Far.exe
D:\Utils\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Inet\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Users\sergey\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "D:\Design\FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "d:\Utils\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] d:\Utils\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-21-1181007309-1228823779-3126726313-1011\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'sshd_server')
O4 - HKUS\S-1-5-21-1181007309-1228823779-3126726313-1011\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'sshd_server')
O4 - HKUS\S-1-5-21-1181007309-1228823779-3126726313-1025\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1181007309-1228823779-3126726313-1025\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Dyn Updater Tray Icon.lnk = D:\Inet\Dyn Updater\DynTray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Copy to Semagic - d:\Inet\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - d:\Inet\Semagic\link.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Utils\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://D:\Utils\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dyn Updater - Dyn, Inc. - d:\Inet\Dyn Updater\DynUpSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Neo?aa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - d:\Utils\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - d:\Develop\Cygwin\bin\cygrunsrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13229 bytes


mbam-log-2012-03-20 (08-42-34).txt:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sergey :: SHUTTLE [administrator]

Protection: Enabled

20/03/2012 08:42:34
mbam-log-2012-03-20 (08-42-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297130
Time elapsed: 3 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINUPDATE.LNK (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 20 March 2012 - 01:14 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Bonus.SSR.FR10] "D:\Design\FineReader 10\Bonus.ScreenshotReader.exe" /autorun
      O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKUS\S-1-5-21-1181007309-1228823779-3126726313-1011\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'sshd_server')
      O4 - HKUS\S-1-5-21-1181007309-1228823779-3126726313-1011\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'sshd_server')
      O4 - HKUS\S-1-5-21-1181007309-1228823779-3126726313-1025\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1181007309-1228823779-3126726313-1025\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:45 PM

Posted 22 March 2012 - 11:40 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users