Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google is redirecting


  • This topic is locked This topic is locked
18 replies to this topic

#1 jastin

jastin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 03 April 2012 - 08:39 AM

My computer shut down out of the blue. Upon restarting, I had a program called ping.exe in my task manager using up my cpu resources. It also randomly played music. I know it was ping.exe playing the music because I saw it in my audio mixer.
I have run a full malwarebytes anti-malware scan and ESET online virus scanner. I used a tool to delete all my temporary files as well. After running tdsskiller, my google searches are still being redirected. Basically when I click a search result, it gets redirected to another random site. This is the only problem I am currently facing. Thanks in advance.
I typically have lavasoft ad-aware and malwarebytes' protection module enabled.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Jastin at 9:27:46 on 2012-04-03
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6142.3991 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Jastin\AppData\Local\Apps\2.0\M0W8Q8XK.1N3\JV07JPH4.1G8\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ASRockOCTuner]
uRun: [ASRockIES]
uRun: [zASRockInstantBoot]
uRun: [QuickGammaLoader] C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe
uRun: [QuickGammaResume]
uRun: [Google Update] "C:\Users\Jastin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [F.lux] "C:\Users\Jastin\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Jastin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{09DF474A-EDD7-4B38-ABEC-119908257388} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{65CCB9FE-7C2A-4389-84CB-07307C5B22A2} : DhcpNameServer = 192.168.1.1 206.46.230.148
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jastin\AppData\Roaming\Mozilla\Firefox\Profiles\ngeawjil.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Jastin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jastin\AppData\Roaming\Mozilla\Firefox\Profiles\ngeawjil.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SscRdBus;Virtual bus device (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdBus.sys --> C:\Windows\system32\DRIVERS\SscRdBus.sys [?]
R0 SscRdCls;RAM Disk (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdCls.sys --> C:\Windows\system32\DRIVERS\SscRdCls.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-7-12 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-2-2 652360]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17152]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-22 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-22 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-4-22 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys --> C:\Windows\system32\DRIVERS\s0016nd5.sys [?]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-31 15:35:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-31 14:44:06 -------- d-----w- C:\Users\Jastin\AppData\Roaming\Ad-Aware Antivirus
2012-03-28 13:40:20 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-28 13:39:13 -------- d-----we C:\Windows\system64
2012-03-24 05:13:56 -------- d-----w- C:\Program Files (x86)\Audacity
2012-03-17 17:54:33 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:54:33 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 23:23:29 -------- d-----w- C:\Users\Jastin\AppData\Roaming\vexorian
2012-03-13 23:08:26 129784 ------w- C:\Windows\SysWow64\pxafs.dll
2012-03-13 20:19:52 -------- d-----w- C:\jtv
2012-03-13 17:51:36 -------- d-----w- C:\Users\Jastin\AppData\Local\SplitMediaLabs
2012-03-07 14:03:12 -------- d-----w- C:\Swsetup
2012-03-07 13:58:07 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-07 13:53:11 -------- d-----w- C:\AMD
2012-03-07 13:21:50 -------- d-----w- C:\Program Files (x86)\Geeks3D
2012-03-07 13:02:26 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
.
==================== Find3M ====================
.
2012-03-01 02:20:36 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-09 17:34:29 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2012-01-09 17:34:26 2851328 ----a-w- C:\Windows\System32\themeui.dll
2012-01-09 17:34:24 44544 ----a-w- C:\Windows\System32\themeservice.dll
.
============= FINISH: 9:28:41.36 ===============

Attached Files


Edited by jastin, 03 April 2012 - 08:41 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 04 April 2012 - 05:14 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jastin

jastin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 04 April 2012 - 06:07 AM

Google searches are no longer redirecting after running combofix and testing for a few minutes.

My malwarebytes anti-malware keeps popping up saying:
Successfully blocked access to a potentially malicious website: 63.223.106.17
Type: outgoing
Port: 50320, Process: ping.exe

ComboFix 12-04-04.01 - Jastin 04/04/2012 6:41.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6142.3204 [GMT -4:00]
Running from: c:\users\Jastin\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jastin\AppData\Roaming\inst.exe
c:\users\Jastin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Jastin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\users\Jastin\AppData\Roaming\vso_ts_preview.xml
c:\users\Jastin\zsnesw.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-03-31 15:35 . 2012-04-03 13:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-31 14:44 . 2012-03-31 14:44 -------- d-----w- c:\users\Jastin\AppData\Roaming\Ad-Aware Antivirus
2012-03-24 05:14 . 2012-03-24 05:17 -------- d-----w- c:\users\Jastin\AppData\Roaming\Audacity
2012-03-24 05:13 . 2012-03-24 05:13 -------- d-----w- c:\program files (x86)\Audacity
2012-03-21 19:29 . 2012-03-21 21:04 -------- d-----w- c:\users\test\AppData\Roaming\Winamp
2012-03-17 17:54 . 2012-03-17 17:54 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:54 . 2012-03-17 17:54 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 23:23 . 2012-03-13 23:27 -------- d-----w- c:\users\Jastin\AppData\Roaming\vexorian
2012-03-13 23:08 . 2007-03-07 23:51 129784 ------w- c:\windows\SysWow64\pxafs.dll
2012-03-13 23:08 . 2012-03-15 17:19 -------- d-----w- c:\users\Jastin\AppData\Roaming\Winamp
2012-03-13 20:19 . 2012-03-29 07:38 -------- d-----w- C:\jtv
2012-03-13 17:51 . 2012-03-13 17:51 -------- d-----w- c:\users\Jastin\AppData\Local\SplitMediaLabs
2012-03-07 19:57 . 2012-03-07 19:58 -------- d-----w- c:\users\test\AppData\Roaming\Rainmeter
2012-03-07 19:34 . 2012-03-07 19:34 -------- d-----w- c:\users\test\AppData\Local\Mozilla
2012-03-07 14:03 . 2012-03-07 14:03 -------- d-----w- C:\Swsetup
2012-03-07 13:58 . 2012-03-07 13:58 -------- d-----w- c:\programdata\ATI
2012-03-07 13:58 . 2012-03-07 13:58 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-07 13:53 . 2012-03-07 13:53 -------- d-----w- C:\AMD
2012-03-07 13:21 . 2012-03-07 13:21 -------- d-----w- c:\program files (x86)\Geeks3D
2012-03-07 13:02 . 2011-09-21 15:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 02:20 . 2011-08-17 20:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-09 17:34 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-01-09 17:34 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2012-01-09 17:34 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"QuickGammaLoader"="c:\program files (x86)\QuickGamma\QuickGammaLoader.exe" [2011-03-11 100352]
"F.lux"="c:\users\Jastin\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2007-10-10 36352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2009-10-08 232960]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2011-02-08 63360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
.
c:\users\Jastin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-7-14 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
R3 ALSysIO;ALSysIO;c:\users\Jastin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\Jastin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-22 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-22 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-04-22 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Jastin\AppData\Local\Temp\GPU-Z.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-10 17152]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\DRIVERS\SscRdBus.sys [x]
S0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\DRIVERS\SscRdCls.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505782071-1268228956-3274249183-1000Core.job
- c:\users\Jastin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 04:28]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505782071-1268228956-3274249183-1000UA.job
- c:\users\Jastin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 04:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1609296]
"combofix"="c:\combofix\CF30664.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aec
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jastin\AppData\Roaming\Mozilla\Firefox\Profiles\ngeawjil.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockOCTuner - (no file)
Wow6432Node-HKCU-Run-ASRockIES - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-QuickGammaResume - (no file)
SafeBoot-05401293.sys
SafeBoot-17114706.sys
SafeBoot-20359025.sys
SafeBoot-57684245.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3505782071-1268228956-3274249183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Razer\Lycosa\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Winamp\winamp.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-04-04 07:00:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 11:00
.
Pre-Run: 186,336,919,552 bytes free
Post-Run: 185,211,686,912 bytes free
.
- - End Of File - - 60AAFA90E26E3A77850EC39587C21672

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 04 April 2012 - 07:43 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jastin

jastin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 05 April 2012 - 10:58 AM

Thanks for the reply.
System would not restart after tdsskiller was run. Fixed by using system restore.
Google searches once again being redirected. Logs:

10:39:56.0406 7652 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
10:39:56.0603 7652 ============================================================
10:39:56.0603 7652 Current date / time: 2012/04/05 10:39:56.0603
10:39:56.0603 7652 SystemInfo:
10:39:56.0603 7652
10:39:56.0603 7652 OS Version: 6.1.7600 ServicePack: 0.0
10:39:56.0603 7652 Product type: Workstation
10:39:56.0603 7652 ComputerName: JASTIN-PC
10:39:56.0603 7652 UserName: Jastin
10:39:56.0603 7652 Windows directory: C:\Windows
10:39:56.0603 7652 System windows directory: C:\Windows
10:39:56.0603 7652 Running under WOW64
10:39:56.0603 7652 Processor architecture: Intel x64
10:39:56.0603 7652 Number of processors: 8
10:39:56.0603 7652 Page size: 0x1000
10:39:56.0603 7652 Boot type: Normal boot
10:39:56.0603 7652 ============================================================
10:39:57.0503 7652 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:39:57.0506 7652 \Device\Harddisk0\DR0:
10:39:57.0506 7652 MBR used
10:39:57.0506 7652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:39:57.0506 7652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
10:39:57.0524 7652 Initialize success
10:39:57.0524 7652 ============================================================
10:39:58.0577 10788 ============================================================
10:39:58.0577 10788 Scan started
10:39:58.0577 10788 Mode: Manual;
10:39:58.0577 10788 ============================================================
10:39:59.0830 10788 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:39:59.0832 10788 1394ohci - ok
10:39:59.0864 10788 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:39:59.0867 10788 ACPI - ok
10:39:59.0884 10788 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:39:59.0885 10788 AcpiPmi - ok
10:39:59.0907 10788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:39:59.0912 10788 adp94xx - ok
10:39:59.0937 10788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:39:59.0940 10788 adpahci - ok
10:39:59.0952 10788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:39:59.0954 10788 adpu320 - ok
10:39:59.0982 10788 aec (5f22132c9153639762708909f156b33d) C:\Windows\system32\cpsvc.dll
10:39:59.0983 10788 aec ( Backdoor.Multi.ZAccess.gen ) - infected
10:39:59.0983 10788 aec - detected Backdoor.Multi.ZAccess.gen (0)
10:40:00.0007 10788 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:40:00.0008 10788 AeLookupSvc - ok
10:40:00.0039 10788 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
10:40:00.0043 10788 AFD - ok
10:40:00.0055 10788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:40:00.0056 10788 agp440 - ok
10:40:00.0072 10788 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:40:00.0073 10788 ALG - ok
10:40:00.0090 10788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:40:00.0091 10788 aliide - ok
10:40:00.0148 10788 ALSysIO - ok
10:40:00.0187 10788 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
10:40:00.0190 10788 AMD External Events Utility - ok
10:40:00.0202 10788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:40:00.0203 10788 amdide - ok
10:40:00.0220 10788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:40:00.0221 10788 AmdK8 - ok
10:40:00.0413 10788 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
10:40:00.0574 10788 amdkmdag - ok
10:40:00.0591 10788 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
10:40:00.0594 10788 amdkmdap - ok
10:40:00.0606 10788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:40:00.0607 10788 AmdPPM - ok
10:40:00.0627 10788 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
10:40:00.0628 10788 amdsata - ok
10:40:00.0654 10788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:40:00.0656 10788 amdsbs - ok
10:40:00.0668 10788 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
10:40:00.0669 10788 amdxata - ok
10:40:00.0685 10788 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:40:00.0686 10788 AppID - ok
10:40:00.0730 10788 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:40:00.0749 10788 AppIDSvc - ok
10:40:00.0806 10788 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
10:40:00.0807 10788 Appinfo - ok
10:40:00.0886 10788 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:40:00.0887 10788 Apple Mobile Device - ok
10:40:00.0909 10788 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:40:00.0911 10788 AppMgmt - ok
10:40:00.0923 10788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:40:00.0924 10788 arc - ok
10:40:00.0932 10788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:40:00.0933 10788 arcsas - ok
10:40:00.0986 10788 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:40:00.0986 10788 aspnet_state - ok
10:40:01.0009 10788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:01.0010 10788 AsyncMac - ok
10:40:01.0022 10788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:40:01.0022 10788 atapi - ok
10:40:01.0061 10788 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
10:40:01.0062 10788 AtiHDAudioService - ok
10:40:01.0091 10788 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
10:40:01.0092 10788 AtiHdmiService - ok
10:40:01.0287 10788 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
10:40:01.0327 10788 atikmdag - ok
10:40:01.0369 10788 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:40:01.0375 10788 AudioEndpointBuilder - ok
10:40:01.0382 10788 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:40:01.0385 10788 AudioSrv - ok
10:40:01.0402 10788 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
10:40:01.0403 10788 AxInstSV - ok
10:40:01.0428 10788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:40:01.0433 10788 b06bdrv - ok
10:40:01.0462 10788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:40:01.0465 10788 b57nd60a - ok
10:40:01.0479 10788 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:40:01.0481 10788 BDESVC - ok
10:40:01.0494 10788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:40:01.0495 10788 Beep - ok
10:40:01.0534 10788 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
10:40:01.0540 10788 BFE - ok
10:40:01.0570 10788 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
10:40:01.0578 10788 BITS - ok
10:40:01.0592 10788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:01.0593 10788 blbdrive - ok
10:40:01.0666 10788 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
10:40:01.0670 10788 Bonjour Service - ok
10:40:01.0687 10788 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
10:40:01.0688 10788 bowser - ok
10:40:01.0699 10788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:40:01.0700 10788 BrFiltLo - ok
10:40:01.0716 10788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:40:01.0717 10788 BrFiltUp - ok
10:40:01.0752 10788 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:40:01.0754 10788 BridgeMP - ok
10:40:01.0765 10788 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
10:40:01.0766 10788 Browser - ok
10:40:01.0782 10788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:40:01.0784 10788 Brserid - ok
10:40:01.0794 10788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:01.0794 10788 BrSerWdm - ok
10:40:01.0811 10788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:01.0811 10788 BrUsbMdm - ok
10:40:01.0824 10788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:01.0824 10788 BrUsbSer - ok
10:40:01.0836 10788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:40:01.0837 10788 BTHMODEM - ok
10:40:01.0852 10788 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:40:01.0853 10788 bthserv - ok
10:40:01.0873 10788 catchme - ok
10:40:01.0894 10788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:40:01.0895 10788 cdfs - ok
10:40:01.0913 10788 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:40:01.0915 10788 cdrom - ok
10:40:01.0935 10788 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:40:01.0936 10788 CertPropSvc - ok
10:40:01.0949 10788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:40:01.0950 10788 circlass - ok
10:40:01.0970 10788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:40:01.0974 10788 CLFS - ok
10:40:02.0021 10788 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:02.0022 10788 clr_optimization_v2.0.50727_32 - ok
10:40:02.0059 10788 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:40:02.0060 10788 clr_optimization_v2.0.50727_64 - ok
10:40:02.0122 10788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:02.0134 10788 clr_optimization_v4.0.30319_32 - ok
10:40:02.0156 10788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:40:02.0157 10788 clr_optimization_v4.0.30319_64 - ok
10:40:02.0172 10788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:40:02.0173 10788 CmBatt - ok
10:40:02.0186 10788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:40:02.0186 10788 cmdide - ok
10:40:02.0207 10788 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
10:40:02.0210 10788 CNG - ok
10:40:02.0227 10788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:40:02.0228 10788 Compbatt - ok
10:40:02.0241 10788 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:40:02.0242 10788 CompositeBus - ok
10:40:02.0247 10788 COMSysApp - ok
10:40:02.0298 10788 cpuz130 - ok
10:40:02.0363 10788 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
10:40:02.0364 10788 cpuz132 - ok
10:40:02.0397 10788 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
10:40:02.0398 10788 cpuz135 - ok
10:40:02.0409 10788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:40:02.0410 10788 crcdisk - ok
10:40:02.0474 10788 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
10:40:02.0475 10788 Creative ALchemy AL6 Licensing Service - ok
10:40:02.0496 10788 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
10:40:02.0497 10788 Creative Audio Engine Licensing Service - ok
10:40:02.0519 10788 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
10:40:02.0520 10788 Creative Media Toolbox 6 Licensing Service - ok
10:40:02.0551 10788 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
10:40:02.0553 10788 CryptSvc - ok
10:40:02.0583 10788 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
10:40:02.0587 10788 CSC - ok
10:40:02.0609 10788 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
10:40:02.0615 10788 CscService - ok
10:40:02.0659 10788 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
10:40:02.0661 10788 CT20XUT - ok
10:40:02.0668 10788 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
10:40:02.0669 10788 CT20XUT.SYS - ok
10:40:02.0704 10788 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
10:40:02.0709 10788 ctac32k - ok
10:40:02.0736 10788 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
10:40:02.0743 10788 ctaud2k - ok
10:40:02.0778 10788 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
10:40:02.0781 10788 CTAudSvcService - ok
10:40:02.0811 10788 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
10:40:02.0824 10788 CTEXFIFX - ok
10:40:02.0852 10788 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
10:40:02.0858 10788 CTEXFIFX.SYS - ok
10:40:02.0878 10788 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
10:40:02.0879 10788 CTHWIUT - ok
10:40:02.0886 10788 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
10:40:02.0887 10788 CTHWIUT.SYS - ok
10:40:02.0898 10788 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
10:40:02.0899 10788 ctprxy2k - ok
10:40:02.0915 10788 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
10:40:02.0916 10788 ctsfm2k - ok
10:40:02.0942 10788 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
10:40:02.0942 10788 danewFltr - ok
10:40:02.0977 10788 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:40:02.0982 10788 DcomLaunch - ok
10:40:03.0008 10788 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:40:03.0011 10788 defragsvc - ok
10:40:03.0037 10788 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
10:40:03.0038 10788 DfsC - ok
10:40:03.0067 10788 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
10:40:03.0071 10788 Dhcp - ok
10:40:03.0083 10788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:40:03.0084 10788 discache - ok
10:40:03.0108 10788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:40:03.0109 10788 Disk - ok
10:40:03.0116 10788 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
10:40:03.0119 10788 Dnscache - ok
10:40:03.0137 10788 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
10:40:03.0140 10788 dot3svc - ok
10:40:03.0150 10788 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
10:40:03.0152 10788 DPS - ok
10:40:03.0177 10788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:40:03.0177 10788 drmkaud - ok
10:40:03.0202 10788 dump_wmimmc - ok
10:40:03.0233 10788 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:40:03.0242 10788 DXGKrnl - ok
10:40:03.0254 10788 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:40:03.0255 10788 EapHost - ok
10:40:03.0317 10788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:40:03.0362 10788 ebdrv - ok
10:40:03.0385 10788 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
10:40:03.0386 10788 EFS - ok
10:40:03.0420 10788 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
10:40:03.0427 10788 ehRecvr - ok
10:40:03.0451 10788 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:40:03.0453 10788 ehSched - ok
10:40:03.0477 10788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:40:03.0482 10788 elxstor - ok
10:40:03.0502 10788 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
10:40:03.0503 10788 emupia - ok
10:40:03.0518 10788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:40:03.0519 10788 ErrDev - ok
10:40:03.0541 10788 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:40:03.0545 10788 EventSystem - ok
10:40:03.0562 10788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:40:03.0564 10788 exfat - ok
10:40:03.0582 10788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:40:03.0583 10788 fastfat - ok
10:40:03.0618 10788 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
10:40:03.0624 10788 Fax - ok
10:40:03.0634 10788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:40:03.0635 10788 fdc - ok
10:40:03.0648 10788 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:40:03.0649 10788 fdPHost - ok
10:40:03.0662 10788 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:40:03.0663 10788 FDResPub - ok
10:40:03.0674 10788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:40:03.0675 10788 FileInfo - ok
10:40:03.0687 10788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:40:03.0688 10788 Filetrace - ok
10:40:03.0704 10788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:40:03.0705 10788 flpydisk - ok
10:40:03.0722 10788 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:40:03.0725 10788 FltMgr - ok
10:40:03.0759 10788 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
10:40:03.0770 10788 FontCache - ok
10:40:03.0828 10788 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:40:03.0829 10788 FontCache3.0.0.0 - ok
10:40:03.0842 10788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:40:03.0843 10788 FsDepends - ok
10:40:03.0853 10788 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:40:03.0853 10788 Fs_Rec - ok
10:40:03.0892 10788 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:40:03.0894 10788 fvevol - ok
10:40:03.0915 10788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:40:03.0916 10788 gagp30kx - ok
10:40:03.0947 10788 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:40:03.0948 10788 GEARAspiWDM - ok
10:40:03.0978 10788 GGSAFERDriver - ok
10:40:03.0999 10788 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
10:40:04.0006 10788 gpsvc - ok
10:40:04.0073 10788 GPU-Z - ok
10:40:04.0121 10788 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
10:40:04.0135 10788 ha20x22k - ok
10:40:04.0191 10788 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
10:40:04.0206 10788 ha20x2k - ok
10:40:04.0235 10788 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
10:40:04.0236 10788 hamachi - ok
10:40:04.0323 10788 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
10:40:04.0360 10788 Hamachi2Svc - ok
10:40:04.0378 10788 hasplms - ok
10:40:04.0397 10788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:40:04.0398 10788 hcw85cir - ok
10:40:04.0423 10788 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:40:04.0427 10788 HdAudAddService - ok
10:40:04.0441 10788 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:40:04.0443 10788 HDAudBus - ok
10:40:04.0454 10788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:40:04.0455 10788 HidBatt - ok
10:40:04.0461 10788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:40:04.0462 10788 HidBth - ok
10:40:04.0468 10788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:40:04.0469 10788 HidIr - ok
10:40:04.0490 10788 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:40:04.0491 10788 hidserv - ok
10:40:04.0510 10788 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:40:04.0511 10788 HidUsb - ok
10:40:04.0527 10788 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
10:40:04.0529 10788 hkmsvc - ok
10:40:04.0540 10788 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
10:40:04.0542 10788 HomeGroupListener - ok
10:40:04.0565 10788 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
10:40:04.0567 10788 HomeGroupProvider - ok
10:40:04.0575 10788 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:40:04.0576 10788 HpSAMD - ok
10:40:04.0607 10788 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:40:04.0614 10788 HTTP - ok
10:40:04.0625 10788 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:40:04.0625 10788 hwpolicy - ok
10:40:04.0648 10788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:40:04.0650 10788 i8042prt - ok
10:40:04.0671 10788 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
10:40:04.0675 10788 iaStorV - ok
10:40:04.0733 10788 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:40:04.0734 10788 IDriverT - ok
10:40:04.0772 10788 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:40:04.0780 10788 idsvc - ok
10:40:04.0800 10788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:40:04.0801 10788 iirsp - ok
10:40:04.0830 10788 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
10:40:04.0837 10788 IKEEXT - ok
10:40:04.0902 10788 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
10:40:04.0931 10788 IntcAzAudAddService - ok
10:40:04.0940 10788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:40:04.0941 10788 intelide - ok
10:40:04.0957 10788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:40:04.0958 10788 intelppm - ok
10:40:04.0967 10788 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:40:04.0969 10788 IPBusEnum - ok
10:40:04.0988 10788 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:04.0989 10788 IpFilterDriver - ok
10:40:05.0040 10788 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
10:40:05.0045 10788 iphlpsvc - ok
10:40:05.0058 10788 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:40:05.0059 10788 IPMIDRV - ok
10:40:05.0068 10788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:40:05.0070 10788 IPNAT - ok
10:40:05.0117 10788 iPod Service (81826a13598a7feaa9e391190e9b539a) C:\Program Files\iPod\bin\iPodService.exe
10:40:05.0125 10788 iPod Service - ok
10:40:05.0146 10788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:40:05.0147 10788 IRENUM - ok
10:40:05.0162 10788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:40:05.0163 10788 isapnp - ok
10:40:05.0180 10788 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:40:05.0182 10788 iScsiPrt - ok
10:40:05.0208 10788 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
10:40:05.0208 10788 JRAID - ok
10:40:05.0221 10788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:40:05.0222 10788 kbdclass - ok
10:40:05.0244 10788 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:40:05.0245 10788 kbdhid - ok
10:40:05.0260 10788 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:40:05.0261 10788 KeyIso - ok
10:40:05.0271 10788 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
10:40:05.0272 10788 KSecDD - ok
10:40:05.0294 10788 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
10:40:05.0295 10788 KSecPkg - ok
10:40:05.0308 10788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:40:05.0308 10788 ksthunk - ok
10:40:05.0369 10788 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:40:05.0373 10788 KtmRm - ok
10:40:05.0403 10788 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
10:40:05.0406 10788 LanmanServer - ok
10:40:05.0428 10788 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
10:40:05.0430 10788 LanmanWorkstation - ok
10:40:05.0508 10788 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
10:40:05.0535 10788 Lavasoft Ad-Aware Service - ok
10:40:05.0560 10788 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
10:40:05.0561 10788 Lavasoft Kernexplorer - ok
10:40:05.0589 10788 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
10:40:05.0590 10788 Lbd - ok
10:40:05.0643 10788 LBTServ (7447f069ce66633dafa0b2deee7af5ba) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:40:05.0646 10788 LBTServ - ok
10:40:05.0697 10788 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:40:05.0698 10788 LHidFilt - ok
10:40:05.0715 10788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:40:05.0716 10788 lltdio - ok
10:40:05.0734 10788 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:40:05.0738 10788 lltdsvc - ok
10:40:05.0750 10788 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:40:05.0751 10788 lmhosts - ok
10:40:05.0769 10788 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:40:05.0770 10788 LMouFilt - ok
10:40:05.0791 10788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:40:05.0793 10788 LSI_FC - ok
10:40:05.0806 10788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:40:05.0882 10788 LSI_SAS - ok
10:40:05.0950 10788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:40:05.0951 10788 LSI_SAS2 - ok
10:40:05.0958 10788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:40:05.0959 10788 LSI_SCSI - ok
10:40:05.0986 10788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:40:05.0987 10788 luafv - ok
10:40:06.0014 10788 Lycosa (aecc49af0ac3368027573a5d2f9de351) C:\Windows\system32\drivers\Lycosa.sys
10:40:06.0015 10788 Lycosa - ok
10:40:06.0074 10788 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:40:06.0074 10788 MBAMProtector - ok
10:40:06.0118 10788 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:40:06.0124 10788 MBAMService - ok
10:40:06.0144 10788 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
10:40:06.0146 10788 Mcx2Svc - ok
10:40:06.0155 10788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:40:06.0156 10788 megasas - ok
10:40:06.0176 10788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:40:06.0179 10788 MegaSR - ok
10:40:06.0190 10788 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:40:06.0192 10788 MMCSS - ok
10:40:06.0205 10788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:40:06.0205 10788 Modem - ok
10:40:06.0244 10788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:40:06.0244 10788 monitor - ok
10:40:06.0269 10788 MotioninJoyXFilter (5fec1ff5bb9a1fa5c9cf4544d19d6d5d) C:\Windows\system32\DRIVERS\MijXfilt.sys
10:40:06.0271 10788 MotioninJoyXFilter - ok
10:40:06.0288 10788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:40:06.0289 10788 mouclass - ok
10:40:06.0303 10788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:40:06.0304 10788 mouhid - ok
10:40:06.0316 10788 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:40:06.0317 10788 mountmgr - ok
10:40:06.0325 10788 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:40:06.0326 10788 mpio - ok
10:40:06.0337 10788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:40:06.0338 10788 mpsdrv - ok
10:40:06.0379 10788 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
10:40:06.0387 10788 MpsSvc - ok
10:40:06.0406 10788 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:40:06.0408 10788 MRxDAV - ok
10:40:06.0431 10788 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:06.0432 10788 mrxsmb - ok
10:40:06.0451 10788 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:06.0454 10788 mrxsmb10 - ok
10:40:06.0476 10788 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:06.0477 10788 mrxsmb20 - ok
10:40:06.0503 10788 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:40:06.0503 10788 msahci - ok
10:40:06.0519 10788 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:40:06.0521 10788 msdsm - ok
10:40:06.0542 10788 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:40:06.0544 10788 MSDTC - ok
10:40:06.0572 10788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:40:06.0572 10788 Msfs - ok
10:40:06.0585 10788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:40:06.0586 10788 mshidkmdf - ok
10:40:06.0600 10788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:40:06.0600 10788 msisadrv - ok
10:40:06.0627 10788 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:40:06.0629 10788 MSiSCSI - ok
10:40:06.0635 10788 msiserver - ok
10:40:06.0664 10788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:40:06.0665 10788 MSKSSRV - ok
10:40:06.0680 10788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:06.0681 10788 MSPCLOCK - ok
10:40:06.0694 10788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:40:06.0695 10788 MSPQM - ok
10:40:06.0708 10788 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:40:06.0711 10788 MsRPC - ok
10:40:06.0727 10788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:40:06.0727 10788 mssmbios - ok
10:40:06.0734 10788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:40:06.0734 10788 MSTEE - ok
10:40:06.0747 10788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:40:06.0747 10788 MTConfig - ok
10:40:06.0762 10788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:40:06.0763 10788 Mup - ok
10:40:06.0783 10788 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
10:40:06.0788 10788 napagent - ok
10:40:06.0821 10788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:40:06.0825 10788 NativeWifiP - ok
10:40:06.0858 10788 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:40:06.0867 10788 NDIS - ok
10:40:06.0882 10788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:06.0883 10788 NdisCap - ok
10:40:06.0907 10788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:06.0908 10788 NdisTapi - ok
10:40:06.0930 10788 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:06.0931 10788 Ndisuio - ok
10:40:06.0948 10788 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:06.0950 10788 NdisWan - ok
10:40:06.0964 10788 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:40:06.0964 10788 NDProxy - ok
10:40:07.0064 10788 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:40:07.0072 10788 Nero BackItUp Scheduler 4.0 - ok
10:40:07.0083 10788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:40:07.0083 10788 NetBIOS - ok
10:40:07.0103 10788 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:40:07.0105 10788 NetBT - ok
10:40:07.0122 10788 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:40:07.0123 10788 Netlogon - ok
10:40:07.0144 10788 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:40:07.0148 10788 Netman - ok
10:40:07.0211 10788 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:07.0213 10788 NetMsmqActivator - ok
10:40:07.0216 10788 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:07.0216 10788 NetPipeActivator - ok
10:40:07.0238 10788 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:40:07.0243 10788 netprofm - ok
10:40:07.0295 10788 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
10:40:07.0303 10788 netr28ux - ok
10:40:07.0308 10788 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:07.0309 10788 NetTcpActivator - ok
10:40:07.0311 10788 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:07.0312 10788 NetTcpPortSharing - ok
10:40:07.0329 10788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:40:07.0330 10788 nfrd960 - ok
10:40:07.0352 10788 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
10:40:07.0356 10788 NlaSvc - ok
10:40:07.0398 10788 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
10:40:07.0399 10788 NPF - ok
10:40:07.0415 10788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:40:07.0416 10788 Npfs - ok
10:40:07.0424 10788 npggsvc - ok
10:40:07.0430 10788 NPPTNT2 - ok
10:40:07.0450 10788 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:40:07.0451 10788 nsi - ok
10:40:07.0459 10788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:40:07.0460 10788 nsiproxy - ok
10:40:07.0494 10788 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
10:40:07.0508 10788 Ntfs - ok
10:40:07.0515 10788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:40:07.0515 10788 Null - ok
10:40:07.0743 10788 nvlddmkm (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:40:07.0964 10788 nvlddmkm - ok
10:40:08.0032 10788 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
10:40:08.0034 10788 nvraid - ok
10:40:08.0046 10788 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
10:40:08.0048 10788 nvstor - ok
10:40:08.0092 10788 nvsvc (97f1a24ac0255c6e0a075c9cc772784a) C:\Windows\system32\nvvsvc.exe
10:40:08.0094 10788 nvsvc - ok
10:40:08.0118 10788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:40:08.0119 10788 nv_agp - ok
10:40:08.0203 10788 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:40:08.0208 10788 odserv - ok
10:40:08.0231 10788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:40:08.0232 10788 ohci1394 - ok
10:40:08.0255 10788 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:40:08.0257 10788 ose - ok
10:40:08.0297 10788 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
10:40:08.0299 10788 ossrv - ok
10:40:08.0323 10788 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:40:08.0327 10788 p2pimsvc - ok
10:40:08.0341 10788 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:40:08.0346 10788 p2psvc - ok
10:40:08.0360 10788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:40:08.0361 10788 Parport - ok
10:40:08.0378 10788 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:40:08.0379 10788 partmgr - ok
10:40:08.0390 10788 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:40:08.0393 10788 PcaSvc - ok
10:40:08.0405 10788 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:40:08.0407 10788 pci - ok
10:40:08.0418 10788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:40:08.0418 10788 pciide - ok
10:40:08.0440 10788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:40:08.0442 10788 pcmcia - ok
10:40:08.0474 10788 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
10:40:08.0476 10788 pcouffin - ok
10:40:08.0487 10788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:40:08.0488 10788 pcw - ok
10:40:08.0510 10788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:40:08.0516 10788 PEAUTH - ok
10:40:08.0549 10788 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:40:08.0562 10788 PeerDistSvc - ok
10:40:08.0607 10788 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:40:08.0608 10788 PerfHost - ok
10:40:08.0642 10788 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
10:40:08.0655 10788 pla - ok
10:40:08.0684 10788 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
10:40:08.0689 10788 PlugPlay - ok
10:40:08.0701 10788 PnkBstrA - ok
10:40:08.0712 10788 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:40:08.0713 10788 PNRPAutoReg - ok
10:40:08.0731 10788 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:40:08.0734 10788 PNRPsvc - ok
10:40:08.0757 10788 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
10:40:08.0762 10788 PolicyAgent - ok
10:40:08.0776 10788 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:40:08.0779 10788 Power - ok
10:40:08.0801 10788 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:40:08.0802 10788 PptpMiniport - ok
10:40:08.0817 10788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:40:08.0818 10788 Processor - ok
10:40:08.0835 10788 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
10:40:08.0837 10788 ProfSvc - ok
10:40:08.0852 10788 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:40:08.0852 10788 ProtectedStorage - ok
10:40:08.0868 10788 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:40:08.0871 10788 Psched - ok
10:40:08.0918 10788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:40:08.0932 10788 ql2300 - ok
10:40:08.0951 10788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:40:08.0952 10788 ql40xx - ok
10:40:08.0971 10788 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:40:08.0974 10788 QWAVE - ok
10:40:08.0981 10788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:40:08.0982 10788 QWAVEdrv - ok
10:40:08.0992 10788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:40:08.0992 10788 RasAcd - ok
10:40:09.0010 10788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:40:09.0011 10788 RasAgileVpn - ok
10:40:09.0026 10788 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:40:09.0028 10788 RasAuto - ok
10:40:09.0040 10788 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:40:09.0041 10788 Rasl2tp - ok
10:40:09.0056 10788 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
10:40:09.0061 10788 RasMan - ok
10:40:09.0078 10788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:40:09.0079 10788 RasPppoe - ok
10:40:09.0095 10788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:40:09.0097 10788 RasSstp - ok
10:40:09.0114 10788 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:40:09.0117 10788 rdbss - ok
10:40:09.0125 10788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:40:09.0126 10788 rdpbus - ok
10:40:09.0136 10788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:40:09.0136 10788 RDPCDD - ok
10:40:09.0169 10788 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
10:40:09.0171 10788 RDPDR - ok
10:40:09.0195 10788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:40:09.0196 10788 RDPENCDD - ok
10:40:09.0209 10788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:40:09.0210 10788 RDPREFMP - ok
10:40:09.0227 10788 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:40:09.0229 10788 RDPWD - ok
10:40:09.0250 10788 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:40:09.0253 10788 rdyboost - ok
10:40:09.0282 10788 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:40:09.0284 10788 RemoteAccess - ok
10:40:09.0297 10788 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:40:09.0300 10788 RemoteRegistry - ok
10:40:09.0339 10788 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
10:40:09.0340 10788 rpcapd - ok
10:40:09.0357 10788 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:40:09.0359 10788 RpcEptMapper - ok
10:40:09.0372 10788 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:40:09.0373 10788 RpcLocator - ok
10:40:09.0393 10788 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:40:09.0396 10788 RpcSs - ok
10:40:09.0414 10788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:40:09.0415 10788 rspndr - ok
10:40:09.0457 10788 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:40:09.0459 10788 RTL8167 - ok
10:40:09.0481 10788 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
10:40:09.0482 10788 s0016bus - ok
10:40:09.0507 10788 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
10:40:09.0508 10788 s0016mdfl - ok
10:40:09.0530 10788 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
10:40:09.0532 10788 s0016mdm - ok
10:40:09.0549 10788 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
10:40:09.0550 10788 s0016mgmt - ok
10:40:09.0577 10788 s0016nd5 (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
10:40:09.0578 10788 s0016nd5 - ok
10:40:09.0597 10788 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
10:40:09.0599 10788 s0016obex - ok
10:40:09.0621 10788 s0016unic (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
10:40:09.0623 10788 s0016unic - ok
10:40:09.0641 10788 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
10:40:09.0641 10788 s3cap - ok
10:40:09.0652 10788 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:40:09.0653 10788 SamSs - ok
10:40:09.0673 10788 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:40:09.0675 10788 sbp2port - ok
10:40:09.0692 10788 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:40:09.0695 10788 SCardSvr - ok
10:40:09.0705 10788 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:40:09.0706 10788 scfilter - ok
10:40:09.0748 10788 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
10:40:09.0757 10788 Schedule - ok
10:40:09.0777 10788 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:40:09.0778 10788 SCPolicySvc - ok
10:40:09.0792 10788 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
10:40:09.0795 10788 SDRSVC - ok
10:40:09.0821 10788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:40:09.0822 10788 secdrv - ok
10:40:09.0833 10788 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
10:40:09.0834 10788 seclogon - ok
10:40:09.0848 10788 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:40:09.0850 10788 SENS - ok
10:40:09.0856 10788 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:40:09.0857 10788 SensrSvc - ok
10:40:09.0879 10788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:40:09.0880 10788 Serenum - ok
10:40:09.0895 10788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:40:09.0896 10788 Serial - ok
10:40:09.0907 10788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:40:09.0908 10788 sermouse - ok
10:40:09.0923 10788 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
10:40:09.0925 10788 SessionEnv - ok
10:40:09.0936 10788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:40:09.0937 10788 sffdisk - ok
10:40:09.0949 10788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:40:09.0950 10788 sffp_mmc - ok
10:40:09.0961 10788 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:40:09.0961 10788 sffp_sd - ok
10:40:09.0974 10788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:40:09.0975 10788 sfloppy - ok
10:40:10.0024 10788 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:40:10.0028 10788 SharedAccess - ok
10:40:10.0041 10788 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
10:40:10.0045 10788 ShellHWDetection - ok
10:40:10.0066 10788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:40:10.0067 10788 SiSRaid2 - ok
10:40:10.0076 10788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:40:10.0078 10788 SiSRaid4 - ok
10:40:10.0097 10788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:40:10.0098 10788 Smb - ok
10:40:10.0127 10788 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:40:10.0128 10788 SNMPTRAP - ok
10:40:10.0135 10788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:40:10.0135 10788 spldr - ok
10:40:10.0162 10788 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
10:40:10.0167 10788 Spooler - ok
10:40:10.0232 10788 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
10:40:10.0287 10788 sppsvc - ok
10:40:10.0303 10788 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:40:10.0305 10788 sppuinotify - ok
10:40:10.0351 10788 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
10:40:10.0351 10788 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
10:40:10.0352 10788 sptd ( LockedFile.Multi.Generic ) - warning
10:40:10.0352 10788 sptd - detected LockedFile.Multi.Generic (1)
10:40:10.0380 10788 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
10:40:10.0385 10788 srv - ok
10:40:10.0409 10788 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
10:40:10.0413 10788 srv2 - ok
10:40:10.0438 10788 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
10:40:10.0440 10788 srvnet - ok
10:40:10.0466 10788 SscRdBus (2bfc755bbc02ec389a239777b9011c27) C:\Windows\system32\DRIVERS\SscRdBus.sys
10:40:10.0467 10788 SscRdBus - ok
10:40:10.0473 10788 SscRdCls (e204062201caa6c163b9f9e02b7b4db1) C:\Windows\system32\DRIVERS\SscRdCls.sys
10:40:10.0474 10788 SscRdCls - ok
10:40:10.0497 10788 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:40:10.0499 10788 SSDPSRV - ok
10:40:10.0514 10788 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:40:10.0516 10788 SstpSvc - ok
10:40:10.0567 10788 Steam Client Service - ok
10:40:10.0586 10788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:40:10.0586 10788 stexstor - ok
10:40:10.0625 10788 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
10:40:10.0631 10788 stisvc - ok
10:40:10.0648 10788 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:40:10.0649 10788 storflt - ok
10:40:10.0664 10788 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
10:40:10.0664 10788 storvsc - ok
10:40:10.0677 10788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:40:10.0678 10788 swenum - ok
10:40:10.0701 10788 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:40:10.0707 10788 swprv - ok
10:40:10.0746 10788 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
10:40:10.0770 10788 SysMain - ok
10:40:10.0791 10788 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
10:40:10.0793 10788 TabletInputService - ok
10:40:10.0858 10788 TabletServicePen (1a143f8e764209c6877cdcb9dbb9f2cd) C:\Windows\system32\Pen_Tablet.exe
10:40:10.0867 10788 TabletServicePen - ok
10:40:10.0879 10788 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
10:40:10.0883 10788 TapiSrv - ok
10:40:10.0897 10788 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:40:10.0899 10788 TBS - ok
10:40:10.0944 10788 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
10:40:10.0967 10788 Tcpip - ok
10:40:11.0013 10788 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
10:40:11.0020 10788 TCPIP6 - ok
10:40:11.0041 10788 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:40:11.0041 10788 tcpipreg - ok
10:40:11.0054 10788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:40:11.0055 10788 TDPIPE - ok
10:40:11.0066 10788 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:40:11.0067 10788 TDTCP - ok
10:40:11.0080 10788 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:40:11.0081 10788 tdx - ok
10:40:11.0094 10788 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:40:11.0095 10788 TermDD - ok
10:40:11.0128 10788 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
10:40:11.0135 10788 TermService - ok
10:40:11.0154 10788 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
10:40:11.0156 10788 Themes - ok
10:40:11.0182 10788 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:40:11.0183 10788 THREADORDER - ok
10:40:11.0197 10788 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:40:11.0199 10788 TrkWks - ok
10:40:11.0219 10788 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
10:40:11.0221 10788 TrustedInstaller - ok
10:40:11.0237 10788 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:40:11.0238 10788 tssecsrv - ok
10:40:11.0270 10788 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:40:11.0271 10788 tunnel - ok
10:40:11.0282 10788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:40:11.0283 10788 uagp35 - ok
10:40:11.0295 10788 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:40:11.0298 10788 udfs - ok
10:40:11.0317 10788 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:40:11.0318 10788 UI0Detect - ok
10:40:11.0335 10788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:40:11.0336 10788 uliagpkx - ok
10:40:11.0354 10788 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:40:11.0355 10788 umbus - ok
10:40:11.0369 10788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:40:11.0370 10788 UmPass - ok
10:40:11.0388 10788 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
10:40:11.0391 10788 UmRdpService - ok
10:40:11.0414 10788 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:40:11.0417 10788 upnphost - ok
10:40:11.0447 10788 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
10:40:11.0448 10788 USBAAPL64 - ok
10:40:11.0484 10788 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
10:40:11.0485 10788 usbaudio - ok
10:40:11.0493 10788 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
10:40:11.0494 10788 usbccgp - ok
10:40:11.0510 10788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:40:11.0511 10788 usbcir - ok
10:40:11.0525 10788 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
10:40:11.0526 10788 usbehci - ok
10:40:11.0541 10788 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
10:40:11.0543 10788 usbhub - ok
10:40:11.0553 10788 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:40:11.0554 10788 usbohci - ok
10:40:11.0568 10788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:40:11.0569 10788 usbprint - ok
10:40:11.0586 10788 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:40:11.0588 10788 USBSTOR - ok
10:40:11.0607 10788 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:40:11.0607 10788 usbuhci - ok
10:40:11.0617 10788 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:40:11.0618 10788 UxSms - ok
10:40:11.0635 10788 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:40:11.0635 10788 VaultSvc - ok
10:40:11.0642 10788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:40:11.0643 10788 vdrvroot - ok
10:40:11.0659 10788 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
10:40:11.0665 10788 vds - ok
10:40:11.0683 10788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:40:11.0683 10788 vga - ok
10:40:11.0694 10788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:40:11.0695 10788 VgaSave - ok
10:40:11.0714 10788 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:40:11.0717 10788 vhdmp - ok
10:40:11.0751 10788 vhidmini (1161acff728d97f75d74d2f1465f8a46) C:\Windows\system32\DRIVERS\vHidDev.sys
10:40:11.0752 10788 vhidmini - ok
10:40:11.0761 10788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:40:11.0762 10788 viaide - ok
10:40:11.0786 10788 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
10:40:11.0789 10788 vmbus - ok
10:40:11.0796 10788 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:40:11.0797 10788 VMBusHID - ok
10:40:11.0809 10788 VMnetAdapter - ok
10:40:11.0823 10788 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:40:11.0824 10788 volmgr - ok
10:40:11.0840 10788 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:40:11.0843 10788 volmgrx - ok
10:40:11.0861 10788 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:40:11.0864 10788 volsnap - ok
10:40:11.0886 10788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:40:11.0888 10788 vsmraid - ok
10:40:11.0928 10788 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
10:40:11.0935 10788 VSS - ok
10:40:11.0946 10788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:40:11.0947 10788 vwifibus - ok
10:40:11.0967 10788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:40:11.0968 10788 vwififlt - ok
10:40:11.0980 10788 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:40:11.0981 10788 vwifimp - ok
10:40:12.0000 10788 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:40:12.0005 10788 W32Time - ok
10:40:12.0033 10788 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:40:12.0033 10788 wacommousefilter - ok
10:40:12.0051 10788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:40:12.0052 10788 WacomPen - ok
10:40:12.0083 10788 wacomvhid (9d45e06348c6703fba2064ac149aabda) C:\Windows\system32\DRIVERS\wacomvhid.sys
10:40:12.0084 10788 wacomvhid - ok
10:40:12.0098 10788 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
10:40:12.0099 10788 WacomVKHid - ok
10:40:12.0128 10788 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:40:12.0129 10788 WANARP - ok
10:40:12.0138 10788 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:40:12.0138 10788 Wanarpv6 - ok
10:40:12.0198 10788 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:40:12.0209 10788 WatAdminSvc - ok
10:40:12.0247 10788 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
10:40:12.0261 10788 wbengine - ok
10:40:12.0276 10788 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:40:12.0280 10788 WbioSrvc - ok
10:40:12.0304 10788 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
10:40:12.0309 10788 wcncsvc - ok
10:40:12.0322 10788 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:40:12.0324 10788 WcsPlugInService - ok
10:40:12.0333 10788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:40:12.0334 10788 Wd - ok
10:40:12.0360 10788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:40:12.0366 10788 Wdf01000 - ok
10:40:12.0379 10788 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:40:12.0381 10788 WdiServiceHost - ok
10:40:12.0384 10788 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:40:12.0385 10788 WdiSystemHost - ok
10:40:12.0415 10788 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
10:40:12.0418 10788 WebClient - ok
10:40:12.0434 10788 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:40:12.0437 10788 Wecsvc - ok
10:40:12.0447 10788 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:40:12.0449 10788 wercplsupport - ok
10:40:12.0467 10788 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:40:12.0469 10788 WerSvc - ok
10:40:12.0492 10788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:40:12.0493 10788 WfpLwf - ok
10:40:12.0499 10788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:40:12.0500 10788 WIMMount - ok
10:40:12.0516 10788 WinDefend - ok
10:40:12.0521 10788 WinHttpAutoProxySvc - ok
10:40:12.0566 10788 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:40:12.0569 10788 Winmgmt - ok
10:40:12.0606 10788 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
10:40:12.0633 10788 WinRM - ok
10:40:12.0672 10788 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
10:40:12.0673 10788 WinUsb - ok
10:40:12.0703 10788 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:40:12.0710 10788 Wlansvc - ok
10:40:12.0804 10788 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:40:12.0841 10788 wlidsvc - ok
10:40:12.0896 10788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:40:12.0897 10788 WmiAcpi - ok
10:40:12.0946 10788 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:40:12.0948 10788 wmiApSrv - ok
10:40:12.0976 10788 WMPNetworkSvc - ok
10:40:12.0994 10788 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:40:12.0996 10788 WPCSvc - ok
10:40:13.0004 10788 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
10:40:13.0007 10788 WPDBusEnum - ok
10:40:13.0021 10788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:40:13.0022 10788 ws2ifsl - ok
10:40:13.0057 10788 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
10:40:13.0059 10788 wscsvc - ok
10:40:13.0065 10788 WSearch - ok
10:40:13.0117 10788 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
10:40:13.0154 10788 wuauserv - ok
10:40:13.0176 10788 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:40:13.0177 10788 WudfPf - ok
10:40:13.0205 10788 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:13.0207 10788 WUDFRd - ok
10:40:13.0222 10788 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
10:40:13.0224 10788 wudfsvc - ok
10:40:13.0236 10788 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:40:13.0239 10788 WwanSvc - ok
10:40:13.0274 10788 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
10:40:13.0275 10788 xusb21 - ok
10:40:13.0303 10788 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:40:13.0347 10788 \Device\Harddisk0\DR0 - ok
10:40:13.0349 10788 Boot (0x1200) (a2da00161177c62da92d4fc43d23902c) \Device\Harddisk0\DR0\Partition0
10:40:13.0350 10788 \Device\Harddisk0\DR0\Partition0 - ok
10:40:13.0357 10788 Boot (0x1200) (b8e66fed2c2144d2d6e1fd0cbf444321) \Device\Harddisk0\DR0\Partition1
10:40:13.0358 10788 \Device\Harddisk0\DR0\Partition1 - ok
10:40:13.0358 10788 ============================================================
10:40:13.0358 10788 Scan finished
10:40:13.0358 10788 ============================================================
10:40:13.0363 13252 Detected object count: 2
10:40:13.0363 13252 Actual detected object count: 2
10:41:10.0291 13252 C:\Windows\system32\cpsvc.dll - copied to quarantine
10:41:10.0300 13252 HKLM\SYSTEM\ControlSet001\services\aec - will be deleted on reboot
10:41:10.0333 13252 HKLM\SYSTEM\ControlSet002\services\aec - will be deleted on reboot
10:41:10.0426 13252 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
10:41:10.0457 13252 C:\Windows\system32\cpsvc.dll - will be deleted on reboot
10:41:10.0457 13252 aec ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:41:10.0458 13252 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:41:10.0458 13252 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:41:15.0614 6068 Deinitialize success


==========================================================================================


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 11:22:50
-----------------------------
11:22:50.043 OS Version: Windows x64 6.1.7600
11:22:50.043 Number of processors: 8 586 0x1A04
11:22:50.043 ComputerName: JASTIN-PC UserName: Jastin
11:22:51.503 Initialze error C000010E - driver not loaded
11:22:54.369 AVAST engine defs: 12040500
11:22:56.597 Service scanning
11:22:57.518 Service aec C:\Windows\system32\cpsvc.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:23:10.777 Modules scanning
11:23:10.780 Disk 0 trace - called modules:
11:23:10.781
11:23:12.144 AVAST engine scan C:\Windows
11:23:15.885 AVAST engine scan C:\Windows\system32
11:23:22.022 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
11:23:22.109 File: C:\Windows\system32\cpsvc.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:24:48.006 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:24:48.931 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:25:37.916 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
11:25:39.367 AVAST engine scan C:\Windows\system32\drivers
11:25:49.400 AVAST engine scan C:\Users\Jastin
11:25:57.716 File: C:\Users\Jastin\AppData\Local\Google\Chrome\Application\18.0.1025.142\Installer\setup.exe **INFECTED** Win32:Malware-gen
11:47:02.287 AVAST engine scan C:\ProgramData
11:52:10.441 Scan finished successfully
11:58:18.641 The log file has been saved successfully to "C:\Users\Jastin\Desktop\aswMBR.txt"

Edited by jastin, 05 April 2012 - 10:59 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 05 April 2012 - 11:28 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jastin

jastin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 06 April 2012 - 10:41 AM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 06-04-2012 11:33:43
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-05-18] (Logitech, Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [36352 2007-10-09] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [36272 2010-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" [232960 2009-10-08] (Razer USA Ltd.)
HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [251392 2010-05-05] ()
HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2011-02-07] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)
HKU\everyone else\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\everyone else\...\Run: [AIM] C:\Program Files (x86)\AIM\aim.exe -cnetwait.odl [x]
HKU\Jastin\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [369200 2009-10-30] (DT Soft Ltd)
HKU\Jastin\...\Run: [ASRockOCTuner] [x]
HKU\Jastin\...\Run: [ASRockIES] [x]
HKU\Jastin\...\Run: [zASRockInstantBoot] [x]
HKU\Jastin\...\Run: [QuickGammaLoader] C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe [100352 2011-03-11] (Eberhard Werle)
HKU\Jastin\...\Run: [QuickGammaResume] [x]
HKU\Jastin\...\Run: [F.lux] "C:\Users\Jastin\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 aec; C:\Windows\System32\cpsvc.dll [6656 2009-07-13] (Oak Technology Inc.)
3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2011-04-22] (Creative Labs)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 hasplms; C:\Windows\system32\hasplms.exe -run [535807 2007-03-11] (Aladdin Knowledge Systems Ltd.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)
3 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [357456 2010-05-06] (Logitech, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-09-23] (Nero AG)
3 npggsvc; C:\Windows\SysWow64\GameMon.des -service [4208208 2010-10-21] (INCA Internet Co., Ltd.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-02-05] ()
2 TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [1909032 2007-09-07] (Wacom Technology, Corp.)
3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
3 atikmdag; C:\Windows\System32\Drivers\atikmdag.sys [10720256 2011-12-05] (Advanced Micro Devices, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2011-09-21] (CPUID)
3 CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [230488 2010-07-07] (Creative Technology Ltd.)
3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [115824 2009-10-29] (JMicron Technology Corp.)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-05-09] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [63568 2010-03-18] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [57936 2010-03-18] (Logitech, Inc.)
3 Lycosa; C:\Windows\System32\Drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2011-11-10] (MotioninJoy)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [867328 2009-06-10] (Ralink Technology Corp.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 s0016bus; C:\Windows\System32\Drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
3 s0016mdfl; C:\Windows\System32\Drivers\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
3 s0016mdm; C:\Windows\System32\Drivers\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
3 s0016mgmt; C:\Windows\System32\Drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
3 s0016nd5; C:\Windows\System32\Drivers\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
3 s0016obex; C:\Windows\System32\Drivers\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
3 s0016unic; C:\Windows\System32\Drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-02] (Duplex Secure Ltd.)
0 SscRdBus; C:\Windows\System32\Drivers\SscRdBus.sys [72216 2009-06-18] (SuperSpeed LLC)
0 SscRdCls; C:\Windows\System32\Drivers\SscRdCls.sys [37376 2007-11-16] (SuperSpeed LLC)
3 wacommousefilter; C:\Windows\System32\Drivers\wacommousefilter.sys [12848 2007-02-16] (Wacom Technology)
3 wacomvhid; C:\Windows\System32\Drivers\wacomvhid.sys [14640 2007-02-16] (Wacom Technology)
3 WacomVKHid; C:\Windows\System32\Drivers\WacomVKHid.sys [12976 2007-02-15] (Wacom Technology)
3 ALSysIO; \??\C:\Users\Jastin\AppData\Local\Temp\ALSysIO64.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz130; \??\C:\Users\Jastin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\safedrv.sys [x]
3 GPU-Z; \??\C:\Users\Jastin\AppData\Local\Temp\GPU-Z.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: aec

============ One Month Created Files and Folders ==============

2012-04-06 07:28 - 2012-04-06 07:28 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-06 07:26 - 2012-04-06 07:26 - 0000000 ____D C:\Users\Jastin\ds
2012-04-06 07:23 - 2012-04-06 07:23 - 0018013 ____A C:\ComboFix.txt
2012-04-06 07:17 - 2012-04-06 07:17 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-06 07:14 - 2012-04-06 07:17 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-06 07:02 - 2012-04-06 07:23 - 0000000 ____D C:\ComboFix
2012-04-05 16:46 - 2012-04-05 16:46 - 1143141 ____A C:\Users\Jastin\Desktop\dogs.png
2012-04-05 16:21 - 2012-04-05 16:22 - 1385843 ____A C:\Users\Jastin\Desktop\FRST64.exe
2012-04-05 15:59 - 2012-04-05 15:59 - 4333903 ____A C:\Users\Jastin\Desktop\ui so far.png
2012-04-05 07:58 - 2012-04-05 07:58 - 0001653 ____A C:\Users\Jastin\Desktop\aswMBR.txt
2012-04-05 07:35 - 2012-04-05 07:36 - 0000000 ____D C:\Users\Jastin\Downloads\Sum 41 - The Best Of Sum 41 (2008) - Punk Rock [www.torrentazos.com]
2012-04-05 07:11 - 2012-04-05 07:12 - 4731392 ____A (AVAST Software) C:\Users\Jastin\Desktop\aswMBR.exe
2012-04-05 06:39 - 2012-04-05 06:41 - 0142212 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_10.39.56_log.txt
2012-04-05 04:16 - 2012-04-05 04:19 - 168977399 ____A C:\Users\Jastin\Downloads\Happy.Endings.S02E21.HDTV.x264-LOL.mp4
2012-04-05 04:15 - 2012-04-05 04:23 - 403485061 ____A C:\Users\Jastin\Downloads\Psych.S06E15.HDTV.x264-ASAP.mp4
2012-04-04 07:22 - 2012-04-04 08:14 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\To the Moon - Freebird Games
2012-04-04 07:21 - 2012-04-04 07:21 - 0000000 ____D C:\Program Files (x86)\Foxy Games
2012-04-04 07:13 - 2012-04-04 07:14 - 0000000 ____D C:\Users\Jastin\Downloads\To the Moon - Full PreCracked - Foxy Games
2012-04-04 05:36 - 2009-10-10 16:02 - 600289200 ____A C:\Users\Jastin\Desktop\alundra.iso
2012-04-04 05:33 - 2012-04-04 05:33 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\fltk.org
2012-04-04 05:32 - 2011-02-14 12:07 - 0000000 ____D C:\Users\Jastin\Desktop\ePSXe
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-04 02:36 - 2012-04-06 07:23 - 0000000 ____D C:\Qoobox
2012-04-04 02:36 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-04 02:36 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-04 02:36 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-04 02:36 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-04 02:36 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-04 02:36 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-04 02:36 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-04 02:36 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-04 02:35 - 2012-04-04 02:35 - 4455902 ____R (Swearware) C:\Users\Jastin\Desktop\ComboFix.exe
2012-04-03 07:49 - 2012-04-03 07:56 - 0000000 ____D C:\Users\Jastin\Downloads\Portishead - Roseland NYC Live
2012-04-03 07:45 - 2012-04-03 07:46 - 0000000 ____D C:\Users\Jastin\Downloads\Portishead - Dummy [ABR-320kbps]
2012-04-03 05:30 - 2012-04-03 05:30 - 0021270 ____A C:\Users\Jastin\Desktop\DDS.txt
2012-04-03 05:30 - 2012-04-03 05:30 - 0008143 ____A C:\Users\Jastin\Desktop\Attach.txt
2012-04-03 05:27 - 2012-04-03 05:27 - 0607260 ____R (Swearware) C:\Users\Jastin\Desktop\dds.scr
2012-04-03 05:16 - 2012-04-03 05:18 - 0139868 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_09.16.47_log.txt
2012-04-03 05:16 - 2012-04-03 05:16 - 2068528 ____A (Kaspersky Lab ZAO) C:\Users\Jastin\Desktop\tdsskiller.exe
2012-04-02 07:54 - 2012-04-02 07:54 - 0000000 ____D C:\Users\Jastin\Desktop\epsxe 1.7.0 and 1.6.0 (with GameShark, CodeBreaker, And Action Replay)
2012-04-02 07:48 - 2012-04-02 08:02 - 0000000 ____D C:\Users\Jastin\Desktop\Alundra 1 and 2 (PSX)
2012-04-02 02:44 - 2012-04-02 02:44 - 0000000 ____D C:\Users\Jastin\Desktop\Rawr WPF 4.3.8
2012-04-01 15:57 - 2012-04-01 15:57 - 0000000 ____D C:\Users\Jastin\Desktop\Dota
2012-03-31 09:38 - 2012-04-01 15:24 - 0139804 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_13.38.38_log.txt
2012-03-31 09:21 - 2012-04-06 07:22 - 0000000 ____D C:\Windows\ERDNT
2012-03-31 09:21 - 2012-03-31 09:22 - 0139632 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_13.21.45_log.txt
2012-03-31 07:47 - 2012-03-31 07:47 - 0137330 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_11.47.13_log.txt
2012-03-31 07:35 - 2012-04-03 05:17 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-31 07:33 - 2012-03-31 07:35 - 0139794 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_11.33.40_log.txt
2012-03-31 06:44 - 2012-03-31 06:44 - 0049624 ____A C:\Users\Jastin\Downloads\crash.dmp
2012-03-31 06:44 - 2012-03-31 06:44 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\Ad-Aware Antivirus
2012-03-31 06:43 - 2012-03-31 06:43 - 6176376 ____A (Lavasoft Limited) C:\Users\Jastin\Downloads\Adaware_Installer.exe
2012-03-29 02:20 - 2012-03-29 02:21 - 35115482 ____A C:\Users\Jastin\Optees UI.zip
2012-03-28 23:45 - 2012-03-28 23:52 - 183329888 ____A C:\Users\Jastin\Downloads\Happy.Endings.S02E20.HDTV.XviD-2HD.avi
2012-03-28 23:44 - 2012-03-28 23:46 - 0000000 ____D C:\Users\Jastin\Downloads\[ www.TorrentDay.com ] - New.Girl.S01E18.480p.WEB-DL.x264-mSD
2012-03-28 01:07 - 2012-03-28 01:07 - 0000000 ____D C:\Users\Jastin\Documents\Pokemon-Online Logs
2012-03-25 22:12 - 2012-03-25 22:14 - 357274390 ____A C:\Users\Jastin\Downloads\Psych.S06E13.HDTV.x264-ASAP.mp4
2012-03-23 21:14 - 2012-03-23 21:17 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\Audacity
2012-03-23 21:13 - 2012-03-23 21:13 - 0000000 ____D C:\Program Files (x86)\Audacity
2012-03-22 22:47 - 2012-03-22 22:53 - 141511007 ____A C:\Users\Jastin\Downloads\30.Rock.S06E13.HDTV.x264-LOL.mp4
2012-03-22 22:46 - 2012-03-22 22:51 - 158420704 ____A C:\Users\Jastin\Downloads\30.Rock.S06E14.HDTV.x264-LOL.mp4
2012-03-21 11:29 - 2012-03-21 13:04 - 0000000 ____D C:\Users\test\AppData\Roaming\Winamp
2012-03-21 11:15 - 2012-03-21 11:17 - 0000000 ____D C:\Users\test\Documents\StarCraft II
2012-03-20 21:22 - 2012-03-20 21:51 - 1482841585 ____A C:\Users\Jastin\Downloads\Psych.S06E12.720p.HDTV.x264-IMMERSE.mkv
2012-03-20 21:21 - 2012-03-20 21:25 - 127026508 ____A C:\Users\Jastin\Downloads\New.Girl.S01E17.HDTV.x264-LOL.[VTV].mp4
2012-03-20 21:21 - 2012-03-20 21:25 - 0000000 ____D C:\Users\Jastin\Downloads\How.I.Met.Your.Mother.S07E19.720p.HDTV.X264-DIMENSION-[SpastikusTV]
2012-03-19 16:41 - 2012-03-19 16:54 - 0000000 ____D C:\Users\Jastin\Downloads\friends-09
2012-03-14 22:02 - 2012-03-14 22:07 - 0000000 ____D C:\Users\Jastin\Downloads\[ www.Speed.Cd ] - New.Girl.S01E16.720p.HDTV.X264-DIMENSION
2012-03-14 22:01 - 2012-03-14 22:32 - 0000000 ____D C:\Users\Jastin\Downloads\[ www.Speed.Cd ] - Happy.Endings.S02E18.720p.HDTV.X264-DIMENSION
2012-03-14 21:59 - 2012-03-14 23:20 - 693521524 ____A C:\Users\Jastin\Downloads\Modern.Family.S03E18.720p.HDTV.X264-DIMENSION.mkv
2012-03-14 21:59 - 2012-03-14 22:07 - 0000000 ____D C:\Users\Jastin\Downloads\[ www.Speed.Cd ] - Psych.S06E12.720p.HDTV.x264-IMMERSE
2012-03-14 21:58 - 2012-03-14 21:59 - 395400058 ____A C:\Users\Jastin\Downloads\Psych.S06E12.HDTV.x264-ASAP.mp4
2012-03-13 15:23 - 2012-03-13 15:27 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\vexorian
2012-03-13 15:08 - 2012-04-05 11:06 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\Winamp
2012-03-13 15:08 - 2007-03-07 15:51 - 1628920 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxsfs.dll
2012-03-13 15:08 - 2007-03-07 15:51 - 0547576 ____N (Sonic Solutions) C:\Windows\SysWOW64\px.dll
2012-03-13 15:08 - 2007-03-07 15:51 - 0510712 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxdrv.dll
2012-03-13 15:08 - 2007-03-07 15:51 - 0379640 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxwave.dll
2012-03-13 15:08 - 2007-03-07 15:51 - 0187128 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxmas.dll
2012-03-13 15:08 - 2007-03-07 15:51 - 0129784 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxafs.dll
2012-03-13 15:08 - 2007-03-07 15:51 - 0072440 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxhpinst.exe
2012-03-13 15:08 - 2007-03-07 15:51 - 0064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxinsa64.exe
2012-03-13 15:08 - 2007-03-07 15:51 - 0064760 ____N (Sonic Solutions) C:\Windows\SysWOW64\pxcpya64.exe
2012-03-13 15:08 - 2007-03-07 15:51 - 0039672 ____N (Sonic Solutions) C:\Windows\SysWOW64\vxblock.dll
2012-03-13 12:19 - 2012-03-28 23:38 - 0000000 ____D C:\jtv
2012-03-13 11:56 - 2012-03-13 11:56 - 6933939 ____A (Hmelyoff Labs ) C:\Users\Jastin\Downloads\VHSC_inst.exe
2012-03-13 09:51 - 2012-03-13 09:51 - 0000000 ____D C:\Users\Jastin\AppData\Local\SplitMediaLabs
2012-03-13 08:19 - 2012-03-13 08:19 - 0000870 ____A C:\Users\Jastin\Downloads\Downloads - Shortcut.lnk
2012-03-12 17:42 - 2012-03-12 17:42 - 0000000 ____D C:\Users\Jastin\Downloads\Diablo & Hellfire
2012-03-08 23:49 - 2012-03-20 22:45 - 0000000 ____D C:\Users\Jastin\Downloads\Friends
2012-03-07 11:57 - 2012-03-07 11:58 - 0000000 ____D C:\Users\test\AppData\Roaming\Rainmeter
2012-03-07 11:57 - 2012-03-07 11:57 - 0000000 ____D C:\Users\test\Documents\Rainmeter
2012-03-07 11:39 - 2012-03-07 11:39 - 0000011 ____A C:\Users\test\Desktop\referral.txt
2012-03-07 11:35 - 2012-03-07 11:35 - 0000000 ____D C:\Users\test\AppData\Roaming\Adobe
2012-03-07 11:34 - 2012-03-07 11:34 - 0000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2012-03-07 11:34 - 2012-03-07 11:34 - 0000000 ____D C:\Users\test\AppData\Local\Mozilla
2012-03-07 06:03 - 2012-03-07 06:03 - 0000000 ____D C:\Swsetup
2012-03-07 05:58 - 2012-03-07 05:58 - 0000000 ____D C:\Users\All Users\ATI
2012-03-07 05:58 - 2012-03-07 05:58 - 0000000 ____D C:\ProgramData\ATI
2012-03-07 05:58 - 2012-03-07 05:58 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-07 05:53 - 2012-03-07 05:53 - 0000000 ____D C:\AMD
2012-03-07 05:21 - 2012-03-07 05:21 - 0000000 ____D C:\Program Files (x86)\Geeks3D
2012-03-07 05:02 - 2012-03-07 06:41 - 0000913 ____A C:\Users\Jastin\CPUID CPU-Z.lnk
2012-03-07 05:02 - 2011-09-21 07:25 - 0021992 ____A (CPUID) C:\Windows\System32\Drivers\cpuz135_x64.sys
2012-03-07 02:37 - 2012-04-04 04:45 - 0000000 ____D C:\Users\Jastin\Downloads\Ant Videos


============ 3 Months Modified Files and Folders =============

2012-04-06 11:33 - 2012-04-06 11:33 - 0000000 ____D C:\FRST
2012-04-06 07:30 - 2011-04-22 07:06 - 0063336 ____A C:\Windows\System32\BMXStateBkp-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
2012-04-06 07:30 - 2011-04-22 07:06 - 0063336 ____A C:\Windows\System32\BMXState-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
2012-04-06 07:30 - 2011-04-22 07:06 - 0000820 ____A C:\Windows\System32\DVCState-{00000007-00000000-00000000-00001102-0000000B-00431102}.rfx
2012-04-06 07:30 - 2010-01-31 21:16 - 1527657 ____A C:\Windows\WindowsUpdate.log
2012-04-06 07:28 - 2012-04-06 07:28 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-06 07:27 - 2009-07-13 21:13 - 0791498 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-06 07:27 - 2009-07-13 20:45 - 0018624 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-06 07:27 - 2009-07-13 20:45 - 0018624 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-06 07:26 - 2012-04-06 07:26 - 0000000 ____D C:\Users\Jastin\ds
2012-04-06 07:26 - 2010-01-31 21:15 - 0000000 ____D C:\users\Jastin
2012-04-06 07:23 - 2012-04-06 07:23 - 0018013 ____A C:\ComboFix.txt
2012-04-06 07:23 - 2012-04-06 07:02 - 0000000 ____D C:\ComboFix
2012-04-06 07:23 - 2012-04-04 02:36 - 0000000 ____D C:\Qoobox
2012-04-06 07:22 - 2012-03-31 09:21 - 0000000 ____D C:\Windows\ERDNT
2012-04-06 07:17 - 2012-04-06 07:17 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-06 07:17 - 2012-04-06 07:14 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-06 07:17 - 2011-11-16 09:54 - 0005204 ____A C:\Windows\PFRO.log
2012-04-06 07:17 - 2011-11-07 09:55 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\WTablet
2012-04-06 07:17 - 2011-06-29 16:44 - 0019220 ____A C:\Windows\setupact.log
2012-04-06 07:17 - 2011-05-15 17:05 - 0000000 ____D C:\Users\Jastin\AppData\Local\LogMeIn Hamachi
2012-04-06 07:17 - 2010-07-25 20:20 - 0024668 ____A C:\aaw7boot.log
2012-04-06 07:17 - 2010-03-17 20:47 - 0000000 ____D C:\Users\Jastin\AppData\Local\Apps\2.0
2012-04-06 07:17 - 2009-11-06 00:13 - 535363584 __ASH C:\hiberfil.sys
2012-04-06 07:17 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-06 07:17 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-06 07:16 - 2009-07-13 18:34 - 60555264 ____A C:\Windows\System32\config\software.bak
2012-04-06 07:16 - 2009-07-13 18:34 - 29622272 ____A C:\Windows\System32\config\system.bak
2012-04-06 07:16 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-04-06 07:16 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-06 07:16 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-06 07:14 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-06 07:03 - 2011-05-11 20:28 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505782071-1268228956-3274249183-1000UA.job
2012-04-06 06:34 - 2011-07-14 10:09 - 0000000 ____D C:\Users\Jastin\AppData\Local\Deployment
2012-04-05 16:46 - 2012-04-05 16:46 - 1143141 ____A C:\Users\Jastin\Desktop\dogs.png
2012-04-05 16:22 - 2012-04-05 16:21 - 1385843 ____A C:\Users\Jastin\Desktop\FRST64.exe
2012-04-05 15:59 - 2012-04-05 15:59 - 4333903 ____A C:\Users\Jastin\Desktop\ui so far.png
2012-04-05 15:31 - 2011-05-09 19:59 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-04-05 15:31 - 2011-05-09 19:59 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-04-05 11:06 - 2012-03-13 15:08 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\Winamp
2012-04-05 11:06 - 2012-03-02 16:47 - 0000000 ____D C:\users\test
2012-04-05 11:06 - 2011-12-09 04:41 - 0000000 ____D C:\users\everyone else
2012-04-05 11:06 - 2010-09-21 18:39 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\vlc
2012-04-05 11:06 - 2010-01-31 21:27 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-05 11:06 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-05 11:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-05 11:05 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-04-05 11:05 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-05 11:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-05 09:16 - 2011-05-11 20:28 - 0000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505782071-1268228956-3274249183-1000Core.job
2012-04-05 08:23 - 2010-01-31 21:52 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\uTorrent
2012-04-05 07:58 - 2012-04-05 07:58 - 0001653 ____A C:\Users\Jastin\Desktop\aswMBR.txt
2012-04-05 07:36 - 2012-04-05 07:35 - 0000000 ____D C:\Users\Jastin\Downloads\Sum 41 - The Best Of Sum 41 (2008) - Punk Rock [www.torrentazos.com]
2012-04-05 07:12 - 2012-04-05 07:11 - 4731392 ____A (AVAST Software) C:\Users\Jastin\Desktop\aswMBR.exe
2012-04-05 07:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-05 06:41 - 2012-04-05 06:39 - 0142212 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_10.39.56_log.txt
2012-04-05 06:39 - 2011-02-18 12:06 - 0000000 ____D C:\Users\Jastin\ddd
2012-04-05 04:23 - 2012-04-05 04:15 - 403485061 ____A C:\Users\Jastin\Downloads\Psych.S06E15.HDTV.x264-ASAP.mp4
2012-04-05 04:19 - 2012-04-05 04:16 - 168977399 ____A C:\Users\Jastin\Downloads\Happy.Endings.S02E21.HDTV.x264-LOL.mp4
2012-04-04 08:14 - 2012-04-04 07:22 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\To the Moon - Freebird Games
2012-04-04 07:21 - 2012-04-04 07:21 - 0000000 ____D C:\Program Files (x86)\Foxy Games
2012-04-04 07:14 - 2012-04-04 07:13 - 0000000 ____D C:\Users\Jastin\Downloads\To the Moon - Full PreCracked - Foxy Games
2012-04-04 06:05 - 2010-07-24 11:00 - 0000000 ____D C:\Users\Jastin\Downloads\Final Fantasy IX CD1
2012-04-04 05:33 - 2012-04-04 05:33 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\fltk.org
2012-04-04 04:45 - 2012-03-07 02:37 - 0000000 ____D C:\Users\Jastin\Downloads\Ant Videos
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-04 02:49 - 2012-04-04 02:49 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-04 02:35 - 2012-04-04 02:35 - 4455902 ____R (Swearware) C:\Users\Jastin\Desktop\ComboFix.exe
2012-04-03 07:56 - 2012-04-03 07:49 - 0000000 ____D C:\Users\Jastin\Downloads\Portishead - Roseland NYC Live
2012-04-03 07:46 - 2012-04-03 07:45 - 0000000 ____D C:\Users\Jastin\Downloads\Portishead - Dummy [ABR-320kbps]
2012-04-03 05:30 - 2012-04-03 05:30 - 0021270 ____A C:\Users\Jastin\Desktop\DDS.txt
2012-04-03 05:30 - 2012-04-03 05:30 - 0008143 ____A C:\Users\Jastin\Desktop\Attach.txt
2012-04-03 05:27 - 2012-04-03 05:27 - 0607260 ____R (Swearware) C:\Users\Jastin\Desktop\dds.scr
2012-04-03 05:18 - 2012-04-03 05:16 - 0139868 ____A C:\TDSSKiller.2.7.24.0_03.04.2012_09.16.47_log.txt
2012-04-03 05:17 - 2012-03-31 07:35 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-03 05:16 - 2012-04-03 05:16 - 2068528 ____A (Kaspersky Lab ZAO) C:\Users\Jastin\Desktop\tdsskiller.exe
2012-04-02 08:02 - 2012-04-02 07:48 - 0000000 ____D C:\Users\Jastin\Desktop\Alundra 1 and 2 (PSX)
2012-04-02 07:54 - 2012-04-02 07:54 - 0000000 ____D C:\Users\Jastin\Desktop\epsxe 1.7.0 and 1.6.0 (with GameShark, CodeBreaker, And Action Replay)
2012-04-02 02:44 - 2012-04-02 02:44 - 0000000 ____D C:\Users\Jastin\Desktop\Rawr WPF 4.3.8
2012-04-01 15:57 - 2012-04-01 15:57 - 0000000 ____D C:\Users\Jastin\Desktop\Dota
2012-04-01 15:40 - 2012-01-21 14:11 - 0000000 ____D C:\Users\Jastin\wow2
2012-04-01 15:32 - 2012-02-02 02:11 - 0000000 ____D C:\Users\Jastin\Downloads\Dexter Season 2 DVDRip XviD - SuperSeeds.Org
2012-04-01 15:24 - 2012-03-31 09:38 - 0139804 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_13.38.38_log.txt
2012-03-31 09:22 - 2012-03-31 09:21 - 0139632 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_13.21.45_log.txt
2012-03-31 07:47 - 2012-03-31 07:47 - 0137330 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_11.47.13_log.txt
2012-03-31 07:35 - 2012-03-31 07:33 - 0139794 ____A C:\TDSSKiller.2.7.23.0_31.03.2012_11.33.40_log.txt
2012-03-31 06:44 - 2012-03-31 06:44 - 0049624 ____A C:\Users\Jastin\Downloads\crash.dmp
2012-03-31 06:44 - 2012-03-31 06:44 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\Ad-Aware Antivirus
2012-03-31 06:43 - 2012-03-31 06:43 - 6176376 ____A (Lavasoft Limited) C:\Users\Jastin\Downloads\Adaware_Installer.exe
2012-03-31 05:44 - 2012-02-13 04:40 - 0001097 ____A C:\Users\Jastin\Malwarebytes Anti-Malware.lnk
2012-03-31 05:41 - 2010-02-01 23:55 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-29 02:21 - 2012-03-29 02:20 - 35115482 ____A C:\Users\Jastin\Optees UI.zip
2012-03-28 23:52 - 2012-03-28 23:45 - 183329888 ____A C:\Users\Jastin\Downloads\Happy.Endings.S02E20.HDTV.XviD-2HD.avi
2012-03-28 23:46 - 2012-03-28 23:44 - 0000000 ____D C:\Users\Jastin\Downloads\[ www.TorrentDay.com ] - New.Girl.S01E18.480p.WEB-DL.x264-mSD
2012-03-28 23:38 - 2012-03-13 12:19 - 0000000 ____D C:\jtv
2012-03-28 22:00 - 2011-04-13 06:46 - 0000000 ____D C:\Users\Jastin\Downloads\Daft Punk - TRON Legacy Soundtrack [Complete Edition](MP3@320Kbps)
2012-03-28 01:07 - 2012-03-28 01:07 - 0000000 ____D C:\Users\Jastin\Documents\Pokemon-Online Logs
2012-03-28 01:01 - 2011-12-16 15:49 - 0000924 ____A C:\Users\Jastin\Pokemon Online.lnk
2012-03-28 01:01 - 2011-03-04 19:11 - 0000000 ____D C:\Users\Jastin\Pokemon Online
2012-03-27 22:13 - 2010-06-26 21:25 - 0000000 ____D C:\Program Files (x86)\Steam
2012-03-25 22:14 - 2012-03-25 22:12 - 357274390 ____A C:\Users\Jastin\Downloads\Psych.S06E13.HDTV.x264-ASAP.mp4
2012-03-25 01:58 - 2010-01-31 22:31 - 0000000 ____D C:\Program Files (x86)\Warcraft III
2012-03-23 21:17 - 2012-03-23 21:14 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\Audacity
2012-03-23 21:13 - 2012-03-23 21:13 - 0000000 ____D C:\Program Files (x86)\Audacity
2012-03-22 22:53 - 2012-03-22 22:47 - 141511007 ____A C:\Users\Jastin\Downloads\30.Rock.S06E13.HDTV.x264-LOL.mp4
2012-03-22 22:51 - 2012-03-22 22:46 - 158420704 ____A C:\Users\Jastin\Downloads\30.Rock.S06E14.HDTV.x264-LOL.mp4
2012-03-21 13:04 - 2012-03-21 11:29 - 0000000 ____D C:\Users\test\AppData\Roaming\Winamp
2012-03-21 11:17 - 2012-03-21 11:15 - 0000000 ____D C:\Users\test\Documents\StarCraft II
2012-03-21 11:09 - 2012-03-02 16:48 - 0000000 ____D C:\Users\test\AppData\Local\LogMeIn Hamachi
2012-03-20 22:45 - 2012-03-08 23:49 - 0000000 ____D C:\Users\Jastin\Downloads\Friends
2012-03-20 21:51 - 2012-03-20 21:22 - 1482841585 ____A C:\Users\Jastin\Downloads\Psych.S06E12.720p.HDTV.x264-IMMERSE.mkv
2012-03-20 21:25 - 2012-03-20 21:21 - 127026508 ____A C:\Users\Jastin\Downloads\New.Girl.S01E17.HDTV.x264-LOL.[VTV].mp4
2012-03-20 21:25 - 2012-03-20 21:21 - 0000000 ____D C:\Users\Jastin\Downloads\How.I.Met.Your.Mother.S07E19.720p.HDTV.X264-DIMENSION-[SpastikusTV]
2012-03-19 16:54 - 2012-03-19 16:41 - 0000000 ____D C:\Users\Jastin\Downloads\friends-09
2012-03-18 23:25 - 2011-01-04 10:17 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\Skype
2012-03-14 23:20 - 2012-03-14 21:59 - 693521524 ____A C:\Users\Jastin\Downloads\Modern.Family.S03E18.720p.HDTV.X264-DIMENSION.mkv
2012-03-14 22:32 - 2012-03-14 22:01 - 0000000 ____D C:\Users\Jastin\Downloads\[ www.Speed.Cd ] - Happy.Endings.S02E18.720p.HDTV.X264-DIMENSION
2012-03-14 22:07 - 2012-03-14 22:02 - 0000000 ____D C:\Users\Jastin\Downloads\[ www.Speed.Cd ] - New.Girl.S01E16.720p.HDTV.X264-DIMENSION
2012-03-14 22:07 - 2012-03-14 21:59 - 0000000 ____D C:\Users\Jastin\Downloads\[ www.Speed.Cd ] - Psych.S06E12.720p.HDTV.x264-IMMERSE
2012-03-14 21:59 - 2012-03-14 21:58 - 395400058 ____A C:\Users\Jastin\Downloads\Psych.S06E12.HDTV.x264-ASAP.mp4
2012-03-14 16:54 - 2011-12-09 16:08 - 0000000 ____D C:\Users\Jastin\Downloads\XDEP
2012-03-13 15:27 - 2012-03-13 15:23 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\vexorian
2012-03-13 15:08 - 2010-02-02 18:28 - 0000000 ____D C:\Program Files (x86)\Winamp
2012-03-13 12:25 - 2010-02-07 05:14 - 0000000 ____D C:\Users\All Users\Adobe
2012-03-13 12:25 - 2010-02-07 05:14 - 0000000 ____D C:\ProgramData\Adobe
2012-03-13 12:18 - 2011-01-31 11:25 - 0000000 ____D C:\Program Files (x86)\HmelyoffLabs
2012-03-13 11:56 - 2012-03-13 11:56 - 6933939 ____A (Hmelyoff Labs ) C:\Users\Jastin\Downloads\VHSC_inst.exe
2012-03-13 09:51 - 2012-03-13 09:51 - 0000000 ____D C:\Users\Jastin\AppData\Local\SplitMediaLabs
2012-03-13 09:51 - 2012-02-29 18:18 - 0000000 ____D C:\Program Files (x86)\SplitMediaLabs
2012-03-13 08:19 - 2012-03-13 08:19 - 0000870 ____A C:\Users\Jastin\Downloads\Downloads - Shortcut.lnk
2012-03-12 17:42 - 2012-03-12 17:42 - 0000000 ____D C:\Users\Jastin\Downloads\Diablo & Hellfire
2012-03-09 15:03 - 2010-01-31 22:27 - 0000000 ____D C:\Program Files (x86)\Garena
2012-03-07 11:58 - 2012-03-07 11:57 - 0000000 ____D C:\Users\test\AppData\Roaming\Rainmeter
2012-03-07 11:57 - 2012-03-07 11:57 - 0000000 ____D C:\Users\test\Documents\Rainmeter
2012-03-07 11:57 - 2012-01-06 15:53 - 0000000 ____D C:\Program Files (x86)\osu!
2012-03-07 11:48 - 2012-03-02 16:47 - 0000000 ____D C:\Users\test\AppData\LocalLow
2012-03-07 11:39 - 2012-03-07 11:39 - 0000011 ____A C:\Users\test\Desktop\referral.txt
2012-03-07 11:35 - 2012-03-07 11:35 - 0000000 ____D C:\Users\test\AppData\Roaming\Adobe
2012-03-07 11:34 - 2012-03-07 11:34 - 0000000 ____D C:\Users\test\AppData\Roaming\Mozilla
2012-03-07 11:34 - 2012-03-07 11:34 - 0000000 ____D C:\Users\test\AppData\Local\Mozilla
2012-03-07 06:41 - 2012-03-07 05:02 - 0000913 ____A C:\Users\Jastin\CPUID CPU-Z.lnk
2012-03-07 06:03 - 2012-03-07 06:03 - 0000000 ____D C:\Swsetup
2012-03-07 05:58 - 2012-03-07 05:58 - 0000000 ____D C:\Users\All Users\ATI
2012-03-07 05:58 - 2012-03-07 05:58 - 0000000 ____D C:\ProgramData\ATI
2012-03-07 05:58 - 2012-03-07 05:58 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-07 05:57 - 2010-04-15 10:19 - 0000000 ____D C:\Program Files\ATI Technologies
2012-03-07 05:53 - 2012-03-07 05:53 - 0000000 ____D C:\AMD
2012-03-07 05:21 - 2012-03-07 05:21 - 0000000 ____D C:\Program Files (x86)\Geeks3D
2012-03-06 06:35 - 2010-01-31 23:06 - 0000000 ____D C:\Program Files (x86)\Diablo II
2012-03-06 00:22 - 2011-05-29 04:25 - 0051270 ____A C:\Users\Jastin\AppData\Roaming\room_v3.dat
2012-03-05 15:27 - 2012-03-05 15:24 - 0000000 ____D C:\Users\Jastin\Downloads\Windows 7 Ultimate Fully Activated Genuine x86 x64 - Team ! M-J-R !
2012-03-02 22:43 - 2012-03-02 22:43 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-03-02 16:48 - 2012-03-02 16:48 - 0071192 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-02 16:48 - 2012-03-02 16:48 - 0000000 ____D C:\Users\test\AppData\Roaming\Razer
2012-03-02 16:48 - 2012-03-02 16:48 - 0000000 ____D C:\Users\test\AppData\Roaming\Logitech
2012-03-02 16:48 - 2012-03-02 16:48 - 0000000 ____D C:\Users\test\AppData\Roaming\ATI
2012-03-02 16:48 - 2012-03-02 16:48 - 0000000 ____D C:\Users\test\AppData\Roaming\Apple Computer
2012-03-02 16:48 - 2012-03-02 16:48 - 0000000 ____D C:\Users\test\AppData\Local\ATI
2012-03-02 16:47 - 2012-03-02 16:47 - 0000174 ___SH C:\Users\test\Start Menu\Programs\Startup\desktop.ini
2012-03-02 16:47 - 2012-03-02 16:47 - 0000174 ___SH C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-02 16:47 - 2012-03-02 16:47 - 0000020 ___SH C:\Users\test\ntuser.ini
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\Templates
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\Start Menu
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\PrintHood
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\NetHood
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\My Documents
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\Documents\My Videos
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\Documents\My Pictures
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\Documents\My Music
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\AppData\Local\Temporary Internet Files
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 __SHD C:\Users\test\AppData\Local\History
2012-03-02 16:47 - 2012-03-02 16:47 - 0000000 ____D C:\Users\test\AppData\Roaming\WTablet
2012-03-02 14:17 - 2012-02-27 23:05 - 0000000 ____D C:\Users\Jastin\Downloads\Friends Season 5
2012-02-29 18:20 - 2011-08-17 12:08 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-29 18:17 - 2012-02-29 18:17 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-29 18:17 - 2012-02-29 18:17 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\SplitMediaLabs
2012-02-28 01:26 - 2010-02-21 14:20 - 0000000 ____D C:\Users\Jastin\.smplayer
2012-02-27 23:20 - 2012-02-27 23:05 - 0000000 ____D C:\Users\Jastin\Downloads\Friends Season 7
2012-02-27 23:19 - 2012-02-27 23:05 - 0000000 ____D C:\Users\Jastin\Downloads\Friends Season 6
2012-02-27 16:49 - 2012-02-27 16:49 - 0000000 ____D C:\Users\Jastin\Downloads\C++For.Dummies.PDF [-MomradN-]
2012-02-24 21:57 - 2010-07-21 15:21 - 0000000 ____D C:\aaaaaaaa
2012-02-24 21:49 - 2010-03-03 19:11 - 0000000 ____D C:\Users\Jastin\Pokemon Teams
2012-02-24 21:41 - 2012-02-24 21:41 - 0141954 ____A C:\Windows\DPINST.LOG
2012-02-24 21:40 - 2012-02-24 21:40 - 0000011 ___RA C:\Windows\amunres.lsl
2012-02-24 21:38 - 2011-01-31 09:57 - 0000000 ____D C:\Program Files (x86)\Dyyno
2012-02-24 21:36 - 2010-07-05 17:21 - 0000000 ____D C:\Program Files (x86)\Heroes of Newerth
2012-02-24 21:34 - 2010-03-03 12:32 - 0000000 ____D C:\Users\All Users\VMware
2012-02-24 21:34 - 2010-03-03 12:32 - 0000000 ____D C:\ProgramData\VMware
2012-02-23 19:26 - 2010-11-26 17:58 - 0000000 ____D C:\Program Files (x86)\StarCraft II
2012-02-23 03:08 - 2012-02-23 01:11 - 0000000 ____D C:\Users\Jastin\Downloads\Friends Season 3
2012-02-23 01:27 - 2012-02-23 01:23 - 0000000 ____D C:\Users\Jastin\Downloads\Friends Season 4
2012-02-22 16:51 - 2012-02-20 13:50 - 0000000 ____D C:\Users\Jastin\Downloads\Friends Season 2
2012-02-20 14:32 - 2010-02-05 17:38 - 0000000 ____D C:\Users\Jastin\Documents\My Games
2012-02-20 13:19 - 2012-02-20 12:59 - 0000000 ____D C:\Users\Jastin\Downloads\Borderlands(DIRECT PLAY with all 4 DLC's)
2012-02-20 11:26 - 2011-04-18 09:58 - 0000000 ____D C:\Program Files (x86)\Sanctum
2012-02-19 14:35 - 2010-03-29 10:16 - 0000000 ____D C:\Users\Jastin\AppData\Local\ElevatedDiagnostics
2012-02-19 14:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-19 08:22 - 2011-08-19 12:42 - 0000000 ____D C:\Program Files (x86)\Bastion
2012-02-19 00:08 - 2011-08-11 00:23 - 0000222 ____A C:\Users\Jastin\Documents\rominfo.txt
2012-02-18 23:08 - 2012-02-18 23:00 - 0274047 ____A C:\Users\Jastin\Documents\Super Mario All Stars (U).zs1
2012-02-18 22:46 - 2011-01-07 08:48 - 0000000 ____D C:\Users\Jastin\Downloads\Games
2012-02-18 22:42 - 2011-08-11 20:59 - 0008192 ____A C:\Users\Jastin\Documents\kirby.srm
2012-02-18 22:40 - 2012-02-18 22:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-02-18 22:40 - 2012-02-18 22:40 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-02-18 22:37 - 2012-02-18 22:37 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\MotioninJoy
2012-02-18 22:37 - 2012-02-18 22:37 - 0000000 ____D C:\Program Files\MotioninJoy
2012-02-17 15:24 - 2012-01-09 14:43 - 0000000 ____D C:\Users\Jastin\AppData\Local\Apps\F.lux
2012-02-17 12:55 - 2011-06-07 11:12 - 0001072 ____A C:\Windows\System32\settingsbkup.sfm
2012-02-17 12:55 - 2011-06-07 11:12 - 0001072 ____A C:\Windows\System32\settings.sfm
2012-02-15 18:06 - 2011-11-24 18:07 - 0000000 ____D C:\Users\Jastin\Downloads\Final Fantasy VIII Original Soundtrack
2012-02-15 16:56 - 2010-01-31 22:33 - 0283211 ____A C:\Windows\War3Unin.dat
2012-02-15 10:10 - 2012-02-15 09:32 - 0000000 ____D C:\Users\Jastin\Downloads\Bridget.Jones.The.Edge.of.Reason.2004.DVDRip.AC3.XviD-SPK.(UsaBit.com)
2012-02-14 16:00 - 2012-02-14 15:30 - 0000000 ____D C:\Users\Jastin\Downloads\Jason_Mraz's_Beautiful_Mess_Live_on_Earth_[DVDRIP][2009][hSk]
2012-02-14 07:22 - 2012-02-14 07:22 - 0000515 ____A C:\Users\Jastin\Documents\food.txt
2012-02-13 08:42 - 2012-02-13 08:39 - 3607147 ____A C:\Users\Jastin\Downloads\Organic Chemistry I as a Second Language 2nd ed - D. Klein (Wiley, 2007) BBS.pdf
2012-02-13 04:47 - 2012-02-13 04:47 - 0000052 ____A C:\Users\Jastin\Documents\malwarebytes.txt
2012-02-12 11:06 - 2012-02-12 11:06 - 0000000 ____A C:\Users\Jastin\Documents\sssss.txt
2012-02-08 18:31 - 2012-02-07 09:50 - 0016108 ____A C:\Users\everyone else\Documents\grad essay.docx
2012-02-03 08:43 - 2012-02-03 07:49 - 0000000 ____D C:\Users\Jastin\Downloads\Beauty And The Beast [1991] 720p ExtCut BRRip H264 AC3 - CODY
2012-02-02 10:53 - 2012-02-02 10:34 - 0003763 ____A C:\Users\Jastin\Documents\multibox.txt
2012-01-31 18:23 - 2011-12-09 04:42 - 0000000 ____D C:\Users\everyone else\AppData\Local\LogMeIn Hamachi
2012-01-31 01:37 - 2012-01-31 01:35 - 0000000 ____D C:\Users\Jastin\Downloads\Terms_of_Endearment_stereo
2012-01-30 06:58 - 2012-01-30 05:08 - 0000000 ____D C:\Users\Jastin\Downloads\The Melancholy of Haruhi Suzumiya
2012-01-30 06:49 - 2010-02-15 19:51 - 0000000 ____D C:\Users\All Users\Apple
2012-01-30 06:49 - 2010-02-15 19:51 - 0000000 ____D C:\ProgramData\Apple
2012-01-23 14:35 - 2011-01-15 17:48 - 0000000 ____D C:\Users\Jastin\AppData\Roaming\Rainmeter
2012-01-22 04:15 - 2012-01-22 04:03 - 0000000 ____D C:\Users\Jastin\Downloads\Tampopo (aka Dandelion) (1985)
2012-01-21 14:51 - 2010-07-27 16:35 - 0000000 ____D C:\Users\Public\Games
2012-01-16 09:40 - 2012-01-16 09:40 - 0000000 ____D C:\Users\everyone else\AppData\Roaming\Nero
2012-01-12 10:24 - 2012-01-12 10:24 - 4303241 ____A C:\Users\Jastin\Downloads\ZygorGuides-3.3.3294.rar
2012-01-12 06:31 - 2012-01-12 06:31 - 0009187 ____A C:\Users\Jastin\Documents\50.txt
2012-01-12 05:18 - 2012-01-12 05:18 - 0000008 _RASH C:\Users\All Users\ntuser.pol
2012-01-12 05:18 - 2012-01-12 05:18 - 0000008 _RASH C:\ProgramData\ntuser.pol
2012-01-12 05:17 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-01-11 16:25 - 2012-01-11 16:23 - 0013805 ____A C:\Users\everyone else\Documents\Addendum Family Assessment.docx
2012-01-11 08:02 - 2009-07-13 20:45 - 0313336 ____A C:\Windows\System32\FNTCACHE.DAT
2012-01-11 07:48 - 2012-01-11 07:41 - 0011452 __ASH C:\Users\Jastin\AppData\Local\l14s4ea272oue13g17
2012-01-11 07:48 - 2012-01-11 07:41 - 0011452 __ASH C:\Users\All Users\l14s4ea272oue13g17
2012-01-11 07:48 - 2012-01-11 07:41 - 0011452 __ASH C:\ProgramData\l14s4ea272oue13g17
2012-01-11 07:48 - 2012-01-09 08:27 - 0001738 ____A C:\Users\Jastin\Rainmeter.lnk
2012-01-11 01:50 - 2012-01-11 01:50 - 0001119 ____A C:\Users\Jastin\GOM Player.lnk
2012-01-10 17:13 - 2011-12-13 18:42 - 0000000 ____D C:\Users\everyone else\AppData\Local\Adobe
2012-01-10 17:13 - 2011-12-09 14:36 - 0000000 ____D C:\Users\everyone else\AppData\Roaming\Adobe
2012-01-09 20:51 - 2012-01-09 20:51 - 0000299 ____A C:\Users\Jastin\Documents\ssdsada.txt
2012-01-09 10:51 - 2011-12-09 04:42 - 0071192 ____A C:\Users\everyone else\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-09 10:46 - 2010-01-31 23:45 - 0071192 ____A C:\Users\Jastin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-09 10:05 - 2011-01-15 17:48 - 0000000 ____D C:\Users\Jastin\Documents\Rainmeter
2012-01-09 09:34 - 2009-07-13 15:55 - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-01-09 09:34 - 2009-07-13 15:54 - 2851328 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2012-01-09 09:34 - 2009-07-13 15:54 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2012-01-09 08:27 - 2011-01-15 17:48 - 0000000 ____D C:\Program Files\Rainmeter
2012-01-08 07:47 - 2010-11-26 17:58 - 0000000 ____D C:\Users\Jastin\Documents\StarCraft II

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6142.09 MB
Available physical RAM: 5407.84 MB
Total Pagefile: 6140.23 MB
Available Pagefile: 5393.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:164.16 GB) NTFS
3 Drive f: () (Removable) (Total:0.93 GB) (Free:0.92 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 952 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 698 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 952 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-03-30 08:29

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 06 April 2012 - 02:07 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 aec; C:\Windows\System32\cpsvc.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\cpsvc.dll
NETSVC: aec

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jastin

jastin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 07 April 2012 - 10:15 AM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-07 11:11:54 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
aec service deleted successfully.
C:\Windows\System32\cpsvc.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs aec Deleted successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 07 April 2012 - 11:38 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

File::
C:\Windows\system32\consrv.dll
C:\Windows\system32\cpsvc.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jastin

jastin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 08 April 2012 - 11:21 AM

Everything seems to be working normally.







ComboFix 12-04-04.01 - Jastin 04/08/2012 11:53:36.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6142.4610 [GMT -4:00]
Running from: c:\users\Jastin\Desktop\ComboFix.exe
Command switches used :: c:\users\Jastin\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\system32\consrv.dll"
"c:\windows\system32\cpsvc.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 16:00 . 2012-04-08 16:00 -------- d-----w- c:\users\test\AppData\Local\temp
2012-04-08 16:00 . 2012-04-08 16:00 -------- d-----w- c:\users\everyone else\AppData\Local\temp
2012-04-08 16:00 . 2012-04-08 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 19:33 . 2012-04-06 19:37 -------- d-----w- C:\FRST
2012-04-06 15:26 . 2012-04-06 15:26 -------- d-----w- c:\users\Jastin\ds
2012-04-04 15:22 . 2012-04-04 16:14 -------- d-----w- c:\users\Jastin\AppData\Roaming\To the Moon - Freebird Games
2012-04-04 15:21 . 2012-04-04 15:21 -------- d-----w- c:\program files (x86)\Foxy Games
2012-04-04 15:21 . 2012-04-04 15:21 -------- d-----w- C:\Downloads
2012-04-04 13:33 . 2012-04-04 13:33 -------- d-----w- c:\users\Jastin\AppData\Roaming\fltk.org
2012-03-31 15:35 . 2012-04-03 13:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-31 14:44 . 2012-03-31 14:44 -------- d-----w- c:\users\Jastin\AppData\Roaming\Ad-Aware Antivirus
2012-03-24 05:14 . 2012-03-24 05:17 -------- d-----w- c:\users\Jastin\AppData\Roaming\Audacity
2012-03-24 05:13 . 2012-03-24 05:13 -------- d-----w- c:\program files (x86)\Audacity
2012-03-21 19:29 . 2012-03-21 21:04 -------- d-----w- c:\users\test\AppData\Roaming\Winamp
2012-03-17 17:54 . 2012-03-17 17:54 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 17:54 . 2012-03-17 17:54 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-13 23:23 . 2012-03-13 23:27 -------- d-----w- c:\users\Jastin\AppData\Roaming\vexorian
2012-03-13 23:08 . 2007-03-07 23:51 129784 ------w- c:\windows\SysWow64\pxafs.dll
2012-03-13 23:08 . 2012-04-05 19:06 -------- d-----w- c:\users\Jastin\AppData\Roaming\Winamp
2012-03-13 20:19 . 2012-03-29 07:38 -------- d-----w- C:\jtv
2012-03-13 17:51 . 2012-03-13 17:51 -------- d-----w- c:\users\Jastin\AppData\Local\SplitMediaLabs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 02:20 . 2011-08-17 20:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-09 17:34 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-01-09 17:34 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2012-01-09 17:34 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_15.17.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-01 06:00 . 2012-04-07 15:15 50986 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-05 15:10 30480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-07 15:15 30480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-01 05:52 . 2012-04-07 15:15 16794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3505782071-1268228956-3274249183-1000_UserData.bin
+ 2009-11-06 08:17 . 2012-04-08 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-06 08:17 . 2012-04-05 15:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-31 19:05 . 2012-04-08 09:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-31 19:05 . 2012-04-05 15:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 15:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-01 10:11 . 2012-04-06 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-01 10:11 . 2012-04-08 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-01 10:11 . 2012-04-08 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-01 10:11 . 2012-04-06 15:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 15:17 . 2012-04-06 15:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 16:02 . 2012-04-08 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 16:02 . 2012-04-08 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-06 15:17 . 2012-04-06 15:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-04-06 15:10 442368 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-08 16:02 442368 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-04-03 15:47 668348 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 15:27 668348 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-03 15:47 124534 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-06 15:27 124534 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-08 16:00 274176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-06 15:15 274176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-06 15:10 8142848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 08:54 8142848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-19 01:16 . 2012-04-06 15:15 1822568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-19 01:16 . 2012-04-08 08:53 1822568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 04:54 . 2012-04-06 15:10 14254080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 08:54 14254080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-04-06 12:09 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-08 09:41 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-07-06 20:25 . 2012-04-08 16:00 21390424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3505782071-1268228956-3274249183-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ASRockOCTuner"="" [BU]
"ASRockIES"="" [BU]
"zASRockInstantBoot"="" [BU]
"QuickGammaLoader"="c:\program files (x86)\QuickGamma\QuickGammaLoader.exe" [2011-03-11 100352]
"QuickGammaResume"="" [BU]
"F.lux"="c:\users\Jastin\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2007-10-10 36352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2009-10-08 232960]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2011-02-08 63360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
.
c:\users\Jastin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-7-14 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
R3 ALSysIO;ALSysIO;c:\users\Jastin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\Jastin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-22 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-22 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-04-22 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Jastin\AppData\Local\Temp\GPU-Z.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\DRIVERS\SscRdBus.sys [x]
S0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\DRIVERS\SscRdCls.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505782071-1268228956-3274249183-1000Core.job
- c:\users\Jastin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 04:28]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505782071-1268228956-3274249183-1000UA.job
- c:\users\Jastin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 04:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1609296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Jastin\AppData\Roaming\Mozilla\Firefox\Profiles\ngeawjil.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3505782071-1268228956-3274249183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-08 12:07:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 16:07
ComboFix2.txt 2012-04-08 15:48
ComboFix3.txt 2012-04-06 15:23
ComboFix4.txt 2012-04-04 11:00
.
Pre-Run: 181,608,611,840 bytes free
Post-Run: 181,508,145,152 bytes free
.
- - End Of File - - DDE608D02722963E772A0D91F809A0E5

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 08 April 2012 - 12:09 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.3.2
Advertising Center
Java™ 6 Update 24
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jastin

jastin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 09 April 2012 - 10:57 AM

No problems so far

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.08.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Jastin :: JASTIN-PC [administrator]

Protection: Disabled

4/9/2012 11:51:58 AM
mbam-log-2012-04-09 (11-51-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241490
Time elapsed: 2 minute(s), 33 second(s)

========================================================================================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:54 AM, on 4/9/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe
O4 - HKCU\..\Run: [F.lux] "C:\Users\Jastin\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin
O4 - Startup: CurseClientStartup.ccip
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11392 bytes


Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by jastin, 09 April 2012 - 10:58 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:47 AM

Posted 09 April 2012 - 01:13 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - HKCU\..\Run: [QuickGammaLoader] C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe
      O4 - HKCU\..\Run: [F.lux] "C:\Users\Jastin\Local Settings\Apps\F.lux\flux.exe" /noshow
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_Plugin.exe -update plugin
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jastin

jastin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 10 April 2012 - 08:00 AM

C:\aaaaaaaa\RemoteDll.exe a variant of Win32/RemoteDLL.A application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\41\b023ae9-69ffc041 a variant of OSX/Exploit.Smid.B trojan
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\dk1.4-0.2.6.zip probably a variant of Win32/Agent.CXDRQFS trojan
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\EPLite_v100_Final_D2v112.zip a variant of Win32/HackTool.Inject.H application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\Mirr0rs_cracked_TMCPK.zip a variant of Win32/RemoteDLL.A application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\rcpd hack.zip a variant of Win32/HackTool.CheatEngine.AB application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\crap\cakepubII.zip probably a variant of Win32/Obfuscated.CRWOEDP trojan
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\crap\Xterminator Engine 2[1][1].0.rar multiple threats
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\crap\ce\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\crap\ce\Xterminator.dll a variant of Win32/HackTool.CheatEngine.AA application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\Maple\GMS-MSEA_Public_Multi_Hack_~_Aug_6_Update(2).rar multiple threats
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\Maple\GMS-MSEA_Public_Multi_Hack_~_Aug_6_Update.rar multiple threats
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\Maple\KoC_No_Delay.exe.zip Win32/HackTool.CheatEngine.AB application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\Maple\Multiple_Login+OmfgIAreWin's Guide.rar a variant of MSIL/TrojanDropper.Agent.E trojan
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\Maple\v74_TwikiE_Trainer.exe.zip Win32/HackTool.CheatEngine.AB application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\Maple\Winject.rar a variant of Win32/HackTool.Inject.F application
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\Desktop\stuff\znes\JungleFlasher.0.1.64.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
C:\aaaaaaaa\crap\Old Computer\Documents and Settings\Owner\My Documents\Azureus Downloads\Ahead.Nero.v8.1.1.0.Ultra.Edition.Incl.Keymaker-EMBRACE\e-ne8101.zip a variant of Win32/Keygen.DA application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\assembly\temp\U\80000032.@.vir a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
C:\Users\Jastin\Documents\download\flamingl\xg\AutoTele 1.2a.rar a variant of Win32/RemoteDLL.A application
C:\Users\Jastin\Documents\download\flamingl\xg\KeyFinderInstaller.exe Win32/OpenCandy application
C:\Users\Jastin\Documents\download\flamingl\xg\RemoteDll.exe a variant of Win32/RemoteDLL.A application
C:\Users\Jastin\Downloads\Dragon Naturally Speaking V10 Preferred.rar a variant of Win32/Keygen.AG application
C:\Users\Jastin\Downloads\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE(Murlok)\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE\e-vmw701.zip a variant of Win32/Keygen.BN application
C:\Users\Jastin\Downloads\Windows 7 Ultimate (64 Bit)\File Sharing Programs\Frost-Wire 4.21.1.exe Win32/OpenCandy application
C:\Users\Jastin\Downloads\Windows 7 Ultimate Fully Activated Genuine x86 x64 - Team ! M-J-R !\Windows 7 Loader.zip a variant of Win32/HackKMS.A application
C:\Users\Jastin\Downloads\Windows XP Pro SP3 - Activated\WXPVOL_EN.iso a variant of Win32/PSWTool.RAS.A application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users