Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

consrv.dll


  • This topic is locked This topic is locked
20 replies to this topic

#1 Disco_Stew

Disco_Stew

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 14 April 2012 - 11:30 PM

I haven't been able to turn on Windows Defender or Windows Firewall and when I looked up the error code it gave (Error Code: 0x80070424), MS Answers indicated that it was likely that I had downloaded consrv.dll. I looked in C: and it was there so I looked into how to get rid of it and it seems to be quite a process. I've run Malwarebytes (full scan), a RSS Killer, and TDSS Killer but the TDSS Killer was the only one to find anything, deleted the one malicious program, but consrv.dll persists. After reading through forums about the virus, it seems like I would end up doing more harm than good if I tried to remove it on my own.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Spencer at 22:08:11 on 2012-04-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6043 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Spencer\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Spencer\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Google Update] "C:\Users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Spencer\AppData\Local\Akamai\netsession_win.exe"
mRun: [<NO NAME>]
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{7D276958-25DF-44DC-8ECF-1F77C7FB589F} : DhcpNameServer = 192.168.0.1 205.171.2.25
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [(Default)]
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-14 8704]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-11 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-11 135664]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-4-22 124256]
S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-2-5 90112]
S4 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-4-10 294912]
.
=============== Created Last 30 ================
.
2012-04-15 02:40:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 02:27:05 -------- d-----w- C:\Anti-malware
2012-04-15 00:48:46 -------- d-----w- C:\Users\Spencer\AppData\Roaming\Malwarebytes
2012-04-15 00:48:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-15 00:48:41 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-15 00:48:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-09 18:46:30 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-09 18:46:30 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-09 18:46:29 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-09 18:37:38 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-04-06 08:00:13 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 07:39:35 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-04-06 07:26:38 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-06 07:25:38 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-06 07:25:31 -------- d-----we C:\Windows\system64
2012-04-03 04:13:37 -------- d-----w- C:\Program Files\iPod
2012-04-03 04:13:36 -------- d-----w- C:\Program Files\iTunes
2012-03-31 19:44:50 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{33BE27FD-7F5F-4090-9191-906B094E9DC3}\mpengine.dll
2012-03-21 18:24:07 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-21 18:24:04 -------- d-----w- C:\Program Files\AMD
2012-03-21 18:24:00 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-03-20 05:54:17 -------- d-----w- C:\Program Files (x86)\Diablo II
2012-03-20 03:01:43 -------- d-----w- C:\Users\Spencer\D2LOD-1.12A-enUS
2012-03-19 06:42:47 -------- d-----w- C:\Users\Spencer\AppData\Local\THQ
.
==================== Find3M ====================
.
2012-04-14 00:00:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:10:18 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 04:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-15 04:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 04:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-15 04:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-15 04:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-15 04:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-15 04:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 04:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-01-31 12:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 22:08:59.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 15 April 2012 - 12:16 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Disco_Stew

Disco_Stew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 15 April 2012 - 01:45 AM

Muchas gracias Gringo.

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 15-04-2012 00:39:41
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Spencer\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-06-30] ()
HKU\Spencer\...\Run: [Google Update] "C:\Users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-09-23] (Google Inc.)
HKU\Spencer\...\Run: [Akamai NetSession Interface] "C:\Users\Spencer\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-13] (Adobe Systems Incorporated)
2 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [122880 2009-03-15] (AMD)
4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-04-22] ()
4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-01] ()
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
4 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [294912 2009-04-10] (DeviceVM)
2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-02-20] (Hi-Rez Studios)
4 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-07] (Logitech Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-03-29] (NOS Microsystems Ltd.)
3 npggsvc; C:\Windows\SysWow64\GameMon.des -service [4066168 2011-04-24] (INCA Internet Co., Ltd.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-01-07] ()
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10856960 2012-02-14] (Advanced Micro Devices, Inc.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [14392 2007-12-17] ()
3 atikmdag; C:\Windows\System32\Drivers\atikmdag.sys [10856960 2012-02-14] (Advanced Micro Devices, Inc.)
2 iPodDrv; C:\Windows\System32\Drivers\iPodDrv.sys [14952 2011-07-27] (Windows ® Codename Longhorn DDK provider)
3 lvpepf64; C:\Windows\System32\DRIVERS\lv302a64.sys [15896 2009-04-30] (Logitech Inc.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
0 mv61xx; C:\Windows\System32\Drivers\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.)
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V64.SYS [2755096 2009-04-30] (Logitech Inc.)
3 rcmirror; C:\Windows\System32\Drivers\rcmirror.sys [4608 2010-01-18] (Windows ® Win 7 DDK provider)
2 RtNdPt60; C:\Windows\System32\Drivers\RtNdPt60.sys [26624 2007-12-10] (Windows ® Codename Longhorn DDK provider)
3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [43008 2008-10-23] (Realtek Corporation)
3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [24064 2007-12-02] (Windows ® Codename Longhorn DDK provider)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [43008 2008-10-23] (Realtek Corporation)
3 dump_wmimmc; \??\C:\gPotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 X6va005; \??\C:\Users\Spencer\AppData\Local\Temp\005F8A3.tmp [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-14 20:11 - 2012-04-14 20:11 - 0017075 ____A C:\Users\Spencer\Desktop\Attach.txt
2012-04-14 20:10 - 2012-04-14 20:10 - 0026911 ____A C:\Users\Spencer\Desktop\DDS.txt
2012-04-14 20:07 - 2012-04-14 20:07 - 0607260 ____R (Swearware) C:\Users\Spencer\Desktop\dds.scr
2012-04-14 19:15 - 2012-04-14 19:15 - 1385843 ____A C:\Users\Spencer\Downloads\FRST64.exe
2012-04-14 18:44 - 2012-04-14 18:53 - 0008354 ____A C:\Users\Spencer\Desktop\Erasing rootkits.txt
2012-04-14 18:40 - 2012-04-14 18:40 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-14 18:39 - 2012-04-14 18:53 - 0129090 ____A C:\TDSSKiller.2.7.28.0_14.04.2012_20.39.26_log.txt
2012-04-14 18:39 - 2012-04-14 18:39 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\Spencer\Downloads\tdsskiller.exe
2012-04-14 18:27 - 2012-04-14 18:27 - 0000000 ____D C:\Anti-malware
2012-04-14 18:22 - 2012-04-14 18:22 - 0001205 ____A C:\Users\Spencer\Downloads\FixNCR (1).reg
2012-04-14 18:20 - 2012-04-14 18:20 - 0001205 ____A C:\Users\Spencer\Downloads\FixNCR.reg
2012-04-14 17:08 - 2012-04-14 17:09 - 0001408 ____A C:\rkill.log
2012-04-14 17:07 - 2012-04-14 17:07 - 1008141 ____A C:\Users\Spencer\Downloads\iExplore.exe
2012-04-14 16:48 - 2012-04-14 16:48 - 0000000 ____D C:\Users\Spencer\AppData\Roaming\Malwarebytes
2012-04-14 16:48 - 2012-04-14 16:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-14 16:48 - 2012-04-14 16:48 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-14 16:48 - 2012-04-14 16:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 16:48 - 2012-04-04 13:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-14 16:46 - 2012-04-14 16:46 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\Spencer\Downloads\mbam-setup.exe
2012-04-14 16:33 - 2012-04-14 16:33 - 5154304 ____A C:\Users\Spencer\Downloads\WindowsDefender.msi
2012-04-09 10:46 - 2011-11-19 10:30 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-09 10:46 - 2011-11-19 06:25 - 3957616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-09 10:46 - 2011-11-19 06:25 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-09 10:39 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-09 10:39 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-09 10:39 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-09 10:39 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-09 10:39 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-09 10:39 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-04-09 10:39 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-09 10:39 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-04-09 10:39 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-09 10:39 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-04-09 10:39 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-09 10:39 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-09 10:39 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-04-09 10:39 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-09 10:39 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-09 10:39 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-09 10:39 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-09 10:39 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-09 10:39 - 2012-01-04 01:59 - 14164480 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-04-09 10:39 - 2012-01-04 01:58 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-04-09 10:39 - 2012-01-04 01:03 - 12868096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-04-09 10:39 - 2012-01-04 01:03 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-04-09 10:39 - 2012-01-02 22:24 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-04-09 10:39 - 2012-01-02 21:44 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-04-09 10:39 - 2011-12-27 19:59 - 0499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-04-09 10:39 - 2011-11-16 23:17 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-04-09 10:39 - 2011-11-16 23:17 - 0095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-04-09 10:39 - 2011-11-16 23:15 - 0460296 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-04-09 10:39 - 2011-11-16 23:12 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-04-09 10:39 - 2011-11-16 23:11 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-04-09 10:39 - 2011-11-16 23:11 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-04-09 10:39 - 2011-11-16 23:11 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-04-09 10:39 - 2011-11-16 23:10 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-04-09 10:39 - 2011-11-16 23:08 - 1446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-04-09 10:39 - 2011-11-16 23:05 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-04-09 10:39 - 2011-11-16 21:39 - 0314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-04-09 10:39 - 2011-11-16 21:39 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-04-09 10:39 - 2011-11-16 21:39 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-04-09 10:39 - 2011-11-16 21:35 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-04-09 10:37 - 2011-12-16 00:45 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-09 10:37 - 2011-12-16 00:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-09 10:37 - 2011-12-16 00:45 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-09 10:37 - 2011-12-16 00:42 - 9335296 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-09 10:37 - 2011-12-16 00:42 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-09 10:37 - 2011-12-16 00:42 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-09 10:37 - 2011-12-16 00:42 - 0634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-04-09 10:37 - 2011-12-16 00:42 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-09 10:37 - 2011-12-16 00:42 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-09 10:37 - 2011-12-16 00:41 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-09 10:37 - 2011-12-16 00:41 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-09 10:37 - 2011-12-16 00:40 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-09 10:37 - 2011-12-16 00:40 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-09 10:37 - 2011-12-16 00:40 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-09 10:37 - 2011-12-16 00:40 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-09 10:37 - 2011-12-16 00:40 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-09 10:37 - 2011-12-16 00:38 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-09 10:37 - 2011-12-16 00:02 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-09 10:37 - 2011-12-16 00:02 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-09 10:37 - 2011-12-16 00:02 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-09 10:37 - 2011-12-15 23:59 - 5999104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-09 10:37 - 2011-12-15 23:59 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-04-09 10:37 - 2011-12-15 23:59 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-09 10:37 - 2011-12-15 23:59 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-09 10:37 - 2011-12-15 23:59 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-09 10:37 - 2011-12-15 23:59 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-09 10:37 - 2011-12-15 23:58 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-09 10:37 - 2011-12-15 23:58 - 10991104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-09 10:37 - 2011-12-15 23:58 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-09 10:37 - 2011-12-15 23:58 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-09 10:37 - 2011-12-15 23:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-09 10:37 - 2011-12-15 23:58 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-09 10:37 - 2011-12-15 23:58 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-09 10:37 - 2011-12-15 23:56 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-09 10:37 - 2011-12-15 23:26 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-09 10:37 - 2011-12-15 22:49 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-09 10:37 - 2011-12-15 22:43 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-09 10:37 - 2011-12-15 22:15 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-06 00:00 - 2012-04-13 16:00 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-05 23:39 - 2012-04-05 23:39 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-05 23:26 - 2012-04-09 10:30 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-05 23:25 - 2012-04-14 22:00 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-05 23:25 - 2012-04-13 16:00 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-05 23:25 - 2012-04-05 23:25 - 0000000 ____D C:\Windows\system64
2012-04-02 20:13 - 2012-04-02 20:13 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-02 20:13 - 2012-04-02 20:13 - 0000000 ____D C:\Program Files\iTunes
2012-04-02 20:13 - 2012-04-02 20:13 - 0000000 ____D C:\Program Files\iPod
2012-03-21 10:29 - 2012-03-21 10:29 - 0000000 ____D C:\Users\All Users\ATI
2012-03-21 10:29 - 2012-03-21 10:29 - 0000000 ____D C:\ProgramData\ATI
2012-03-21 10:24 - 2012-03-21 10:24 - 0002047 ____A C:\Users\All Users\Start Menu\Programs\Startup\AML Device Install.lnk
2012-03-21 10:24 - 2012-03-21 10:24 - 0000000 ____D C:\Program Files\AMD
2012-03-21 10:24 - 2012-03-21 10:24 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-03-21 10:24 - 2012-03-21 10:24 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-20 22:49 - 2012-03-20 22:49 - 0001720 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-03-20 22:14 - 2012-03-20 22:45 - 0000000 ____D C:\Users\Spencer\Desktop\LeagueOfLegends
2012-03-20 22:13 - 2012-03-20 22:13 - 2288128 ____A C:\Users\Spencer\Downloads\LeagueofLegends (1).exe
2012-03-19 21:55 - 2012-03-19 21:55 - 0001129 ____A C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2012-03-19 21:54 - 2012-03-23 12:20 - 0000000 ____D C:\Program Files (x86)\Diablo II
2012-03-19 21:48 - 2012-03-19 21:58 - 0000000 ____A C:\BnetLog.txt
2012-03-19 20:37 - 2012-03-19 20:38 - 2764856 ____A (Blizzard Entertainment) C:\Users\Spencer\Downloads\Downloader_Diablo2_enUS.exe
2012-03-19 20:16 - 2012-03-19 20:16 - 2678869 ____A (Blizzard Entertainment) C:\Users\Spencer\Downloads\Downloader_Diablo2_Lord_of_Destruction_enUS (2).exe
2012-03-19 20:14 - 2012-03-19 20:14 - 2678869 ____A (Blizzard Entertainment) C:\Users\Spencer\Downloads\Downloader_Diablo2_Lord_of_Destruction_enUS (1).exe
2012-03-19 19:01 - 2012-03-19 20:11 - 0000000 ____D C:\Users\Spencer\D2LOD-1.12A-enUS
2012-03-19 19:01 - 2012-03-19 19:01 - 2678869 ____A (Blizzard Entertainment) C:\Users\Spencer\Downloads\Downloader_Diablo2_Lord_of_Destruction_enUS.exe
2012-03-18 22:42 - 2012-03-18 22:42 - 0000000 ____D C:\Users\Spencer\AppData\Local\THQ
2012-03-18 19:04 - 2012-03-18 19:04 - 1606656 ____A C:\Users\Spencer\Downloads\SteamInstall (2).msi
2012-03-18 19:03 - 2012-03-18 19:03 - 1606656 ____A C:\Users\Spencer\Downloads\SteamInstall (1).msi
2012-03-18 19:02 - 2012-03-18 19:02 - 1606656 ____A C:\Users\Spencer\Downloads\SteamInstall.msi


============ 3 Months Modified Files and Folders =============

2012-04-15 00:39 - 2012-04-15 00:39 - 0000000 ____D C:\FRST
2012-04-14 22:35 - 2010-02-05 03:10 - 1202151 ____A C:\Windows\WindowsUpdate.log
2012-04-14 22:00 - 2012-04-05 23:25 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-14 21:40 - 2011-09-26 17:12 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436757911-3533439838-4145323189-1001UA.job
2012-04-14 21:40 - 2010-03-10 22:47 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-14 21:40 - 2010-03-10 22:47 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-14 21:10 - 2011-12-20 09:08 - 0272179 ____A C:\Windows\DirectX.log
2012-04-14 21:10 - 2010-02-05 15:21 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-14 20:39 - 2010-02-05 12:22 - 0000000 ____D C:\Users\Spencer\AppData\Local\PMB Files
2012-04-14 20:39 - 2010-02-05 12:22 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-14 20:39 - 2010-02-05 12:22 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-14 20:11 - 2012-04-14 20:11 - 0017075 ____A C:\Users\Spencer\Desktop\Attach.txt
2012-04-14 20:10 - 2012-04-14 20:10 - 0026911 ____A C:\Users\Spencer\Desktop\DDS.txt
2012-04-14 20:07 - 2012-04-14 20:07 - 0607260 ____R (Swearware) C:\Users\Spencer\Desktop\dds.scr
2012-04-14 19:47 - 2009-07-13 20:45 - 0015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-14 19:47 - 2009-07-13 20:45 - 0015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-14 19:44 - 2009-07-13 21:13 - 0743290 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-14 19:40 - 2011-12-29 12:46 - 0032024 ____A C:\Windows\PFRO.log
2012-04-14 19:40 - 2011-12-19 13:37 - 0006640 ____A C:\Windows\setupact.log
2012-04-14 19:40 - 2010-02-06 04:01 - 2146832384 __ASH C:\hiberfil.sys
2012-04-14 19:40 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-14 19:15 - 2012-04-14 19:15 - 1385843 ____A C:\Users\Spencer\Downloads\FRST64.exe
2012-04-14 18:53 - 2012-04-14 18:44 - 0008354 ____A C:\Users\Spencer\Desktop\Erasing rootkits.txt
2012-04-14 18:53 - 2012-04-14 18:39 - 0129090 ____A C:\TDSSKiller.2.7.28.0_14.04.2012_20.39.26_log.txt
2012-04-14 18:40 - 2012-04-14 18:40 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-14 18:39 - 2012-04-14 18:39 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\Spencer\Downloads\tdsskiller.exe
2012-04-14 18:27 - 2012-04-14 18:27 - 0000000 ____D C:\Anti-malware
2012-04-14 18:22 - 2012-04-14 18:22 - 0001205 ____A C:\Users\Spencer\Downloads\FixNCR (1).reg
2012-04-14 18:20 - 2012-04-14 18:20 - 0001205 ____A C:\Users\Spencer\Downloads\FixNCR.reg
2012-04-14 17:09 - 2012-04-14 17:08 - 0001408 ____A C:\rkill.log
2012-04-14 17:07 - 2012-04-14 17:07 - 1008141 ____A C:\Users\Spencer\Downloads\iExplore.exe
2012-04-14 16:48 - 2012-04-14 16:48 - 0000000 ____D C:\Users\Spencer\AppData\Roaming\Malwarebytes
2012-04-14 16:48 - 2012-04-14 16:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-14 16:48 - 2012-04-14 16:48 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-14 16:48 - 2012-04-14 16:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 16:46 - 2012-04-14 16:46 - 10063024 ____A (Malwarebytes Corporation ) C:\Users\Spencer\Downloads\mbam-setup.exe
2012-04-14 16:33 - 2012-04-14 16:33 - 5154304 ____A C:\Users\Spencer\Downloads\WindowsDefender.msi
2012-04-14 14:14 - 2011-07-26 13:34 - 0000000 ____D C:\Users\Spencer\riotsGamesLogs
2012-04-14 10:40 - 2011-09-26 17:12 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436757911-3533439838-4145323189-1001Core.job
2012-04-13 20:42 - 2011-09-26 17:12 - 0002413 ____A C:\Users\Spencer\Desktop\Google Chrome.lnk
2012-04-13 16:00 - 2012-04-06 00:00 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-13 16:00 - 2012-04-05 23:25 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-13 16:00 - 2011-05-25 23:13 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-09 11:00 - 2010-02-05 12:11 - 0000174 ___SH C:\Users\Spencer\Start Menu\Programs\Startup\desktop.ini
2012-04-09 11:00 - 2010-02-05 12:11 - 0000174 ___SH C:\Users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-09 10:59 - 2009-07-13 20:45 - 0316912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-09 10:50 - 2009-07-13 21:08 - 0029924 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-09 10:30 - 2012-04-05 23:26 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-08 08:21 - 2010-05-27 16:40 - 0000366 ____A C:\Windows\Tasks\Driver Robot.job
2012-04-05 23:39 - 2012-04-05 23:39 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-05 23:25 - 2012-04-05 23:25 - 0000000 ____D C:\Windows\system64
2012-04-05 08:45 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-04 13:56 - 2012-04-14 16:48 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 20:13 - 2012-04-02 20:13 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-02 20:13 - 2012-04-02 20:13 - 0000000 ____D C:\Program Files\iTunes
2012-04-02 20:13 - 2012-04-02 20:13 - 0000000 ____D C:\Program Files\iPod
2012-04-02 20:13 - 2010-04-04 21:50 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-25 12:50 - 2010-05-27 21:50 - 0000000 ____D C:\Users\Spencer\AppData\Roaming\Skype
2012-03-23 12:20 - 2012-03-19 21:54 - 0000000 ____D C:\Program Files (x86)\Diablo II
2012-03-21 10:29 - 2012-03-21 10:29 - 0000000 ____D C:\Users\All Users\ATI
2012-03-21 10:29 - 2012-03-21 10:29 - 0000000 ____D C:\ProgramData\ATI
2012-03-21 10:24 - 2012-03-21 10:24 - 0002047 ____A C:\Users\All Users\Start Menu\Programs\Startup\AML Device Install.lnk
2012-03-21 10:24 - 2012-03-21 10:24 - 0000000 ____D C:\Program Files\AMD
2012-03-21 10:24 - 2012-03-21 10:24 - 0000000 ____D C:\Program Files (x86)\AMD AVT
2012-03-21 10:24 - 2012-03-21 10:24 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-03-21 10:24 - 2011-07-13 11:36 - 0000000 ____D C:\Users\All Users\AMD
2012-03-21 10:24 - 2011-07-13 11:36 - 0000000 ____D C:\ProgramData\AMD
2012-03-21 10:24 - 2010-02-05 12:43 - 0000000 ____D C:\Program Files (x86)\AMD
2012-03-21 10:23 - 2010-02-05 12:33 - 0000000 ____D C:\Program Files\ATI Technologies
2012-03-21 10:13 - 2012-03-06 09:34 - 0000000 ____D C:\Users\Spencer\AppData\Local\Akamai
2012-03-20 22:49 - 2012-03-20 22:49 - 0001720 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-03-20 22:45 - 2012-03-20 22:14 - 0000000 ____D C:\Users\Spencer\Desktop\LeagueOfLegends
2012-03-20 22:45 - 2010-08-24 20:47 - 0000000 ____D C:\Riot Games
2012-03-20 22:45 - 2010-02-05 12:34 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-20 22:13 - 2012-03-20 22:13 - 2288128 ____A C:\Users\Spencer\Downloads\LeagueofLegends (1).exe
2012-03-20 00:16 - 2012-03-14 09:08 - 0000000 ____D C:\Program Files (x86)\World of Warcraft
2012-03-19 21:58 - 2012-03-19 21:48 - 0000000 ____A C:\BnetLog.txt
2012-03-19 21:55 - 2012-03-19 21:55 - 0001129 ____A C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2012-03-19 20:38 - 2012-03-19 20:37 - 2764856 ____A (Blizzard Entertainment) C:\Users\Spencer\Downloads\Downloader_Diablo2_enUS.exe
2012-03-19 20:16 - 2012-03-19 20:16 - 2678869 ____A (Blizzard Entertainment) C:\Users\Spencer\Downloads\Downloader_Diablo2_Lord_of_Destruction_enUS (2).exe
2012-03-19 20:14 - 2012-03-19 20:14 - 2678869 ____A (Blizzard Entertainment) C:\Users\Spencer\Downloads\Downloader_Diablo2_Lord_of_Destruction_enUS (1).exe
2012-03-19 20:11 - 2012-03-19 19:01 - 0000000 ____D C:\Users\Spencer\D2LOD-1.12A-enUS
2012-03-19 19:01 - 2012-03-19 19:01 - 2678869 ____A (Blizzard Entertainment) C:\Users\Spencer\Downloads\Downloader_Diablo2_Lord_of_Destruction_enUS.exe
2012-03-19 19:01 - 2010-02-05 12:10 - 0000000 ____D C:\users\Spencer
2012-03-18 22:42 - 2012-03-18 22:42 - 0000000 ____D C:\Users\Spencer\AppData\Local\THQ
2012-03-18 19:04 - 2012-03-18 19:04 - 1606656 ____A C:\Users\Spencer\Downloads\SteamInstall (2).msi
2012-03-18 19:03 - 2012-03-18 19:03 - 1606656 ____A C:\Users\Spencer\Downloads\SteamInstall (1).msi
2012-03-18 19:02 - 2012-03-18 19:02 - 1606656 ____A C:\Users\Spencer\Downloads\SteamInstall.msi
2012-03-17 22:49 - 2010-03-10 21:58 - 0000000 ____D C:\Users\Spencer\AppData\Local\Google
2012-03-16 09:31 - 2010-05-27 21:50 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-16 09:31 - 2010-05-27 21:50 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-16 09:31 - 2010-05-27 21:50 - 0000000 ____D C:\Users\All Users\Skype
2012-03-16 09:31 - 2010-05-27 21:50 - 0000000 ____D C:\ProgramData\Skype
2012-03-16 09:29 - 2010-05-27 21:51 - 0000000 ____D C:\Users\Spencer\AppData\Roaming\skypePM
2012-03-15 21:17 - 2010-02-05 12:10 - 0000000 ____D C:\Users\Spencer\AppData\Local\VirtualStore
2012-03-14 09:46 - 2012-03-14 09:07 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-03-14 09:46 - 2012-03-14 09:07 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-03-14 09:09 - 2012-03-14 09:08 - 0001068 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-03-14 09:07 - 2012-03-14 09:07 - 32157120 ____A C:\Users\Spencer\Downloads\WOW-4.0.0.12911-enUS-Trial (1).exe
2012-03-14 09:05 - 2012-03-14 09:04 - 32157120 ____A C:\Users\Spencer\Downloads\WOW-4.0.0.12911-enUS-Trial.exe
2012-03-13 16:07 - 2010-03-10 11:41 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-03-13 16:07 - 2010-03-10 11:41 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-03-07 18:08 - 2012-03-07 18:08 - 0000000 ____D C:\Users\Spencer\Documents\AeriaGames
2012-03-06 20:05 - 2012-03-06 20:05 - 0000842 ____A C:\Users\Spencer\Desktop\Dynasty Warriors Online.lnk
2012-03-06 19:56 - 2012-03-06 09:34 - 0000000 ____D C:\AeriaGames
2012-03-06 09:34 - 2012-03-06 09:34 - 0543864 ____A (Aeria Games) C:\Users\Spencer\Downloads\dynastywarriors_us_downloader.exe
2012-03-05 22:23 - 2012-03-05 22:23 - 0001145 ____A C:\Users\Spencer\Desktop\Jade Dynasty.lnk
2012-03-05 22:17 - 2011-04-21 16:29 - 0000000 ____D C:\Games
2012-03-05 22:14 - 2012-03-05 21:10 - 0000000 ____D C:\Users\Spencer\Desktop\JD_EN_v328
2012-03-05 22:10 - 2012-03-05 22:14 - 0258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2012-03-05 21:09 - 2012-03-05 21:09 - 2063240 ____A C:\Users\Spencer\Downloads\JD_EN_v328_Downloader.exe
2012-03-04 15:19 - 2010-02-07 10:54 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-28 00:00 - 2012-02-28 00:00 - 0000000 ____D C:\Program Files (x86)\Xvid
2012-02-27 21:55 - 2012-02-27 21:55 - 0000000 ____D C:\Windows\RegisteredPackages
2012-02-27 21:55 - 2012-02-27 21:55 - 0000000 ____D C:\IExp1.tmp
2012-02-27 21:55 - 2012-02-27 21:55 - 0000000 ____D C:\IExp0.tmp
2012-02-27 21:55 - 2010-05-20 23:17 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-02-27 21:54 - 2012-02-27 21:54 - 0000000 ____D C:\Program Files (x86)\Windows Media Components
2012-02-26 17:51 - 2012-02-26 17:51 - 0068645 ____A C:\Users\Spencer\AppData\Roaming\icarus-dxdiag.xml
2012-02-23 07:18 - 2010-02-05 12:23 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 21:15 - 2012-02-21 21:15 - 0000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-02-21 17:25 - 2012-02-21 17:25 - 0000003 ____A C:\Windows\System32\HRUPPROG.TXT
2012-02-21 17:25 - 2012-02-21 17:25 - 0000003 ____A C:\Windows\System32\HRUPPROG.DIE.NOW
2012-02-21 17:25 - 2012-02-14 18:23 - 0000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2012-02-19 22:51 - 2012-02-19 22:51 - 0000000 ____D C:\Perfect World Entertainment
2012-02-19 22:51 - 2012-02-19 22:51 - 0000000 ____D C:\Down
2012-02-17 13:39 - 2012-02-17 13:39 - 0000000 ____D C:\Users\Spencer\Documents\BrawlBusters
2012-02-16 10:24 - 2012-02-16 10:24 - 662283528 ____A C:\Windows\MEMORY.DMP
2012-02-16 10:24 - 2012-02-16 10:24 - 1180664 ____A C:\Windows\Minidump\021612-40326-01.dmp
2012-02-16 10:24 - 2010-07-17 15:32 - 0000000 ____D C:\Windows\Minidump
2012-02-14 22:27 - 2012-04-09 10:39 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-04-09 10:39 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-04-09 10:39 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-04-09 10:39 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 20:05 - 2012-02-14 20:05 - 16507904 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-02-14 20:05 - 2012-02-14 20:05 - 0069632 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-02-14 20:05 - 2012-02-14 20:05 - 0061952 ____A C:\Windows\System32\OVDecode64.dll
2012-02-14 20:05 - 2012-02-14 20:05 - 0059904 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-02-14 20:05 - 2012-02-14 20:05 - 0054784 ____A C:\Windows\SysWOW64\OVDecode.dll
2012-02-14 20:04 - 2012-02-14 20:04 - 13238272 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-02-14 20:03 - 2012-02-14 20:03 - 0054272 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-02-14 20:03 - 2012-02-14 20:03 - 0048128 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-02-14 19:48 - 2012-02-14 19:48 - 10856960 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-02-14 19:21 - 2012-02-14 19:21 - 25839104 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-02-14 19:19 - 2012-02-14 19:19 - 0235072 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-02-14 19:19 - 2012-02-14 19:19 - 0235072 ____A C:\Windows\System32\atiapfxx.blb
2012-02-14 19:18 - 2012-02-14 19:18 - 0791040 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-02-14 19:18 - 2012-02-14 19:18 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-02-14 19:17 - 2010-07-06 17:53 - 0957952 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-02-14 19:14 - 2012-02-14 19:14 - 0000000 ____D C:\Users\Spencer\AppData\Local\Chromium
2012-02-14 19:14 - 2012-02-14 18:23 - 0000000 ____D C:\Users\All Users\Hi-Rez Studios
2012-02-14 19:14 - 2012-02-14 18:23 - 0000000 ____D C:\ProgramData\Hi-Rez Studios
2012-02-14 19:14 - 2010-02-05 15:50 - 0000000 ____D C:\Users\Spencer\Documents\My Games
2012-02-14 19:13 - 2012-02-14 19:13 - 0496128 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-02-14 19:13 - 2012-02-14 19:13 - 0442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-02-14 19:13 - 2012-02-14 19:13 - 0235520 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-02-14 19:11 - 2012-02-14 19:11 - 0120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-02-14 19:10 - 2012-02-14 19:10 - 0059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-02-14 19:10 - 2012-02-14 19:10 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-02-14 19:10 - 2012-02-14 19:10 - 0021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-02-14 19:07 - 2012-02-14 19:07 - 6200320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-02-14 18:58 - 2012-02-14 18:58 - 19392000 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-02-14 18:52 - 2009-09-18 18:04 - 7646208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-02-14 18:41 - 2012-02-14 18:41 - 1113088 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-02-14 18:40 - 2012-02-14 18:40 - 4958208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-02-14 18:40 - 2012-02-14 18:40 - 1828864 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-02-14 18:36 - 2012-02-14 18:36 - 2425664 ____A C:\Windows\System32\atiumd6a.cap
2012-02-14 18:36 - 2012-02-14 18:36 - 0204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-02-14 18:36 - 2012-02-14 18:36 - 0204952 ____A C:\Windows\System32\ativvsvl.dat
2012-02-14 18:36 - 2012-02-14 18:36 - 0157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-02-14 18:36 - 2012-02-14 18:36 - 0157144 ____A C:\Windows\System32\ativvsva.dat
2012-02-14 18:34 - 2012-02-14 18:34 - 5954048 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 13859840 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 0051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 0044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-02-14 18:34 - 2012-02-14 18:34 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-02-14 18:29 - 2012-02-14 18:29 - 5062656 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-02-14 18:29 - 2012-02-14 18:29 - 11561984 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-02-14 18:28 - 2012-02-14 18:28 - 2427392 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-02-14 18:25 - 2012-02-14 18:25 - 7551488 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-02-14 18:23 - 2012-02-14 18:23 - 0002037 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2012-02-14 18:23 - 2012-02-14 18:23 - 0002028 ____A C:\Users\Public\Desktop\Tribes Ascend Closed Beta.lnk
2012-02-14 18:21 - 2012-02-14 18:21 - 13227248 ____A (Hi-Rez Studios) C:\Users\Spencer\Downloads\InstallHiRezGamesEnglish.exe
2012-02-14 18:16 - 2010-07-06 17:24 - 0058880 ____A (AMD) C:\Windows\System32\coinst.dll
2012-02-14 18:14 - 2012-02-14 18:14 - 0512000 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0356352 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0327680 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-02-14 18:13 - 2012-02-14 18:13 - 0039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-02-14 18:13 - 2012-02-14 18:13 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-02-14 18:12 - 2012-02-14 18:12 - 0039936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-02-14 18:12 - 2012-02-14 18:12 - 0033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-02-14 18:12 - 2012-02-14 18:12 - 0030208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-02-14 18:12 - 2010-07-06 17:15 - 0043008 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-02-14 18:11 - 2012-02-14 18:11 - 0053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-02-14 15:50 - 2011-07-13 11:39 - 0000000 ____D C:\AMD
2012-02-14 15:48 - 2012-02-14 15:46 - 155406528 ____A (Advanced Micro Devices, Inc.) C:\Users\Spencer\Downloads\12-1_vista_win7_64_dd_ccc.exe
2012-02-14 15:44 - 2012-01-08 11:19 - 0000000 ____D C:\Users\Spencer\AppData\Roaming\DivX
2012-02-12 20:40 - 2012-02-12 20:40 - 13005995 ____A C:\Users\Spencer\Downloads\CrossFit_FrontSquats.wmv
2012-02-09 22:18 - 2012-04-09 10:39 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-04-09 10:39 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-04-09 10:39 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-04-09 10:39 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-04-09 10:39 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-04-09 10:39 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-04-09 10:39 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-04-09 10:39 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-04-09 10:39 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-04-09 10:39 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-06 17:04 - 2012-02-06 17:04 - 0016564 ____A C:\Users\Spencer\Downloads\Head_in_Hands.jpg
2012-02-06 17:03 - 2012-02-06 17:03 - 0096367 ____A C:\Users\Spencer\Downloads\Kimbra 0911.jpg
2012-02-02 20:16 - 2012-04-09 10:39 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 04:02 - 2012-01-31 04:02 - 0021504 ____A C:\Windows\System32\kdbsdk64.dll
2012-01-31 04:00 - 2012-01-31 04:00 - 0016896 ____A C:\Windows\SysWOW64\kdbsdk32.dll
2012-01-30 02:02 - 2011-01-26 11:44 - 0002141 ____A C:\Windows\epplauncher.mif
2012-01-30 02:02 - 2011-01-26 11:43 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-01-27 15:38 - 2012-01-27 15:38 - 0002069 ____A C:\Users\Public\Desktop\doubleTwist.lnk
2012-01-27 15:38 - 2012-01-27 15:38 - 0000000 ____D C:\Users\Spencer\AppData\Local\doubleTwist Corporation
2012-01-27 15:38 - 2012-01-27 15:38 - 0000000 ____D C:\Program Files (x86)\ffdshow
2012-01-27 15:38 - 2012-01-27 15:37 - 0000000 ____D C:\Program Files (x86)\doubleTwist 2.0
2012-01-27 15:37 - 2012-01-27 15:37 - 1297888 ____A C:\Users\Spencer\Downloads\doubleTwistSetup.exe
2012-01-27 15:31 - 2010-02-11 12:57 - 0000000 ____D C:\Users\Spencer\AppData\Roaming\Apple Computer
2012-01-27 15:29 - 2010-02-11 12:55 - 0000000 ____D C:\Users\All Users\Apple
2012-01-27 15:29 - 2010-02-11 12:55 - 0000000 ____D C:\ProgramData\Apple
2012-01-27 15:28 - 2012-01-27 15:28 - 0000000 ____D C:\Program Files\Bonjour
2012-01-27 15:28 - 2012-01-27 15:28 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-01-24 22:27 - 2012-04-09 10:39 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-04-09 10:39 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-04-09 10:39 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-23 13:30 - 2012-01-23 13:30 - 0052468 ____A C:\Users\Spencer\Downloads\Unconfirmed 36408.crdownload
2012-01-23 12:45 - 2012-01-23 12:45 - 0002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-23 12:45 - 2010-03-10 21:53 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-01-23 12:45 - 2010-02-05 12:44 - 0000000 ____D C:\Users\Spencer\AppData\Local\Adobe
2012-01-23 12:45 - 2010-02-05 12:44 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-23 12:45 - 2010-02-05 12:44 - 0000000 ____D C:\ProgramData\Adobe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8191.18 MB
Available physical RAM: 7393.2 MB
Total Pagefile: 8189.32 MB
Available Pagefile: 7379.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:1397.17 GB) (Free:1078.9 GB) NTFS
2 Drive e: (MR_BROOKS_US) (CDROM) (Total:7.24 GB) (Free:0 GB) UDF
3 Drive f: (PATRIOT) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 0 B
Disk 1 Online 1910 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 1397 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 1397 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1906 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F PATRIOT FAT Removable 1906 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-13 16:40

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 15 April 2012 - 02:39 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
C:\Windows\System32\dds_trash_log.cmd


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Disco_Stew

Disco_Stew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 15 April 2012 - 04:14 AM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-15 03:10:30 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\dds_trash_log.cmd moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 15 April 2012 - 05:05 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Disco_Stew

Disco_Stew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 15 April 2012 - 05:58 PM

Thanks again Gringo. The log as requested.
About the problems I was having, I found that my email had been hacked and I was sending mass scam emails so I changed my password. Not a week later I found that I was still sending mass scam emails so I figured a key logger may be present. I checked Windows Defender and my Windows Firewall and both were disabled and I could not turn them back on. When I looked up the error I read that a likely error was the consrv.dll virus and found it on my c: drive. No real problems other than that that I've found. The virus remains, consrv.dll is still present and I am unable to turn Defender on but Firewall says it's working now.


ComboFix 12-04-15.02 - Spencer 04/15/2012 16:19:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6872 [GMT -6:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 22:41 . 2012-04-15 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 08:39 . 2012-04-15 08:40 -------- d-----w- C:\FRST
2012-04-15 07:26 . 2012-04-15 07:26 -------- d-----w- c:\users\Spencer\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
2012-04-15 02:40 . 2012-04-15 02:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 02:27 . 2012-04-15 02:27 -------- d-----w- C:\Anti-malware
2012-04-15 00:48 . 2012-04-15 00:48 -------- d-----w- c:\users\Spencer\AppData\Roaming\Malwarebytes
2012-04-15 00:48 . 2012-04-15 00:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 00:48 . 2012-04-15 00:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-15 00:48 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-09 18:46 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 18:46 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-09 18:46 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-09 18:37 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-06 08:00 . 2012-04-14 00:00 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 07:39 . 2012-04-06 07:39 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-04-06 07:25 . 2012-04-14 00:00 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-06 07:25 . 2012-04-06 07:25 -------- d-----we c:\windows\system64
2012-04-03 04:13 . 2012-04-03 04:13 -------- d-----w- c:\program files\iPod
2012-04-03 04:13 . 2012-04-03 04:13 -------- d-----w- c:\program files\iTunes
2012-03-31 19:44 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33BE27FD-7F5F-4090-9191-906B094E9DC3}\mpengine.dll
2012-03-21 18:29 . 2012-03-21 18:29 -------- d-----w- c:\programdata\ATI
2012-03-21 18:24 . 2012-03-21 18:24 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-21 18:24 . 2012-03-21 18:24 -------- d-----w- c:\program files\AMD
2012-03-21 18:24 . 2012-03-21 18:24 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-20 05:54 . 2012-03-23 20:20 -------- d-----w- c:\program files (x86)\Diablo II
2012-03-20 03:01 . 2012-03-20 04:11 -------- d-----w- c:\users\Spencer\D2LOD-1.12A-enUS
2012-03-19 06:42 . 2012-03-19 06:42 -------- d-----w- c:\users\Spencer\AppData\Local\THQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 00:00 . 2011-05-26 07:13 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:10 . 2012-03-06 06:14 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-02-23 15:18 . 2010-02-05 20:23 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 04:05 . 2012-02-15 04:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 04:05 . 2012-02-15 04:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 04:05 . 2012-02-15 04:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 04:05 . 2012-02-15 04:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 04:05 . 2012-02-15 04:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 04:04 . 2012-02-15 04:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 04:03 . 2012-02-15 04:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 04:03 . 2012-02-15 04:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-07-07 01:53 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2009-09-19 02:04 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-07-07 01:24 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-07-07 01:15 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-01-31 12:02 . 2012-01-31 12:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 12:00 . 2012-01-31 12:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-01 3077528]
"Akamai NetSession Interface"="c:\users\Spencer\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Spencer\AppData\Local\Temp\005F8A3.tmp [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R4 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-04-11 294912]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 00:00]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-11 06:47]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-11 06:47]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436757911-3533439838-4145323189-1001Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 03:30]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436757911-3533439838-4145323189-1001UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 03:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-59056136.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Dell Photo Printer 720 - c:\program files (x86) (x86)\Dell Photo Printer 720\Install\x64\Uninst.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
AddRemove-UnityWebPlayer - c:\users\Spencer\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Spencer\AppData\Local\Temp\005F8A3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2436757911-3533439838-4145323189-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:00,77,bc,06,ee,a1,47,94,fb,5d,18,f6,69,af,5a,f1,81,74,69,6d,89,
62,83,56,fa,d0,a8,1d,90,56,a2,09,49,d1,f3,98,8d,e9,d3,82,74,da,ac,f1,a9,7b,\
"rkeysecu"=hex:0c,01,85,43,d9,94,1a,d5,71,29,87,48,26,17,d9,45
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Play ***╠|gin]
"DisplayName"="Adobe Flash Player 10 Plugin"
"DisplayVersion"="10.2.152.26"
"HelpLink"="http://www.adobe.com/go/flashplayer_support/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"RequiresIESysFile"="4.70.0.1155"
"URLInfoAbout"="http://www.adobe.com"
"URLUpdateInfo"="http://www.adobe.com/go/getflashplayer/"
"VersionMajor"=dword:0000000a
"VersionMinor"=dword:00000002
"UninstallString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_Plugin.exe -maintain plugin"
"DisplayIcon"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_Plugin.exe"
"EstimatedSize"=dword:00001800
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-04-15 16:51:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 22:51
.
Pre-Run: 1,155,014,225,920 bytes free
Post-Run: 1,163,495,919,616 bytes free
.
- - End Of File - - 8E65F102DE324BF021DCFE5164428C90

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 15 April 2012 - 08:30 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Disco_Stew

Disco_Stew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 15 April 2012 - 09:02 PM

TDSS log


19:45:45.0776 5580 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:45:46.0509 5580 ============================================================
19:45:46.0509 5580 Current date / time: 2012/04/15 19:45:46.0509
19:45:46.0509 5580 SystemInfo:
19:45:46.0509 5580
19:45:46.0509 5580 OS Version: 6.1.7600 ServicePack: 0.0
19:45:46.0509 5580 Product type: Workstation
19:45:46.0509 5580 ComputerName: SPENCER-PC
19:45:46.0509 5580 UserName: Spencer
19:45:46.0509 5580 Windows directory: C:\Windows
19:45:46.0509 5580 System windows directory: C:\Windows
19:45:46.0509 5580 Running under WOW64
19:45:46.0509 5580 Processor architecture: Intel x64
19:45:46.0509 5580 Number of processors: 4
19:45:46.0509 5580 Page size: 0x1000
19:45:46.0509 5580 Boot type: Normal boot
19:45:46.0509 5580 ============================================================
19:45:47.0398 5580 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:45:47.0414 5580 Drive \Device\Harddisk1\DR1 - Size: 0x77600000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:45:47.0414 5580 \Device\Harddisk0\DR0:
19:45:47.0414 5580 MBR used
19:45:47.0414 5580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:45:47.0414 5580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
19:45:47.0414 5580 \Device\Harddisk1\DR1:
19:45:47.0414 5580 MBR used
19:45:47.0414 5580 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x1F80, BlocksNum 0x3B9080
19:45:47.0429 5580 Initialize success
19:45:47.0429 5580 ============================================================
19:45:49.0364 5916 ============================================================
19:45:49.0364 5916 Scan started
19:45:49.0364 5916 Mode: Manual;
19:45:49.0364 5916 ============================================================
19:45:52.0187 5916 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:45:52.0187 5916 1394ohci - ok
19:45:52.0219 5916 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:45:52.0219 5916 ACPI - ok
19:45:52.0234 5916 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:45:52.0234 5916 AcpiPmi - ok
19:45:52.0328 5916 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:45:52.0328 5916 AdobeFlashPlayerUpdateSvc - ok
19:45:52.0359 5916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:45:52.0375 5916 adp94xx - ok
19:45:52.0406 5916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:45:52.0406 5916 adpahci - ok
19:45:52.0437 5916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:45:52.0437 5916 adpu320 - ok
19:45:52.0468 5916 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:45:52.0468 5916 AeLookupSvc - ok
19:45:52.0531 5916 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:45:52.0531 5916 AFD - ok
19:45:52.0562 5916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:45:52.0562 5916 agp440 - ok
19:45:52.0577 5916 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:45:52.0577 5916 ALG - ok
19:45:52.0593 5916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:45:52.0593 5916 aliide - ok
19:45:52.0640 5916 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
19:45:52.0640 5916 AMD External Events Utility - ok
19:45:52.0702 5916 AMD FUEL Service - ok
19:45:52.0718 5916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:45:52.0718 5916 amdide - ok
19:45:52.0765 5916 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:45:52.0765 5916 amdiox64 - ok
19:45:52.0796 5916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:45:52.0796 5916 AmdK8 - ok
19:45:52.0999 5916 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
19:45:53.0155 5916 amdkmdag - ok
19:45:53.0186 5916 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
19:45:53.0201 5916 amdkmdap - ok
19:45:53.0217 5916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:45:53.0217 5916 AmdPPM - ok
19:45:53.0264 5916 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:45:53.0264 5916 amdsata - ok
19:45:53.0295 5916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:45:53.0295 5916 amdsbs - ok
19:45:53.0342 5916 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:45:53.0342 5916 amdxata - ok
19:45:53.0389 5916 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
19:45:53.0389 5916 AMD_RAIDXpert - ok
19:45:53.0435 5916 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:45:53.0435 5916 AODDriver4.01 - ok
19:45:53.0451 5916 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:45:53.0451 5916 AODDriver4.1 - ok
19:45:53.0482 5916 AODService (45747a388f70b05e3ee777b238997ed4) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
19:45:53.0482 5916 AODService - ok
19:45:53.0513 5916 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:45:53.0513 5916 AppID - ok
19:45:53.0545 5916 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:45:53.0545 5916 AppIDSvc - ok
19:45:53.0560 5916 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:45:53.0560 5916 Appinfo - ok
19:45:53.0623 5916 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:45:53.0623 5916 Apple Mobile Device - ok
19:45:53.0638 5916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:45:53.0638 5916 arc - ok
19:45:53.0654 5916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:45:53.0669 5916 arcsas - ok
19:45:53.0701 5916 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys
19:45:53.0701 5916 AsIO - ok
19:45:53.0747 5916 aspnet_state - ok
19:45:53.0841 5916 AsSysCtrlService (e781164c7d47950e3d218c84b2901cb2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
19:45:53.0841 5916 AsSysCtrlService - ok
19:45:53.0872 5916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:45:53.0872 5916 AsyncMac - ok
19:45:53.0903 5916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:45:53.0903 5916 atapi - ok
19:45:53.0950 5916 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
19:45:53.0966 5916 AtiHDAudioService - ok
19:45:53.0981 5916 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
19:45:53.0981 5916 AtiHdmiService - ok
19:45:54.0231 5916 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
19:45:54.0262 5916 atikmdag - ok
19:45:54.0278 5916 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:45:54.0278 5916 AtiPcie - ok
19:45:54.0309 5916 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:45:54.0309 5916 AudioEndpointBuilder - ok
19:45:54.0325 5916 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:45:54.0325 5916 AudioSrv - ok
19:45:54.0371 5916 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:45:54.0371 5916 AxInstSV - ok
19:45:54.0403 5916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:45:54.0418 5916 b06bdrv - ok
19:45:54.0434 5916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:45:54.0434 5916 b57nd60a - ok
19:45:54.0465 5916 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:45:54.0465 5916 BDESVC - ok
19:45:54.0481 5916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:45:54.0481 5916 Beep - ok
19:45:54.0527 5916 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:45:54.0559 5916 BFE - ok
19:45:54.0590 5916 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
19:45:54.0605 5916 BITS - ok
19:45:54.0621 5916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:45:54.0621 5916 blbdrive - ok
19:45:54.0715 5916 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:45:54.0715 5916 Bonjour Service - ok
19:45:54.0761 5916 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:45:54.0761 5916 bowser - ok
19:45:54.0777 5916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:45:54.0777 5916 BrFiltLo - ok
19:45:54.0793 5916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:45:54.0793 5916 BrFiltUp - ok
19:45:54.0824 5916 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:45:54.0824 5916 BridgeMP - ok
19:45:54.0839 5916 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:45:54.0855 5916 Browser - ok
19:45:54.0871 5916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:45:54.0871 5916 Brserid - ok
19:45:54.0886 5916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:45:54.0902 5916 BrSerWdm - ok
19:45:54.0917 5916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:45:54.0917 5916 BrUsbMdm - ok
19:45:54.0917 5916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:45:54.0917 5916 BrUsbSer - ok
19:45:54.0933 5916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:45:54.0933 5916 BTHMODEM - ok
19:45:54.0964 5916 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:45:54.0964 5916 bthserv - ok
19:45:54.0980 5916 catchme - ok
19:45:55.0011 5916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:45:55.0011 5916 cdfs - ok
19:45:55.0027 5916 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:45:55.0027 5916 cdrom - ok
19:45:55.0042 5916 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:45:55.0042 5916 CertPropSvc - ok
19:45:55.0058 5916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:45:55.0058 5916 circlass - ok
19:45:55.0073 5916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:45:55.0073 5916 CLFS - ok
19:45:55.0105 5916 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:45:55.0105 5916 clr_optimization_v2.0.50727_32 - ok
19:45:55.0120 5916 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:45:55.0120 5916 clr_optimization_v2.0.50727_64 - ok
19:45:55.0183 5916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:45:55.0183 5916 clr_optimization_v4.0.30319_32 - ok
19:45:55.0214 5916 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:45:55.0214 5916 clr_optimization_v4.0.30319_64 - ok
19:45:55.0229 5916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:45:55.0229 5916 CmBatt - ok
19:45:55.0245 5916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:45:55.0245 5916 cmdide - ok
19:45:55.0292 5916 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:45:55.0292 5916 CNG - ok
19:45:55.0307 5916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:45:55.0307 5916 Compbatt - ok
19:45:55.0323 5916 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:45:55.0323 5916 CompositeBus - ok
19:45:55.0323 5916 COMSysApp - ok
19:45:55.0339 5916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:45:55.0339 5916 crcdisk - ok
19:45:55.0354 5916 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
19:45:55.0354 5916 CryptSvc - ok
19:45:55.0385 5916 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:45:55.0385 5916 DcomLaunch - ok
19:45:55.0417 5916 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:45:55.0417 5916 defragsvc - ok
19:45:55.0448 5916 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:45:55.0463 5916 DfsC - ok
19:45:55.0479 5916 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:45:55.0479 5916 Dhcp - ok
19:45:55.0495 5916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:45:55.0495 5916 discache - ok
19:45:55.0510 5916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:45:55.0510 5916 Disk - ok
19:45:55.0541 5916 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:45:55.0541 5916 Dnscache - ok
19:45:55.0573 5916 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:45:55.0573 5916 dot3svc - ok
19:45:55.0588 5916 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:45:55.0588 5916 DPS - ok
19:45:55.0619 5916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:45:55.0619 5916 drmkaud - ok
19:45:55.0682 5916 dump_wmimmc - ok
19:45:55.0791 5916 DvmMDES (355e50803a28af282a87faa2612b95ce) C:\ASUS.SYS\config\DVMExportService.exe
19:45:55.0838 5916 DvmMDES - ok
19:45:55.0978 5916 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:45:55.0994 5916 DXGKrnl - ok
19:45:56.0009 5916 EagleX64 - ok
19:45:56.0056 5916 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:45:56.0056 5916 EapHost - ok
19:45:56.0181 5916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:45:56.0243 5916 ebdrv - ok
19:45:56.0290 5916 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:45:56.0290 5916 EFS - ok
19:45:56.0415 5916 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:45:56.0431 5916 ehRecvr - ok
19:45:56.0462 5916 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:45:56.0462 5916 ehSched - ok
19:45:56.0477 5916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:45:56.0493 5916 elxstor - ok
19:45:56.0509 5916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:45:56.0509 5916 ErrDev - ok
19:45:56.0540 5916 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:45:56.0540 5916 EventSystem - ok
19:45:56.0555 5916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:45:56.0555 5916 exfat - ok
19:45:56.0571 5916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:45:56.0571 5916 fastfat - ok
19:45:56.0602 5916 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:45:56.0602 5916 Fax - ok
19:45:56.0618 5916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:45:56.0618 5916 fdc - ok
19:45:56.0618 5916 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:45:56.0633 5916 fdPHost - ok
19:45:56.0649 5916 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:45:56.0649 5916 FDResPub - ok
19:45:56.0665 5916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:45:56.0665 5916 FileInfo - ok
19:45:56.0680 5916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:45:56.0680 5916 Filetrace - ok
19:45:56.0680 5916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:45:56.0696 5916 flpydisk - ok
19:45:56.0711 5916 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:45:56.0711 5916 FltMgr - ok
19:45:56.0805 5916 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
19:45:56.0821 5916 FontCache - ok
19:45:56.0867 5916 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:45:56.0883 5916 FontCache3.0.0.0 - ok
19:45:56.0899 5916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:45:56.0899 5916 FsDepends - ok
19:45:56.0899 5916 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:45:56.0899 5916 Fs_Rec - ok
19:45:56.0930 5916 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:45:56.0930 5916 fvevol - ok
19:45:56.0961 5916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:45:56.0961 5916 gagp30kx - ok
19:45:56.0992 5916 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:45:56.0992 5916 GEARAspiWDM - ok
19:45:57.0039 5916 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:45:57.0055 5916 gpsvc - ok
19:45:57.0195 5916 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:45:57.0195 5916 gupdate - ok
19:45:57.0273 5916 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:45:57.0273 5916 gupdatem - ok
19:45:57.0367 5916 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:45:57.0367 5916 gusvc - ok
19:45:57.0398 5916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:45:57.0398 5916 hcw85cir - ok
19:45:57.0413 5916 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:45:57.0429 5916 HdAudAddService - ok
19:45:57.0445 5916 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:45:57.0445 5916 HDAudBus - ok
19:45:57.0476 5916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:45:57.0476 5916 HidBatt - ok
19:45:57.0491 5916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:45:57.0491 5916 HidBth - ok
19:45:57.0507 5916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:45:57.0507 5916 HidIr - ok
19:45:57.0523 5916 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:45:57.0523 5916 hidserv - ok
19:45:57.0554 5916 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:45:57.0554 5916 HidUsb - ok
19:45:57.0616 5916 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
19:45:57.0616 5916 HiPatchService - ok
19:45:57.0632 5916 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:45:57.0632 5916 hkmsvc - ok
19:45:57.0647 5916 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:45:57.0647 5916 HomeGroupListener - ok
19:45:57.0679 5916 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:45:57.0679 5916 HomeGroupProvider - ok
19:45:57.0710 5916 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:45:57.0710 5916 HpSAMD - ok
19:45:57.0757 5916 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:45:57.0757 5916 HTTP - ok
19:45:57.0772 5916 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:45:57.0772 5916 hwpolicy - ok
19:45:57.0835 5916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:45:57.0835 5916 i8042prt - ok
19:45:57.0866 5916 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:45:57.0881 5916 iaStorV - ok
19:45:58.0022 5916 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:45:58.0037 5916 IDriverT - ok
19:45:58.0084 5916 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:45:58.0100 5916 idsvc - ok
19:45:58.0100 5916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:45:58.0115 5916 iirsp - ok
19:45:58.0131 5916 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:45:58.0147 5916 IKEEXT - ok
19:45:58.0147 5916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:45:58.0147 5916 intelide - ok
19:45:58.0162 5916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:45:58.0162 5916 intelppm - ok
19:45:58.0178 5916 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:45:58.0193 5916 IPBusEnum - ok
19:45:58.0209 5916 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:45:58.0209 5916 IpFilterDriver - ok
19:45:58.0225 5916 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
19:45:58.0240 5916 iphlpsvc - ok
19:45:58.0256 5916 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:45:58.0256 5916 IPMIDRV - ok
19:45:58.0271 5916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:45:58.0271 5916 IPNAT - ok
19:45:58.0349 5916 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:45:58.0365 5916 iPod Service - ok
19:45:58.0412 5916 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
19:45:58.0412 5916 iPodDrv - ok
19:45:58.0427 5916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:45:58.0427 5916 IRENUM - ok
19:45:58.0459 5916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:45:58.0459 5916 isapnp - ok
19:45:58.0474 5916 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:45:58.0474 5916 iScsiPrt - ok
19:45:58.0490 5916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:45:58.0490 5916 kbdclass - ok
19:45:58.0505 5916 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:45:58.0505 5916 kbdhid - ok
19:45:58.0537 5916 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:45:58.0537 5916 KeyIso - ok
19:45:58.0552 5916 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:45:58.0552 5916 KSecDD - ok
19:45:58.0599 5916 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:45:58.0599 5916 KSecPkg - ok
19:45:58.0630 5916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:45:58.0630 5916 ksthunk - ok
19:45:58.0661 5916 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:45:58.0677 5916 KtmRm - ok
19:45:58.0724 5916 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
19:45:58.0724 5916 LanmanServer - ok
19:45:58.0755 5916 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:45:58.0771 5916 LanmanWorkstation - ok
19:45:58.0786 5916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:45:58.0802 5916 lltdio - ok
19:45:58.0833 5916 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:45:58.0833 5916 lltdsvc - ok
19:45:58.0864 5916 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:45:58.0864 5916 lmhosts - ok
19:45:58.0880 5916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:45:58.0895 5916 LSI_FC - ok
19:45:58.0895 5916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:45:58.0895 5916 LSI_SAS - ok
19:45:58.0911 5916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:45:58.0911 5916 LSI_SAS2 - ok
19:45:58.0927 5916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:45:58.0927 5916 LSI_SCSI - ok
19:45:58.0942 5916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:45:58.0942 5916 luafv - ok
19:45:58.0989 5916 lvpepf64 (4a503882318bb2f59218d401614e6af6) C:\Windows\system32\DRIVERS\lv302a64.sys
19:45:58.0989 5916 lvpepf64 - ok
19:45:59.0036 5916 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:45:59.0036 5916 LVPr2M64 - ok
19:45:59.0051 5916 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:45:59.0051 5916 LVPr2Mon - ok
19:45:59.0129 5916 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:45:59.0129 5916 LVPrcS64 - ok
19:45:59.0176 5916 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
19:45:59.0176 5916 LVRS64 - ok
19:45:59.0192 5916 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
19:45:59.0192 5916 LVUSBS64 - ok
19:45:59.0223 5916 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:45:59.0223 5916 MBAMProtector - ok
19:45:59.0285 5916 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:45:59.0285 5916 MBAMService - ok
19:45:59.0317 5916 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:45:59.0317 5916 Mcx2Svc - ok
19:45:59.0332 5916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:45:59.0332 5916 megasas - ok
19:45:59.0348 5916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:45:59.0348 5916 MegaSR - ok
19:45:59.0379 5916 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:45:59.0379 5916 MMCSS - ok
19:45:59.0395 5916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:45:59.0395 5916 Modem - ok
19:45:59.0410 5916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:45:59.0410 5916 monitor - ok
19:45:59.0426 5916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:45:59.0426 5916 mouclass - ok
19:45:59.0441 5916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:45:59.0441 5916 mouhid - ok
19:45:59.0457 5916 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:45:59.0457 5916 mountmgr - ok
19:45:59.0488 5916 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
19:45:59.0488 5916 MpFilter - ok
19:45:59.0504 5916 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:45:59.0504 5916 mpio - ok
19:45:59.0519 5916 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:45:59.0535 5916 MpNWMon - ok
19:45:59.0535 5916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:45:59.0551 5916 mpsdrv - ok
19:45:59.0629 5916 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:45:59.0629 5916 MpsSvc - ok
19:45:59.0644 5916 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:45:59.0644 5916 MRxDAV - ok
19:45:59.0691 5916 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:45:59.0691 5916 mrxsmb - ok
19:45:59.0753 5916 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:45:59.0753 5916 mrxsmb10 - ok
19:45:59.0800 5916 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:45:59.0816 5916 mrxsmb20 - ok
19:45:59.0863 5916 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:45:59.0863 5916 msahci - ok
19:45:59.0863 5916 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:45:59.0878 5916 msdsm - ok
19:45:59.0894 5916 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:45:59.0894 5916 MSDTC - ok
19:45:59.0925 5916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:45:59.0925 5916 Msfs - ok
19:45:59.0941 5916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:45:59.0941 5916 mshidkmdf - ok
19:45:59.0956 5916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:45:59.0956 5916 msisadrv - ok
19:46:00.0003 5916 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:46:00.0003 5916 MSiSCSI - ok
19:46:00.0019 5916 msiserver - ok
19:46:00.0034 5916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:46:00.0034 5916 MSKSSRV - ok
19:46:00.0128 5916 MsMpSvc (64e69a217d861776ca848b453fb96d71) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:46:00.0128 5916 MsMpSvc - ok
19:46:00.0143 5916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:46:00.0143 5916 MSPCLOCK - ok
19:46:00.0159 5916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:46:00.0159 5916 MSPQM - ok
19:46:00.0175 5916 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:46:00.0190 5916 MsRPC - ok
19:46:00.0206 5916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:46:00.0206 5916 mssmbios - ok
19:46:00.0206 5916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:46:00.0206 5916 MSTEE - ok
19:46:00.0221 5916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:46:00.0221 5916 MTConfig - ok
19:46:00.0253 5916 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
19:46:00.0253 5916 MTsensor - ok
19:46:00.0268 5916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:46:00.0268 5916 Mup - ok
19:46:00.0315 5916 mv61xx (42ab117ab98ac93f487b2913ee4fbdd8) C:\Windows\system32\DRIVERS\mv61xx.sys
19:46:00.0315 5916 mv61xx - ok
19:46:00.0362 5916 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:46:00.0377 5916 napagent - ok
19:46:00.0393 5916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:46:00.0409 5916 NativeWifiP - ok
19:46:00.0455 5916 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:46:00.0471 5916 NDIS - ok
19:46:00.0487 5916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:46:00.0487 5916 NdisCap - ok
19:46:00.0502 5916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:46:00.0518 5916 NdisTapi - ok
19:46:00.0533 5916 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:46:00.0533 5916 Ndisuio - ok
19:46:00.0533 5916 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:46:00.0549 5916 NdisWan - ok
19:46:00.0549 5916 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:46:00.0549 5916 NDProxy - ok
19:46:00.0565 5916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:46:00.0565 5916 NetBIOS - ok
19:46:00.0580 5916 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:46:00.0580 5916 NetBT - ok
19:46:00.0627 5916 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:46:00.0627 5916 Netlogon - ok
19:46:00.0674 5916 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:46:00.0674 5916 Netman - ok
19:46:00.0689 5916 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:46:00.0705 5916 netprofm - ok
19:46:00.0721 5916 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:00.0721 5916 NetTcpPortSharing - ok
19:46:00.0752 5916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:46:00.0752 5916 nfrd960 - ok
19:46:00.0799 5916 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:46:00.0799 5916 NisDrv - ok
19:46:00.0923 5916 NisSrv (c67e39d2968400b38f54a10822e6eacf) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:46:00.0923 5916 NisSrv - ok
19:46:00.0939 5916 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:46:00.0955 5916 NlaSvc - ok
19:46:01.0017 5916 nosGetPlusHelper (9865516d33bc66fddac9db4087d4b6aa) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
19:46:01.0017 5916 nosGetPlusHelper - ok
19:46:01.0048 5916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:46:01.0048 5916 Npfs - ok
19:46:01.0048 5916 npggsvc - ok
19:46:01.0064 5916 NPPTNT2 - ok
19:46:01.0064 5916 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:46:01.0079 5916 nsi - ok
19:46:01.0079 5916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:46:01.0079 5916 nsiproxy - ok
19:46:01.0157 5916 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:46:01.0204 5916 Ntfs - ok
19:46:01.0220 5916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:46:01.0220 5916 Null - ok
19:46:01.0282 5916 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:46:01.0282 5916 nvraid - ok
19:46:01.0313 5916 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:46:01.0329 5916 nvstor - ok
19:46:01.0329 5916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:46:01.0345 5916 nv_agp - ok
19:46:01.0376 5916 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:46:01.0391 5916 odserv - ok
19:46:01.0407 5916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:46:01.0407 5916 ohci1394 - ok
19:46:01.0423 5916 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:01.0423 5916 ose - ok
19:46:01.0438 5916 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:46:01.0454 5916 p2pimsvc - ok
19:46:01.0469 5916 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:46:01.0469 5916 p2psvc - ok
19:46:01.0485 5916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:46:01.0485 5916 Parport - ok
19:46:01.0501 5916 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:46:01.0501 5916 partmgr - ok
19:46:01.0532 5916 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:46:01.0532 5916 PcaSvc - ok
19:46:01.0547 5916 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:46:01.0547 5916 pci - ok
19:46:01.0563 5916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:46:01.0563 5916 pciide - ok
19:46:01.0579 5916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:46:01.0579 5916 pcmcia - ok
19:46:01.0594 5916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:46:01.0594 5916 pcw - ok
19:46:01.0610 5916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:46:01.0625 5916 PEAUTH - ok
19:46:01.0672 5916 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:46:01.0672 5916 PerfHost - ok
19:46:01.0781 5916 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
19:46:01.0813 5916 PID_PEPI - ok
19:46:01.0875 5916 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:46:01.0891 5916 pla - ok
19:46:01.0937 5916 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:46:01.0937 5916 PlugPlay - ok
19:46:01.0984 5916 PnkBstrA - ok
19:46:02.0000 5916 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:46:02.0000 5916 PNRPAutoReg - ok
19:46:02.0015 5916 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:46:02.0015 5916 PNRPsvc - ok
19:46:02.0047 5916 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:46:02.0062 5916 PolicyAgent - ok
19:46:02.0078 5916 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:46:02.0078 5916 Power - ok
19:46:02.0109 5916 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:46:02.0109 5916 PptpMiniport - ok
19:46:02.0109 5916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:46:02.0109 5916 Processor - ok
19:46:02.0125 5916 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
19:46:02.0125 5916 ProfSvc - ok
19:46:02.0156 5916 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:46:02.0156 5916 ProtectedStorage - ok
19:46:02.0171 5916 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:46:02.0171 5916 Psched - ok
19:46:02.0203 5916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:46:02.0249 5916 ql2300 - ok
19:46:02.0265 5916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:46:02.0265 5916 ql40xx - ok
19:46:02.0281 5916 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:46:02.0281 5916 QWAVE - ok
19:46:02.0296 5916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:46:02.0296 5916 QWAVEdrv - ok
19:46:02.0312 5916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:46:02.0312 5916 RasAcd - ok
19:46:02.0374 5916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:46:02.0437 5916 RasAgileVpn - ok
19:46:02.0577 5916 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:46:02.0593 5916 RasAuto - ok
19:46:02.0608 5916 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:02.0624 5916 Rasl2tp - ok
19:46:02.0639 5916 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:46:02.0655 5916 RasMan - ok
19:46:02.0671 5916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:46:02.0671 5916 RasPppoe - ok
19:46:02.0686 5916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:46:02.0702 5916 RasSstp - ok
19:46:02.0733 5916 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
19:46:02.0733 5916 rcmirror - ok
19:46:02.0749 5916 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:46:02.0764 5916 rdbss - ok
19:46:02.0780 5916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:46:02.0780 5916 rdpbus - ok
19:46:02.0795 5916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:02.0795 5916 RDPCDD - ok
19:46:02.0827 5916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:46:02.0827 5916 RDPENCDD - ok
19:46:02.0842 5916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:46:02.0842 5916 RDPREFMP - ok
19:46:02.0889 5916 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:46:02.0889 5916 RDPWD - ok
19:46:02.0905 5916 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:46:02.0905 5916 rdyboost - ok
19:46:02.0936 5916 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:46:02.0936 5916 RemoteAccess - ok
19:46:02.0967 5916 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:46:02.0983 5916 RemoteRegistry - ok
19:46:02.0998 5916 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:46:02.0998 5916 RpcEptMapper - ok
19:46:03.0029 5916 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:46:03.0045 5916 RpcLocator - ok
19:46:03.0076 5916 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:46:03.0076 5916 RpcSs - ok
19:46:03.0107 5916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:46:03.0107 5916 rspndr - ok
19:46:03.0139 5916 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:46:03.0139 5916 RTL8167 - ok
19:46:03.0154 5916 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
19:46:03.0154 5916 RtNdPt60 - ok
19:46:03.0185 5916 RTTEAMPT (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
19:46:03.0185 5916 RTTEAMPT - ok
19:46:03.0217 5916 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
19:46:03.0217 5916 RTVLANPT - ok
19:46:03.0263 5916 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:46:03.0263 5916 SamSs - ok
19:46:03.0279 5916 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:46:03.0295 5916 sbp2port - ok
19:46:03.0310 5916 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:46:03.0326 5916 SCardSvr - ok
19:46:03.0341 5916 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:46:03.0341 5916 scfilter - ok
19:46:03.0388 5916 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:46:03.0419 5916 Schedule - ok
19:46:03.0435 5916 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:46:03.0435 5916 SCPolicySvc - ok
19:46:03.0451 5916 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:46:03.0451 5916 SDRSVC - ok
19:46:03.0482 5916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:46:03.0482 5916 secdrv - ok
19:46:03.0482 5916 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:46:03.0497 5916 seclogon - ok
19:46:03.0513 5916 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:46:03.0513 5916 SENS - ok
19:46:03.0529 5916 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:46:03.0529 5916 SensrSvc - ok
19:46:03.0544 5916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:46:03.0544 5916 Serenum - ok
19:46:03.0560 5916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:46:03.0560 5916 Serial - ok
19:46:03.0575 5916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:46:03.0591 5916 sermouse - ok
19:46:03.0591 5916 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:46:03.0607 5916 SessionEnv - ok
19:46:03.0607 5916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:46:03.0607 5916 sffdisk - ok
19:46:03.0622 5916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:46:03.0622 5916 sffp_mmc - ok
19:46:03.0638 5916 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:46:03.0638 5916 sffp_sd - ok
19:46:03.0653 5916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:46:03.0653 5916 sfloppy - ok
19:46:03.0685 5916 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:46:03.0685 5916 SharedAccess - ok
19:46:03.0700 5916 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:46:03.0700 5916 ShellHWDetection - ok
19:46:03.0794 5916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:46:03.0794 5916 SiSRaid2 - ok
19:46:03.0809 5916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:46:03.0809 5916 SiSRaid4 - ok
19:46:03.0903 5916 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:46:03.0919 5916 SkypeUpdate - ok
19:46:03.0965 5916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:46:03.0965 5916 Smb - ok
19:46:03.0997 5916 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:46:03.0997 5916 SNMPTRAP - ok
19:46:04.0012 5916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:46:04.0012 5916 spldr - ok
19:46:04.0059 5916 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:46:04.0075 5916 Spooler - ok
19:46:04.0121 5916 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:46:04.0168 5916 sppsvc - ok
19:46:04.0184 5916 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:46:04.0199 5916 sppuinotify - ok
19:46:04.0262 5916 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:46:04.0277 5916 srv - ok
19:46:04.0324 5916 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:46:04.0324 5916 srv2 - ok
19:46:04.0371 5916 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:46:04.0387 5916 srvnet - ok
19:46:04.0418 5916 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:46:04.0418 5916 SSDPSRV - ok
19:46:04.0449 5916 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:46:04.0449 5916 SstpSvc - ok
19:46:04.0496 5916 Steam Client Service - ok
19:46:04.0511 5916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:46:04.0511 5916 stexstor - ok
19:46:04.0558 5916 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:46:04.0558 5916 StillCam - ok
19:46:04.0605 5916 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:46:04.0621 5916 stisvc - ok
19:46:04.0636 5916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:46:04.0636 5916 swenum - ok
19:46:04.0652 5916 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:46:04.0667 5916 swprv - ok
19:46:04.0699 5916 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:46:04.0730 5916 SysMain - ok
19:46:04.0745 5916 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:46:04.0761 5916 TabletInputService - ok
19:46:04.0777 5916 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:46:04.0777 5916 TapiSrv - ok
19:46:04.0792 5916 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:46:04.0792 5916 TBS - ok
19:46:04.0886 5916 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:46:04.0933 5916 Tcpip - ok
19:46:04.0995 5916 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:46:04.0995 5916 TCPIP6 - ok
19:46:05.0011 5916 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:46:05.0011 5916 tcpipreg - ok
19:46:05.0026 5916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:46:05.0026 5916 TDPIPE - ok
19:46:05.0073 5916 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:46:05.0073 5916 TDTCP - ok
19:46:05.0089 5916 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:46:05.0089 5916 tdx - ok
19:46:05.0120 5916 TEAM (bc85bdc1c30066c78b8c67af1241d0b7) C:\Windows\system32\DRIVERS\RtTeam60.sys
19:46:05.0120 5916 TEAM - ok
19:46:05.0135 5916 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:46:05.0135 5916 TermDD - ok
19:46:05.0167 5916 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:46:05.0167 5916 TermService - ok
19:46:05.0182 5916 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:46:05.0182 5916 Themes - ok
19:46:05.0213 5916 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:46:05.0213 5916 THREADORDER - ok
19:46:05.0229 5916 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:46:05.0229 5916 TrkWks - ok
19:46:05.0245 5916 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:46:05.0245 5916 TrustedInstaller - ok
19:46:05.0260 5916 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:46:05.0260 5916 tssecsrv - ok
19:46:05.0291 5916 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:46:05.0291 5916 tunnel - ok
19:46:05.0307 5916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:46:05.0307 5916 uagp35 - ok
19:46:05.0323 5916 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:46:05.0323 5916 udfs - ok
19:46:05.0338 5916 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:46:05.0338 5916 UI0Detect - ok
19:46:05.0354 5916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:46:05.0354 5916 uliagpkx - ok
19:46:05.0369 5916 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:46:05.0369 5916 umbus - ok
19:46:05.0385 5916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:46:05.0385 5916 UmPass - ok
19:46:05.0401 5916 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:46:05.0416 5916 upnphost - ok
19:46:05.0463 5916 USBAAPL64 (5cf1ead086176dd3348e920a40bed03d) C:\Windows\system32\Drivers\usbaapl64.sys
19:46:05.0463 5916 USBAAPL64 - ok
19:46:05.0510 5916 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:46:05.0510 5916 usbaudio - ok
19:46:05.0557 5916 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:46:05.0557 5916 usbccgp - ok
19:46:05.0588 5916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:46:05.0588 5916 usbcir - ok
19:46:05.0635 5916 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:46:05.0635 5916 usbehci - ok
19:46:05.0666 5916 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:46:05.0681 5916 usbhub - ok
19:46:05.0681 5916 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
19:46:05.0681 5916 usbohci - ok
19:46:05.0713 5916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:46:05.0713 5916 usbprint - ok
19:46:05.0775 5916 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:46:05.0775 5916 USBSTOR - ok
19:46:05.0853 5916 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:46:05.0853 5916 usbuhci - ok
19:46:05.0884 5916 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
19:46:05.0884 5916 usb_rndisx - ok
19:46:05.0900 5916 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:46:05.0900 5916 UxSms - ok
19:46:05.0947 5916 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:46:05.0947 5916 VaultSvc - ok
19:46:05.0962 5916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:46:05.0962 5916 vdrvroot - ok
19:46:05.0978 5916 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:46:05.0978 5916 vds - ok
19:46:06.0009 5916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:46:06.0009 5916 vga - ok
19:46:06.0025 5916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:46:06.0025 5916 VgaSave - ok
19:46:06.0025 5916 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:46:06.0040 5916 vhdmp - ok
19:46:06.0071 5916 VIAHdAudAddService (eb8e24360caf3492e129b9e485cdca9c) C:\Windows\system32\drivers\viahduaa.sys
19:46:06.0087 5916 VIAHdAudAddService - ok
19:46:06.0103 5916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:46:06.0103 5916 viaide - ok
19:46:06.0118 5916 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:46:06.0118 5916 volmgr - ok
19:46:06.0134 5916 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:46:06.0134 5916 volmgrx - ok
19:46:06.0149 5916 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:46:06.0149 5916 volsnap - ok
19:46:06.0181 5916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:46:06.0181 5916 vsmraid - ok
19:46:06.0243 5916 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:46:06.0274 5916 VSS - ok
19:46:06.0290 5916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:46:06.0290 5916 vwifibus - ok
19:46:06.0305 5916 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:46:06.0321 5916 W32Time - ok
19:46:06.0321 5916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:46:06.0337 5916 WacomPen - ok
19:46:06.0352 5916 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:06.0352 5916 WANARP - ok
19:46:06.0352 5916 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:46:06.0352 5916 Wanarpv6 - ok
19:46:06.0415 5916 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:46:06.0430 5916 WatAdminSvc - ok
19:46:06.0461 5916 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:46:06.0493 5916 wbengine - ok
19:46:06.0508 5916 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:46:06.0524 5916 WbioSrvc - ok
19:46:06.0555 5916 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:46:06.0555 5916 wcncsvc - ok
19:46:06.0571 5916 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:46:06.0571 5916 WcsPlugInService - ok
19:46:06.0586 5916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:46:06.0586 5916 Wd - ok
19:46:06.0617 5916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:46:06.0617 5916 Wdf01000 - ok
19:46:06.0633 5916 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:46:06.0633 5916 WdiServiceHost - ok
19:46:06.0633 5916 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:46:06.0633 5916 WdiSystemHost - ok
19:46:06.0664 5916 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:46:06.0680 5916 WebClient - ok
19:46:06.0680 5916 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:46:06.0695 5916 Wecsvc - ok
19:46:06.0711 5916 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:46:06.0711 5916 wercplsupport - ok
19:46:06.0727 5916 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:46:06.0727 5916 WerSvc - ok
19:46:06.0742 5916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:46:06.0742 5916 WfpLwf - ok
19:46:06.0758 5916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:46:06.0758 5916 WIMMount - ok
19:46:06.0773 5916 WinDefend - ok
19:46:06.0773 5916 WinHttpAutoProxySvc - ok
19:46:06.0805 5916 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:46:06.0805 5916 Winmgmt - ok
19:46:06.0851 5916 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:46:06.0883 5916 WinRM - ok
19:46:06.0914 5916 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:46:06.0914 5916 Wlansvc - ok
19:46:07.0085 5916 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:46:07.0148 5916 wlidsvc - ok
19:46:07.0163 5916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:46:07.0163 5916 WmiAcpi - ok
19:46:07.0179 5916 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:46:07.0179 5916 wmiApSrv - ok
19:46:07.0195 5916 WMPNetworkSvc - ok
19:46:07.0210 5916 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:46:07.0210 5916 WPCSvc - ok
19:46:07.0226 5916 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:46:07.0241 5916 WPDBusEnum - ok
19:46:07.0241 5916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:46:07.0241 5916 ws2ifsl - ok
19:46:07.0319 5916 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
19:46:07.0335 5916 wscsvc - ok
19:46:07.0335 5916 WSearch - ok
19:46:07.0413 5916 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
19:46:07.0475 5916 wuauserv - ok
19:46:07.0491 5916 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:46:07.0507 5916 WudfPf - ok
19:46:07.0522 5916 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:46:07.0522 5916 WUDFRd - ok
19:46:07.0538 5916 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:46:07.0538 5916 wudfsvc - ok
19:46:07.0553 5916 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:46:07.0553 5916 WwanSvc - ok
19:46:07.0600 5916 X6va005 - ok
19:46:07.0709 5916 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:46:07.0709 5916 YahooAUService - ok
19:46:07.0787 5916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:46:07.0912 5916 \Device\Harddisk0\DR0 - ok
19:46:07.0912 5916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:46:07.0912 5916 \Device\Harddisk1\DR1 - ok
19:46:07.0912 5916 Boot (0x1200) (14f9558cdbcf49c972da722e146ee60a) \Device\Harddisk0\DR0\Partition0
19:46:07.0928 5916 \Device\Harddisk0\DR0\Partition0 - ok
19:46:07.0928 5916 Boot (0x1200) (245431574ab8e5895e2dea2b940af524) \Device\Harddisk0\DR0\Partition1
19:46:07.0928 5916 \Device\Harddisk0\DR0\Partition1 - ok
19:46:07.0928 5916 Boot (0x1200) (643ad88284c6081f24490ae68dd5ad11) \Device\Harddisk1\DR1\Partition0
19:46:07.0928 5916 \Device\Harddisk1\DR1\Partition0 - ok
19:46:07.0928 5916 ============================================================
19:46:07.0928 5916 Scan finished
19:46:07.0928 5916 ============================================================
19:46:07.0943 3700 Detected object count: 0
19:46:07.0943 3700 Actual detected object count: 0

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 19:47:22
-----------------------------
19:47:22.710 OS Version: Windows x64 6.1.7600
19:47:22.710 Number of processors: 4 586 0x403
19:47:22.710 ComputerName: SPENCER-PC UserName: Spencer
19:47:25.876 Initialize success
19:48:58.929 AVAST engine defs: 12041502
19:49:02.486 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:49:02.486 Disk 0 Vendor: ST31500541AS CC34 Size: 1430799MB BusType: 3
19:49:02.517 Disk 0 MBR read successfully
19:49:02.517 Disk 0 MBR scan
19:49:02.533 Disk 0 Windows 7 default MBR code
19:49:02.548 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:49:02.564 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
19:49:02.595 Disk 0 scanning C:\Windows\system32\drivers
19:49:14.280 Service scanning
19:49:29.864 Modules scanning
19:49:29.880 Disk 0 trace - called modules:
19:49:29.895 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:49:29.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d74060]
19:49:29.911 3 CLASSPNP.SYS[fffff8800191e43f] -> nt!IofCallDriver -> [0xfffffa8007c289b0]
19:49:29.911 5 ACPI.sys[fffff88000e4c781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007d6d680]
19:49:32.267 AVAST engine scan C:\Windows
19:49:35.979 AVAST engine scan C:\Windows\system32
19:49:46.073 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
19:52:50.449 AVAST engine scan C:\Windows\system32\drivers
19:53:01.681 AVAST engine scan C:\Users\Spencer
20:00:55.080 Disk 0 MBR has been saved successfully to "C:\Users\Spencer\Desktop\MBR.dat"
20:00:55.095 The log file has been saved successfully to "C:\Users\Spencer\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 15 April 2012 - 09:33 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
File::
C:\Windows\system32\consrv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Disco_Stew

Disco_Stew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 16 April 2012 - 09:34 AM

I was having problems with my email being hacked and scam emails being sent by my account even after changing passwords. Also, Windows Defender and Firewall were turned off and I could not turn them on. Firewall is working now and Defender is off but the error I got (Error Code: 0x80070005) seems to mean that it is being shut down by my anti-virus programs so I can live with that. I did a search for consrv.dll in both the system32 and system 64 folders and did not see them this time. Does that mean the virus is gone?

ComboFix 12-04-15.02 - Spencer 04/15/2012 20:54:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6226 [GMT -6:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
Command switches used :: c:\users\Spencer\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 03:02 . 2012-04-16 03:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-16 03:02 . 2012-04-16 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 08:39 . 2012-04-15 08:40 -------- d-----w- C:\FRST
2012-04-15 07:26 . 2012-04-15 23:00 -------- d-----w- c:\users\Spencer\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
2012-04-15 02:40 . 2012-04-15 02:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 02:27 . 2012-04-15 02:27 -------- d-----w- C:\Anti-malware
2012-04-15 00:48 . 2012-04-15 00:48 -------- d-----w- c:\users\Spencer\AppData\Roaming\Malwarebytes
2012-04-15 00:48 . 2012-04-15 00:48 -------- d-----w- c:\programdata\Malwarebytes
2012-04-15 00:48 . 2012-04-15 00:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-15 00:48 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-09 18:46 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 18:46 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-09 18:46 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-09 18:37 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-06 08:00 . 2012-04-14 00:00 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 07:39 . 2012-04-06 07:39 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-04-06 07:25 . 2012-04-14 00:00 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-06 07:25 . 2012-04-06 07:25 -------- d-----we c:\windows\system64
2012-04-03 04:13 . 2012-04-03 04:13 -------- d-----w- c:\program files\iPod
2012-04-03 04:13 . 2012-04-03 04:13 -------- d-----w- c:\program files\iTunes
2012-03-31 19:44 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33BE27FD-7F5F-4090-9191-906B094E9DC3}\mpengine.dll
2012-03-21 18:29 . 2012-03-21 18:29 -------- d-----w- c:\programdata\ATI
2012-03-21 18:24 . 2012-03-21 18:24 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-21 18:24 . 2012-03-21 18:24 -------- d-----w- c:\program files\AMD
2012-03-21 18:24 . 2012-03-21 18:24 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-20 05:54 . 2012-03-23 20:20 -------- d-----w- c:\program files (x86)\Diablo II
2012-03-20 03:01 . 2012-03-20 04:11 -------- d-----w- c:\users\Spencer\D2LOD-1.12A-enUS
2012-03-19 06:42 . 2012-03-19 06:42 -------- d-----w- c:\users\Spencer\AppData\Local\THQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 00:00 . 2011-05-26 07:13 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:10 . 2012-03-06 06:14 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-02-23 15:18 . 2010-02-05 20:23 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 04:05 . 2012-02-15 04:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 04:05 . 2012-02-15 04:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 04:05 . 2012-02-15 04:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 04:05 . 2012-02-15 04:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 04:05 . 2012-02-15 04:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 04:04 . 2012-02-15 04:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 04:03 . 2012-02-15 04:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 04:03 . 2012-02-15 04:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-07-07 01:53 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2009-09-19 02:04 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-07-07 01:24 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-07-07 01:15 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2012-02-15 02:12 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-01-31 12:02 . 2012-01-31 12:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 12:00 . 2012-01-31 12:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_22.44.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-15 22:43 . 2012-04-15 22:43 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-15 22:43 . 2012-04-16 03:04 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-15 22:43 . 2012-04-16 03:04 16384 c:\windows\Temp\History\History.IE5\index.dat
- 2012-04-15 22:43 . 2012-04-15 22:43 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2012-04-15 22:43 . 2012-04-16 03:04 16384 c:\windows\Temp\Cookies\index.dat
- 2012-04-15 22:43 . 2012-04-15 22:43 16384 c:\windows\Temp\Cookies\index.dat
+ 2010-02-05 21:10 . 2012-04-16 03:06 48842 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-16 03:06 32934 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-05 20:54 . 2012-04-16 03:06 11438 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2436757911-3533439838-4145323189-1001_UserData.bin
+ 2010-02-05 21:10 . 2012-04-16 03:06 48842 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-16 03:06 32934 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-05 20:54 . 2012-04-16 03:06 11438 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2436757911-3533439838-4145323189-1001_UserData.bin
+ 2010-02-05 20:53 . 2012-04-16 03:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-05 20:53 . 2012-04-15 22:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-05 20:53 . 2012-04-15 22:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-05 20:53 . 2012-04-16 03:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-05 20:53 . 2012-04-16 03:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-05 20:53 . 2012-04-15 22:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-05 20:53 . 2012-04-15 22:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-05 20:53 . 2012-04-16 03:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-05 20:53 . 2012-04-16 03:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-05 20:53 . 2012-04-15 22:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-16 02:36 . 2012-04-16 02:36 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-04-16 03:03 . 2012-04-16 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 22:43 . 2012-04-15 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 22:43 . 2012-04-15 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-16 03:03 . 2012-04-16 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-16 03:04 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-04-15 22:43 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-04-16 03:04 . 2009-10-07 08:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-04-15 22:43 . 2009-10-07 08:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-07-14 02:36 . 2012-04-15 15:16 635030 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 22:49 635030 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-04-15 15:16 111564 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-15 22:49 111564 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-15 15:16 635030 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 22:49 635030 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 22:49 111564 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-15 15:16 111564 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-15 09:05 284960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-16 03:02 284960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-15 07:25 . 2012-04-15 07:25 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-05-22 07:54 . 2012-04-16 03:02 2019696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2436757911-3533439838-4145323189-1001-8192.dat
- 2010-05-22 07:54 . 2012-04-15 09:05 2019696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2436757911-3533439838-4145323189-1001-8192.dat
+ 2012-04-16 02:36 . 2012-04-16 02:36 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-04-16 02:36 . 2012-04-16 02:36 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-04-15 07:25 . 2012-04-15 07:25 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-14 02:34 . 2012-04-15 22:59 10485760 c:\windows\system64\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-04-15 18:56 10485760 c:\windows\system64\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-15 22:59 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-04-15 18:56 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-01 3077528]
"Akamai NetSession Interface"="c:\users\Spencer\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\PriusOnline\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-11 135664]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Spencer\AppData\Local\Temp\005F8A3.tmp [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R4 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-04-11 294912]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 00:00]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-11 06:47]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-11 06:47]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436757911-3533439838-4145323189-1001Core.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 03:30]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436757911-3533439838-4145323189-1001UA.job
- c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 03:30]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Spencer\AppData\Local\Temp\005F8A3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2436757911-3533439838-4145323189-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:00,77,bc,06,ee,a1,47,94,fb,5d,18,f6,69,af,5a,f1,81,74,69,6d,89,
62,83,56,fa,d0,a8,1d,90,56,a2,09,49,d1,f3,98,8d,e9,d3,82,74,da,ac,f1,a9,7b,\
"rkeysecu"=hex:0c,01,85,43,d9,94,1a,d5,71,29,87,48,26,17,d9,45
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Play ***╠|gin]
"DisplayName"="Adobe Flash Player 10 Plugin"
"DisplayVersion"="10.2.152.26"
"HelpLink"="http://www.adobe.com/go/flashplayer_support/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"RequiresIESysFile"="4.70.0.1155"
"URLInfoAbout"="http://www.adobe.com"
"URLUpdateInfo"="http://www.adobe.com/go/getflashplayer/"
"VersionMajor"=dword:0000000a
"VersionMinor"=dword:00000002
"UninstallString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_Plugin.exe -maintain plugin"
"DisplayIcon"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_Plugin.exe"
"EstimatedSize"=dword:00001800
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2012-04-15 21:12:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 03:12
ComboFix2.txt 2012-04-15 22:51
.
Pre-Run: 1,161,827,307,520 bytes free
Post-Run: 1,161,660,637,184 bytes free
.
- - End Of File - - 3DC3EF504E23F51BBCDA14A4A447E597

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 16 April 2012 - 06:25 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop« Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop« Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Disco_Stew

Disco_Stew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 17 April 2012 - 01:13 PM

I was following your last email, updated java and adobe, and when I ran CCleaner with all the boxes that you recommended checked it messed something up. My computer indicates that it is connected to the internet but I can't actually connect. I opened Firewall and added Google Chrome to the list of allowed programs but it won't open any pages. I have tried to open Internet Explorer but it won't connect to anything either. IE keeps saying it cannot display the webpage. I tried resetting the router but the problem persists. I have tried getting on to the internet with another computer but now it is having similar issues. The other computer was never infected. I am responding on my phone as it is the only way I can access the internet at the moment. Would running CCleaner with all of those boxes checked have an affect on the modems settings as well?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:26 PM

Posted 17 April 2012 - 05:18 PM

Hello


CCleaner only cleans temp files so it was not it


If you have two computers that cannot connect to the internet from the same router - reset the router or check with your isp if there is a problem


also CCleaner did nothing to the second computer so how can it stop it from getting to the internet also?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Disco_Stew

Disco_Stew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 18 April 2012 - 02:01 PM

I knew that CCleaner could not have affected my other computer, I was trying to ask if it could have affected the router's setting somehow. It turned out that my roommates had not paid the cable bill and the internet got shut off within seconds of CCleaner finishing its scan. Just really unfortunate timing is all and it was a little confusing. Back to the task at hand, the Mbam log then the HiJackThis log.


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Spencer :: SPENCER-PC [administrator]

Protection: Disabled

4/18/2012 12:52:10 PM
mbam-log-2012-04-18 (12-52-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207581
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:27 PM, on 4/18/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16930)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Spencer\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Spencer\AppData\Local\Akamai\netsession_win.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Spencer\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12799 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users