Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups, redirects and now general slowness


  • This topic is locked This topic is locked
61 replies to this topic

#1 claws.33

claws.33

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 18 April 2012 - 09:35 PM

Hello, my computer at first had some annoying popups and redirects. I have run Spybot, and have Malwarebytes and the problem is persisting. Now it is very slow and the internet, more so Firefox, are so slow that it is barely loading. Please help if you can! Thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 18 April 2012 - 11:37 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 claws.33

claws.33
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 April 2012 - 12:54 AM

Hi Gringo,

Thank you very much for helping me. I haven't used the computer since posting, and in now testing to make sure the redirects are still happening, I tested it and it redirected my search to some random website, but then re-redirected back to Google search.



Security Check

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 18
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18
Run by Wildcat at 19:37:30 on 2012-04-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.14335.11652 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Wildcat\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Wildcat\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Users\Wildcat\Downloads\r88f1pcj.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Lvinfeefnyzcdcat\AppData\Local\Temp\21081533.exe] C:\Users\Wildcat\AppData\Local\Temp\21081533.exe
uRun: [Lvinfeefn149dcat\AppData\Local\Temp\1957995940.exe] C:\Users\Wildcat\AppData\Local\Temp\1957995940.exe
uRun: [Lvinfeefny0Adcat\AppData\Local\Temp\2150184359.exe] C:\Users\Wildcat\AppData\Local\Temp\2150184359.exe
uRun: [Lvinfeefnyz/dcat\AppData\Local\Temp\1810117482.exe] C:\Users\Wildcat\AppData\Local\Temp\1810117482.exe
uRun: [Lvinfeefn3zOdcat\AppData\Local\Temp\687813290.exe] C:\Users\Wildcat\AppData\Local\Temp\687813290.exe
uRun: [Lvinfeefnz0/dcat\AppData\Local\Temp\1813952354.exe] C:\Users\Wildcat\AppData\Local\Temp\1813952354.exe
uRun: [Lvinfeefn10+dcat\AppData\Local\Temp\2992580316.exe] C:\Users\Wildcat\AppData\Local\Temp\2992580316.exe
uRun: [Lvinfeefny0Adcat\AppData\Local\Temp\1071429376.exe] C:\Users\Wildcat\AppData\Local\Temp\1071429376.exe
uRun: [Lvinfeefn02/dcat\AppData\Local\Temp\3573774883.exe] C:\Users\Wildcat\AppData\Local\Temp\3573774883.exe
uRun: [Lvinfeefny2Pdcat\AppData\Local\Temp\109092872.exe] C:\Users\Wildcat\AppData\Local\Temp\109092872.exe
uRun: [Lvinfeefny1+dcat\AppData\Local\Temp\1106922914.exe] C:\Users\Wildcat\AppData\Local\Temp\1106922914.exe
uRun: [Lvinfeefn2w+dcat\AppData\Local\Temp\1699020007.exe] C:\Users\Wildcat\AppData\Local\Temp\1699020007.exe
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Wildcat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [scheduler_monitor] C:\Program Files (x86)\ReaConverter 5.5 Pro\init_scheduler.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Wildcat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TVMOBI~1.LNK - C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7472887B-262A-4DE7-80F1-C8F2105193B1} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110814&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Users\Wildcat\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Wildcat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Wildcat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]
R2 tvMobiliService;tvMobiliService;C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe [2011-11-16 1009152]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
R3 dfmirage;dfmirage;C:\Windows\system32\DRIVERS\dfmirage.sys --> C:\Windows\system32\DRIVERS\dfmirage.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-11 1153368]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-14 1038088]
S3 rcp_service;ReaConverter scheduler service;C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TipCtrl;TipCtrl;"C:\Program Files\uTIPu\TipCtrl.exe" --> C:\Program Files\uTIPu\TipCtrl.exe [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-19 02:29:54 116016 ----a-w- C:\Windows\System32\drivers\50954379.sys
2012-04-17 04:51:37 -------- d-----w- C:\Users\Wildcat\AppData\Roaming\PDAppFlex
2012-04-11 02:18:29 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 02:18:28 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 02:18:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 02:18:28 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 02:18:28 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 02:18:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 02:18:28 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 00:30:02 -------- d-----w- C:\Users\Wildcat\AppData\Roaming\Xilisoft
2012-04-10 23:59:49 -------- d-----w- C:\ProgramData\Xilisoft
2012-04-10 23:59:42 1790464 ----a-w- C:\Windows\SysWow64\mqrdim.dll
2012-04-10 23:59:41 -------- d-----w- C:\Program Files (x86)\Xilisoft
2012-04-10 23:04:40 -------- d-----w- C:\Users\Wildcat\AppData\Local\Logitech® Webcam Software
2012-04-02 04:24:05 53248 ----a-r- C:\Users\Wildcat\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-02 04:23:12 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-04-02 00:00:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 19:21:04 -------- d-----w- C:\Users\Wildcat\AppData\Local\ElevatedDiagnostics
2012-03-24 17:23:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
==================== Find3M ====================
.
2012-04-19 02:08:16 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-28 09:10:26 947472 ----a-w- C:\Windows\SysWow64\msjava.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 06:09:55 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 19:39:28.36 ===============

DDS Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/17/2010 7:20:48 PM
System Uptime: 4/18/2012 7:06:57 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Crosshair III Formula
Processor: AMD Phenom™ II X4 965 Processor | AM3 | 3411/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 40.343 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.955 GiB free.
E: is FIXED (NTFS) - 36 GiB total, 30.298 GiB free.
F: is FIXED (NTFS) - 401 GiB total, 154.978 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: Mirage Driver
Device ID: ROOT\DISPLAY\0001
Manufacturer: DemoForge
Name: Mirage Driver
PNP Device ID: ROOT\DISPLAY\0001
Service: dfmirage
.
==== System Restore Points ===================
.
RP435: 4/16/2012 9:25:13 PM - Removed Adobe Community Help
RP436: 4/17/2012 11:07:38 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
.
==== Installed Programs ======================
.
Leawo Video Converter version 5.0.0.0
Update for Microsoft Office 2007 (KB2508958)
µTorrent
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Cybershop CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS6
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
Avery Wizard 3.1
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Conduit Engine
Connect
DVDx 4.0
EPSON Scan
erLT
Google Chrome
Google Talk Plugin
HydraVision
Ipswitch WS_FTP 12
Java Auto Updater
Java™ 6 Update 18
kuler
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Games for Windows - LIVE
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 11.0 (x86 en-US)
PDF Settings CS4
PDF Settings CS6
Photoshop Camera Raw
PxMergeModule
QuickTime
ReaConverter 5.5 Pro
RIFT
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
StarCraft II
Steam
Suite Shared Configuration CS4
tvMobili
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.9
WinZip 14.0
Wondershare Video Converter Ultimate(Build 5.7.1.1)
x264vfw - H.264/MPEG-4 AVC codec (remove only)
Xilisoft Video Converter Ultimate
Xvid 1.2.2 final uninstall
YouSendIt Express
.
==== Event Viewer Messages From Past Week ========
.
4/18/2012 7:07:20 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/18/2012 7:07:17 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
4/18/2012 7:07:16 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/18/2012 7:07:16 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 19 April 2012 - 05:33 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 claws.33

claws.33
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 April 2012 - 08:36 PM

Hi Gringo,

I haven't used my computer other than for running combofix so I don't know if things are better. I don't want to risk messing anything up.

ComboFix 12-04-19.02 - Wildcat 04/19/2012 18:06:13.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.14335.12381 [GMT -7:00]
Running from: c:\users\Wildcat\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Wildcat\.COMMgr
c:\users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\searchplugins\bing-zugo.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\System64
c:\windows\SysWow64\gfbaksm.dat
c:\windows\SysWow64\gfbaksm.dll
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 01:20 . 2012-04-20 01:20 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2012-04-17 04:51 . 2012-04-17 04:51 -------- d-----w- c:\users\Wildcat\AppData\Roaming\PDAppFlex
2012-04-11 02:18 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:18 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:18 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:18 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 02:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 02:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 00:30 . 2012-04-11 00:30 -------- d-----w- c:\users\Wildcat\AppData\Roaming\Xilisoft
2012-04-10 23:59 . 2012-04-10 23:59 -------- d-----w- c:\programdata\Xilisoft
2012-04-10 23:59 . 2012-04-10 23:59 1790464 ----a-w- c:\windows\SysWow64\mqrdim.dll
2012-04-10 23:59 . 2012-04-10 23:59 -------- d-----w- c:\program files (x86)\Xilisoft
2012-04-10 23:04 . 2012-04-10 23:04 -------- d-----w- c:\users\Wildcat\AppData\Local\Logitech® Webcam Software
2012-04-10 06:08 . 2012-04-10 06:08 -------- d-----w- c:\users\Patrick\AppData\Roaming\RCP 5
2012-04-06 18:31 . 2012-04-06 18:31 -------- d-----w- c:\users\Patrick\AppData\Local\Logitech® Webcam Software
2012-04-02 04:27 . 2012-04-02 04:27 -------- d-----w- c:\programdata\LogiShrd
2012-04-02 04:24 . 2012-04-02 04:24 53248 ----a-r- c:\users\Wildcat\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-02 04:24 . 2012-04-02 04:24 -------- d-----w- c:\users\Wildcat\AppData\Roaming\Leadertech
2012-04-02 04:23 . 2012-04-04 02:37 -------- d-----w- c:\program files\Common Files\logishrd
2012-04-02 04:23 . 2012-04-02 04:23 -------- d-----w- c:\programdata\Logitech
2012-04-02 04:23 . 2012-04-02 04:23 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-04-02 04:22 . 2012-04-04 02:37 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-04-02 04:22 . 2012-04-02 04:24 -------- d-----w- c:\program files (x86)\Logitech
2012-04-02 00:00 . 2012-04-19 02:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 19:21 . 2012-03-24 19:21 -------- d-----w- c:\users\Wildcat\AppData\Local\ElevatedDiagnostics
2012-03-24 17:23 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 09:10 . 2012-02-28 09:10 947472 ----a-w- c:\windows\SysWow64\msjava.dll
2012-02-15 06:27 . 2012-03-14 01:58 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 01:58 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 01:58 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 01:58 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 06:11 . 2012-02-14 06:11 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-14 06:11 . 2012-02-14 06:11 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-14 06:11 . 2012-02-14 06:11 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-14 06:11 . 2012-02-14 06:11 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-14 06:11 . 2012-02-14 06:11 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-14 06:11 . 2012-02-14 06:11 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-14 06:11 . 2012-02-14 06:11 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-14 06:11 . 2012-02-14 06:11 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-14 06:11 . 2012-02-14 06:11 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-14 06:11 . 2012-02-14 06:11 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-14 06:11 . 2012-02-14 06:11 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-14 06:11 . 2012-02-14 06:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-14 06:11 . 2012-02-14 06:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-14 06:11 . 2012-02-14 06:11 448512 ----a-w- c:\windows\system32\html.iec
2012-02-14 06:11 . 2012-02-14 06:11 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-14 06:11 . 2012-02-14 06:11 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-14 06:11 . 2012-02-14 06:11 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-14 06:11 . 2012-02-14 06:11 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-14 06:11 . 2012-02-14 06:11 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-14 06:11 . 2012-02-14 06:11 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-14 06:11 . 2012-02-14 06:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-14 06:11 . 2012-02-14 06:11 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-14 06:11 . 2012-02-14 06:11 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-14 06:11 . 2012-02-14 06:11 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-14 06:11 . 2012-02-14 06:11 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-14 06:11 . 2012-02-14 06:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-14 06:11 . 2012-02-14 06:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-14 06:11 . 2012-02-14 06:11 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-14 06:11 . 2012-02-14 06:11 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-14 06:11 . 2012-02-14 06:11 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-14 06:11 . 2012-02-14 06:11 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-14 06:11 . 2012-02-14 06:11 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-14 06:11 . 2012-02-14 06:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-14 06:11 . 2012-02-14 06:11 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-14 06:09 . 2012-02-14 06:09 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-14 06:09 . 2012-02-14 06:09 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-14 06:09 . 2012-02-14 06:09 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-14 06:09 . 2012-02-14 06:09 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-14 06:09 . 2012-02-14 06:09 4068864 ----a-w- c:\windows\system32\mf.dll
2012-02-14 06:09 . 2012-02-14 06:09 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-02-14 06:09 . 2012-02-14 06:09 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-14 06:09 . 2012-02-14 06:09 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-14 06:09 . 2012-02-14 06:09 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-14 06:09 . 2012-02-14 06:09 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-02-14 06:09 . 2012-02-14 06:09 206848 ----a-w- c:\windows\system32\mfps.dll
2012-02-14 06:09 . 2012-02-14 06:09 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-02-14 06:09 . 2012-02-14 06:09 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-02-14 06:09 . 2012-02-14 06:09 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-14 06:09 . 2012-02-14 06:09 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-02-14 06:09 . 2012-02-14 06:09 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-02-14 06:09 . 2012-02-14 06:09 144384 ----a-w- c:\windows\system32\cdd.dll
2012-02-14 06:09 . 2012-02-14 06:09 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-02-14 06:09 . 2012-02-14 06:09 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-02-10 06:18 . 2012-03-14 01:58 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 01:58 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 01:58 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 01:58 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 01:58 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 01:58 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 01:58 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 01:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 01:58 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 01:58 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16 . 2012-03-14 01:58 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:27 . 2012-03-14 01:58 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:27 . 2012-03-14 01:58 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:20 . 2012-03-14 01:58 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-25 740216]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-01 1242448]
"scheduler_monitor"="c:\program files (x86)\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-11 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
.
c:\users\Wildcat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TVMOBiLiArtworkManager.lnk - c:\program files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe [2011-11-16 66048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-15 1038088]
R3 rcp_service;ReaConverter scheduler service;c:\program files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TipCtrl;TipCtrl;c:\program files\uTIPu\TipCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tvMobiliService;tvMobiliService;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe [2011-11-16 1009152]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594381243-1643902856-3051444525-1001Core.job
- c:\users\Wildcat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 22:54]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594381243-1643902856-3051444525-1001UA.job
- c:\users\Wildcat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 22:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-02 446392]
"combofix"="c:\combofix\CF8753.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vsapint
WmUsbHid
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110814&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
Wow6432Node-HKCU-Run-Lvinfeefnyzcdcat\AppData\Local\Temp\21081533.exe - c:\users\Wildcat\AppData\Local\Temp\21081533.exe
Wow6432Node-HKCU-Run-Lvinfeefn149dcat\AppData\Local\Temp\1957995940.exe - c:\users\Wildcat\AppData\Local\Temp\1957995940.exe
Wow6432Node-HKCU-Run-Lvinfeefny0Adcat\AppData\Local\Temp\2150184359.exe - c:\users\Wildcat\AppData\Local\Temp\2150184359.exe
Wow6432Node-HKCU-Run-Lvinfeefnyz/dcat\AppData\Local\Temp\1810117482.exe - c:\users\Wildcat\AppData\Local\Temp\1810117482.exe
Wow6432Node-HKCU-Run-Lvinfeefn3zOdcat\AppData\Local\Temp\687813290.exe - c:\users\Wildcat\AppData\Local\Temp\687813290.exe
Wow6432Node-HKCU-Run-Lvinfeefnz0/dcat\AppData\Local\Temp\1813952354.exe - c:\users\Wildcat\AppData\Local\Temp\1813952354.exe
Wow6432Node-HKCU-Run-Lvinfeefn10+dcat\AppData\Local\Temp\2992580316.exe - c:\users\Wildcat\AppData\Local\Temp\2992580316.exe
Wow6432Node-HKCU-Run-Lvinfeefny0Adcat\AppData\Local\Temp\1071429376.exe - c:\users\Wildcat\AppData\Local\Temp\1071429376.exe
Wow6432Node-HKCU-Run-Lvinfeefn02/dcat\AppData\Local\Temp\3573774883.exe - c:\users\Wildcat\AppData\Local\Temp\3573774883.exe
Wow6432Node-HKCU-Run-Lvinfeefny2Pdcat\AppData\Local\Temp\109092872.exe - c:\users\Wildcat\AppData\Local\Temp\109092872.exe
Wow6432Node-HKCU-Run-Lvinfeefny1+dcat\AppData\Local\Temp\1106922914.exe - c:\users\Wildcat\AppData\Local\Temp\1106922914.exe
Wow6432Node-HKCU-Run-Lvinfeefn2w+dcat\AppData\Local\Temp\1699020007.exe - c:\users\Wildcat\AppData\Local\Temp\1699020007.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Wow6432Node-HKLM-Run-AdobeCS4ServiceManager - c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
SafeBoot-28689315.sys
SafeBoot-33317577.sys
SafeBoot-35624024.sys
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\S-1-5-21-1594381243-1643902856-3051444525-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{377D1512-713D-9215-FF17-D53A4D3F42E1}*]
"iaajfncfchaelmkici"=hex:6b,61,6d,6e,6b,66,6d,69,63,6c,6e,62,69,6a,67,66,6e,6f,
6a,65,6d,6e,00,00
"hakihbkeciokmkcc"=hex:6a,61,6e,6e,62,6d,67,64,6d,6a,6a,64,6a,6d,6a,63,70,65,
6c,6a,00,00
"eaikldpodh"=hex:69,61,63,61,6e,6b,63,65,62,62,69,68,70,6d,61,68,62,67,00,00
"dadkihjp"=hex:64,62,61,6a,6f,6c,6e,6b,62,61,61,64,6b,6c,6a,64,6e,67,69,69,6c,
6a,65,6b,62,6e,62,67,66,68,67,70,68,61,63,6c,63,6d,64,6b,00,00
.
[HKEY_USERS\S-1-5-21-1594381243-1643902856-3051444525-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8596FCE-1FF3-9F15-987D-3E2D21374131}*]
"eagdnlabgj"=hex:66,61,61,64,6b,67,68,6d,6d,61,6e,69,00,fc
"dabealjj"=hex:64,62,63,67,6f,63,61,6e,69,62,6c,6a,6e,6c,6a,66,63,62,67,65,62,
6d,6a,6b,63,6d,63,6c,6e,6c,64,62,6d,64,61,6d,61,61,6d,6a,00,39
.
[HKEY_USERS\S-1-5-21-1594381243-1643902856-3051444525-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:14,77,35,01,4c,1f,1a,25,2e,3e,fb,4b,d5,cd,2f,3a,84,27,fe,80,d3,31,b8,
ed,25,b1,f5,69,78,c5,77,c8,b8,ac,b5,bf,a3,c8,df,a2,7d,ec,b0,bd,52,05,bd,a8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1594381243-1643902856-3051444525-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:14,99,6f,9b,a5,07,98,4f,b3,22,04,91,13,34,61,4a,c8,67,1b,ab,31,
10,07,3f,e2,aa,e0,7d,cd,ea,55,8e,25,5f,de,51,b6,81,6e,5a,15,71,d6,d6,d5,dd,\
"rkeysecu"=hex:9d,39,7f,4f,25,42,bb,d2,3f,51,be,7c,5e,d6,c0,fc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{377D1512-713D-9215-FF17-D53A4D3F42E1}\InProcServer32*]
"faoicehllpih"=hex:69,61,63,61,6e,6b,63,65,62,62,69,68,70,6d,61,68,62,67,00,00
"eaoifeglak"=hex:64,62,61,6a,6f,6c,6e,6b,62,61,61,64,6b,6c,6a,64,6e,67,69,69,
6c,6a,65,6b,62,6e,62,67,66,68,67,70,68,61,63,6c,63,6d,64,6b,00,00
"gaoicehllpihgc"=hex:69,61,63,61,6e,6b,63,65,62,62,69,68,70,6d,61,68,62,67,00,
00
"faoifeglakbf"=hex:64,62,61,6a,6f,6c,6e,6b,62,61,61,64,6b,6c,6a,64,6e,67,69,69,
6c,6a,65,6b,62,6e,62,67,66,68,67,70,68,61,63,6c,63,6d,64,6b,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\SysWOW64\ping.exe
.
**************************************************************************
.
Completion time: 2012-04-19 18:33:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 01:33
.
Pre-Run: 47,449,059,328 bytes free
Post-Run: 47,032,631,296 bytes free
.
- - End Of File - - D295A865E9EEE2CF01484589CD0EAF81

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 19 April 2012 - 08:45 PM

Greetings

go ahead and check things out - it is the best way for me to know what is going on

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 claws.33

claws.33
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 April 2012 - 09:06 PM

After running tsskiller my computer rebooted and then won't startup. It auto reboots after the starting Windows screen. I lett the startup repair run but it can't fix it..so now I can't turn on my computer.

After running tsskiller my computer rebooted and then won't startup. It auto reboots after the starting Windows screen. I lett the startup repair run but it can't fix it..so now I can't turn on my computer.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 19 April 2012 - 09:28 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 claws.33

claws.33
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 April 2012 - 09:38 PM

I had selected system restore to the point that combofix created which worked fine, so I did not use the farbar. I did it right after replying via my phone. After combofix I tested it and was not gettinf redirected. After system restore I am again being redirected.

Oh, and here is the log from TDSSkiller

18:52:59.0455 3480 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
18:53:00.0543 3480 ============================================================
18:53:00.0543 3480 Current date / time: 2012/04/19 18:53:00.0543
18:53:00.0543 3480 SystemInfo:
18:53:00.0543 3480
18:53:00.0543 3480 OS Version: 6.1.7600 ServicePack: 0.0
18:53:00.0543 3480 Product type: Workstation
18:53:00.0543 3480 ComputerName: GAMERZDEN
18:53:00.0543 3480 UserName: Wildcat
18:53:00.0543 3480 Windows directory: C:\Windows
18:53:00.0543 3480 System windows directory: C:\Windows
18:53:00.0543 3480 Running under WOW64
18:53:00.0543 3480 Processor architecture: Intel x64
18:53:00.0543 3480 Number of processors: 4
18:53:00.0543 3480 Page size: 0x1000
18:53:00.0543 3480 Boot type: Normal boot
18:53:00.0543 3480 ============================================================
18:53:01.0325 3480 Drive \Device\Harddisk0\DR0 - Size: 0xDF8475800 (55.88 Gb), SectorSize: 0x200, Cylinders: 0x1C7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:53:01.0331 3480 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:53:01.0334 3480 \Device\Harddisk0\DR0:
18:53:01.0334 3480 MBR partitions:
18:53:01.0334 3480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D4B139
18:53:01.0348 3480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x48AE849
18:53:01.0348 3480 \Device\Harddisk1\DR1:
18:53:01.0349 3480 MBR partitions:
18:53:01.0349 3480 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
18:53:01.0349 3480 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1869E598, BlocksNum 0x321B8929
18:53:01.0365 3480 C: <-> \Device\Harddisk1\DR1\Partition0
18:53:01.0390 3480 D: <-> \Device\Harddisk0\DR0\Partition0
18:53:01.0407 3480 E: <-> \Device\Harddisk0\DR0\Partition1
18:53:01.0426 3480 F: <-> \Device\Harddisk1\DR1\Partition1
18:53:01.0426 3480 Initialize success
18:53:01.0426 3480 ============================================================
18:53:16.0715 0308 ============================================================
18:53:16.0715 0308 Scan started
18:53:16.0715 0308 Mode: Manual;
18:53:16.0715 0308 ============================================================
18:53:17.0043 0308 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:53:17.0045 0308 1394ohci - ok
18:53:17.0127 0308 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:53:17.0128 0308 ACDaemon - ok
18:53:17.0171 0308 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:53:17.0174 0308 ACPI - ok
18:53:17.0188 0308 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:53:17.0189 0308 AcpiPmi - ok
18:53:17.0228 0308 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
18:53:17.0229 0308 adfs - ok
18:53:17.0261 0308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:53:17.0265 0308 adp94xx - ok
18:53:17.0285 0308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:53:17.0288 0308 adpahci - ok
18:53:17.0308 0308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:53:17.0310 0308 adpu320 - ok
18:53:17.0330 0308 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:53:17.0331 0308 AeLookupSvc - ok
18:53:17.0360 0308 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:53:17.0365 0308 AFD - ok
18:53:17.0384 0308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:53:17.0385 0308 agp440 - ok
18:53:17.0399 0308 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:53:17.0400 0308 ALG - ok
18:53:17.0417 0308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:53:17.0417 0308 aliide - ok
18:53:17.0454 0308 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
18:53:17.0456 0308 AMD External Events Utility - ok
18:53:17.0467 0308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:53:17.0468 0308 amdide - ok
18:53:17.0482 0308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:53:17.0483 0308 AmdK8 - ok
18:53:17.0656 0308 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
18:53:17.0777 0308 amdkmdag - ok
18:53:17.0809 0308 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
18:53:17.0810 0308 amdkmdap - ok
18:53:17.0838 0308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:53:17.0838 0308 AmdPPM - ok
18:53:17.0864 0308 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
18:53:17.0865 0308 amdsata - ok
18:53:17.0890 0308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:53:17.0893 0308 amdsbs - ok
18:53:17.0911 0308 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
18:53:17.0912 0308 amdxata - ok
18:53:17.0935 0308 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:53:17.0936 0308 AppID - ok
18:53:17.0951 0308 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:53:17.0952 0308 AppIDSvc - ok
18:53:17.0963 0308 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:53:17.0965 0308 Appinfo - ok
18:53:18.0036 0308 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:53:18.0037 0308 Apple Mobile Device - ok
18:53:18.0054 0308 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:53:18.0057 0308 AppMgmt - ok
18:53:18.0075 0308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:53:18.0076 0308 arc - ok
18:53:18.0089 0308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:53:18.0091 0308 arcsas - ok
18:53:18.0120 0308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:53:18.0120 0308 AsyncMac - ok
18:53:18.0132 0308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:53:18.0132 0308 atapi - ok
18:53:18.0171 0308 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
18:53:18.0172 0308 AtiHdmiService - ok
18:53:18.0297 0308 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
18:53:18.0333 0308 atikmdag - ok
18:53:18.0357 0308 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:53:18.0364 0308 AudioEndpointBuilder - ok
18:53:18.0372 0308 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:53:18.0375 0308 AudioSrv - ok
18:53:18.0387 0308 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:53:18.0388 0308 AxInstSV - ok
18:53:18.0409 0308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:53:18.0414 0308 b06bdrv - ok
18:53:18.0455 0308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:53:18.0458 0308 b57nd60a - ok
18:53:18.0472 0308 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:53:18.0474 0308 BDESVC - ok
18:53:18.0486 0308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:53:18.0487 0308 Beep - ok
18:53:18.0523 0308 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:53:18.0530 0308 BFE - ok
18:53:18.0559 0308 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:53:18.0563 0308 BITS - ok
18:53:18.0589 0308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:53:18.0590 0308 blbdrive - ok
18:53:18.0625 0308 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:53:18.0626 0308 bowser - ok
18:53:18.0633 0308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:53:18.0633 0308 BrFiltLo - ok
18:53:18.0640 0308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:53:18.0641 0308 BrFiltUp - ok
18:53:18.0665 0308 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:53:18.0666 0308 BridgeMP - ok
18:53:18.0691 0308 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:53:18.0691 0308 Browser - ok
18:53:18.0700 0308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:53:18.0703 0308 Brserid - ok
18:53:18.0710 0308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:53:18.0711 0308 BrSerWdm - ok
18:53:18.0717 0308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:53:18.0717 0308 BrUsbMdm - ok
18:53:18.0724 0308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:53:18.0724 0308 BrUsbSer - ok
18:53:18.0732 0308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:53:18.0733 0308 BTHMODEM - ok
18:53:18.0748 0308 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:53:18.0749 0308 bthserv - ok
18:53:18.0762 0308 catchme - ok
18:53:18.0782 0308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:53:18.0783 0308 cdfs - ok
18:53:18.0799 0308 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:53:18.0801 0308 cdrom - ok
18:53:18.0831 0308 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:53:18.0832 0308 CertPropSvc - ok
18:53:18.0839 0308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:53:18.0840 0308 circlass - ok
18:53:18.0854 0308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:53:18.0858 0308 CLFS - ok
18:53:18.0893 0308 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:53:18.0894 0308 clr_optimization_v2.0.50727_32 - ok
18:53:18.0905 0308 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:53:18.0906 0308 clr_optimization_v2.0.50727_64 - ok
18:53:18.0923 0308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:53:18.0928 0308 CmBatt - ok
18:53:18.0971 0308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:53:18.0971 0308 cmdide - ok
18:53:19.0008 0308 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:53:19.0012 0308 CNG - ok
18:53:19.0027 0308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:53:19.0028 0308 Compbatt - ok
18:53:19.0081 0308 CompFilter64 (59d203c3f46f3ca536ecac0e084cd887) C:\Windows\system32\DRIVERS\lvbflt64.sys
18:53:19.0081 0308 CompFilter64 - ok
18:53:19.0112 0308 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:53:19.0113 0308 CompositeBus - ok
18:53:19.0119 0308 COMSysApp - ok
18:53:19.0133 0308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:53:19.0134 0308 crcdisk - ok
18:53:19.0163 0308 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:53:19.0164 0308 CryptSvc - ok
18:53:19.0199 0308 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
18:53:19.0204 0308 CSC - ok
18:53:19.0222 0308 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
18:53:19.0228 0308 CscService - ok
18:53:19.0256 0308 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:53:19.0259 0308 DcomLaunch - ok
18:53:19.0309 0308 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:53:19.0313 0308 defragsvc - ok
18:53:19.0350 0308 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
18:53:19.0351 0308 dfmirage - ok
18:53:19.0381 0308 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:53:19.0383 0308 DfsC - ok
18:53:19.0416 0308 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:53:19.0420 0308 Dhcp - ok
18:53:19.0430 0308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:53:19.0431 0308 discache - ok
18:53:19.0459 0308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:53:19.0460 0308 Disk - ok
18:53:19.0489 0308 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:53:19.0491 0308 Dnscache - ok
18:53:19.0505 0308 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:53:19.0508 0308 dot3svc - ok
18:53:19.0521 0308 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:53:19.0524 0308 DPS - ok
18:53:19.0554 0308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:53:19.0554 0308 drmkaud - ok
18:53:19.0595 0308 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:53:19.0599 0308 DXGKrnl - ok
18:53:19.0615 0308 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:53:19.0617 0308 EapHost - ok
18:53:19.0670 0308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:53:19.0710 0308 ebdrv - ok
18:53:19.0741 0308 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:53:19.0742 0308 EFS - ok
18:53:19.0793 0308 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
18:53:19.0799 0308 ehRecvr - ok
18:53:19.0811 0308 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:53:19.0813 0308 ehSched - ok
18:53:19.0850 0308 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
18:53:19.0851 0308 ElbyCDIO - ok
18:53:19.0871 0308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:53:19.0876 0308 elxstor - ok
18:53:19.0946 0308 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
18:53:19.0947 0308 EPSON_EB_RPCV4_01 - ok
18:53:19.0957 0308 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
18:53:19.0958 0308 EPSON_PM_RPCV4_01 - ok
18:53:19.0969 0308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:53:19.0970 0308 ErrDev - ok
18:53:19.0988 0308 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:53:19.0990 0308 EventSystem - ok
18:53:19.0999 0308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:53:20.0001 0308 exfat - ok
18:53:20.0015 0308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:53:20.0017 0308 fastfat - ok
18:53:20.0052 0308 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:53:20.0059 0308 Fax - ok
18:53:20.0066 0308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:53:20.0067 0308 fdc - ok
18:53:20.0073 0308 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:53:20.0074 0308 fdPHost - ok
18:53:20.0086 0308 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:53:20.0087 0308 FDResPub - ok
18:53:20.0104 0308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:53:20.0104 0308 FileInfo - ok
18:53:20.0117 0308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:53:20.0118 0308 Filetrace - ok
18:53:20.0198 0308 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:53:20.0204 0308 FLEXnet Licensing Service - ok
18:53:20.0271 0308 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:53:20.0281 0308 FLEXnet Licensing Service 64 - ok
18:53:20.0288 0308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:53:20.0289 0308 flpydisk - ok
18:53:20.0315 0308 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:53:20.0318 0308 FltMgr - ok
18:53:20.0359 0308 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
18:53:20.0370 0308 FontCache - ok
18:53:20.0411 0308 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:53:20.0412 0308 FontCache3.0.0.0 - ok
18:53:20.0430 0308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:53:20.0431 0308 FsDepends - ok
18:53:20.0458 0308 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:53:20.0459 0308 Fs_Rec - ok
18:53:20.0513 0308 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
18:53:20.0515 0308 fvevol - ok
18:53:20.0532 0308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:53:20.0533 0308 gagp30kx - ok
18:53:20.0562 0308 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:53:20.0562 0308 GEARAspiWDM - ok
18:53:20.0588 0308 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:53:20.0595 0308 gpsvc - ok
18:53:20.0608 0308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:53:20.0608 0308 hcw85cir - ok
18:53:20.0639 0308 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:53:20.0642 0308 HdAudAddService - ok
18:53:20.0750 0308 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:53:20.0752 0308 HDAudBus - ok
18:53:20.0811 0308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:53:20.0812 0308 HidBatt - ok
18:53:20.0819 0308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:53:20.0821 0308 HidBth - ok
18:53:20.0828 0308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:53:20.0829 0308 HidIr - ok
18:53:20.0846 0308 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:53:20.0847 0308 hidserv - ok
18:53:20.0880 0308 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:53:20.0881 0308 HidUsb - ok
18:53:20.0902 0308 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:53:20.0904 0308 hkmsvc - ok
18:53:20.0916 0308 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:53:20.0919 0308 HomeGroupListener - ok
18:53:20.0946 0308 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:53:20.0949 0308 HomeGroupProvider - ok
18:53:20.0967 0308 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:53:20.0968 0308 HpSAMD - ok
18:53:20.0990 0308 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:53:20.0997 0308 HTTP - ok
18:53:21.0011 0308 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:53:21.0012 0308 hwpolicy - ok
18:53:21.0046 0308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:53:21.0048 0308 i8042prt - ok
18:53:21.0073 0308 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
18:53:21.0077 0308 iaStorV - ok
18:53:21.0125 0308 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:53:21.0134 0308 idsvc - ok
18:53:21.0146 0308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:53:21.0147 0308 iirsp - ok
18:53:21.0183 0308 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:53:21.0191 0308 IKEEXT - ok
18:53:21.0211 0308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:53:21.0212 0308 intelide - ok
18:53:21.0235 0308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:53:21.0236 0308 intelppm - ok
18:53:21.0248 0308 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:53:21.0250 0308 IPBusEnum - ok
18:53:21.0257 0308 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:21.0259 0308 IpFilterDriver - ok
18:53:21.0300 0308 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:53:21.0306 0308 iphlpsvc - ok
18:53:21.0313 0308 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:53:21.0315 0308 IPMIDRV - ok
18:53:21.0323 0308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:53:21.0326 0308 IPNAT - ok
18:53:21.0401 0308 iPod Service (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe
18:53:21.0405 0308 iPod Service - ok
18:53:21.0430 0308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:53:21.0430 0308 IRENUM - ok
18:53:21.0445 0308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:53:21.0446 0308 isapnp - ok
18:53:21.0465 0308 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:53:21.0468 0308 iScsiPrt - ok
18:53:21.0502 0308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:21.0502 0308 kbdclass - ok
18:53:21.0519 0308 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:21.0520 0308 kbdhid - ok
18:53:21.0549 0308 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:53:21.0550 0308 KeyIso - ok
18:53:21.0579 0308 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:53:21.0580 0308 KSecDD - ok
18:53:21.0610 0308 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:53:21.0611 0308 KSecPkg - ok
18:53:21.0623 0308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:53:21.0623 0308 ksthunk - ok
18:53:21.0656 0308 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:53:21.0660 0308 KtmRm - ok
18:53:21.0696 0308 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:53:21.0699 0308 LanmanServer - ok
18:53:21.0722 0308 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:53:21.0725 0308 LanmanWorkstation - ok
18:53:21.0786 0308 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
18:53:21.0787 0308 Lbd - ok
18:53:21.0818 0308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:53:21.0819 0308 lltdio - ok
18:53:21.0865 0308 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:53:21.0869 0308 lltdsvc - ok
18:53:21.0882 0308 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:53:21.0883 0308 lmhosts - ok
18:53:21.0914 0308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:53:21.0915 0308 LSI_FC - ok
18:53:21.0928 0308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:53:21.0930 0308 LSI_SAS - ok
18:53:21.0945 0308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:53:21.0946 0308 LSI_SAS2 - ok
18:53:21.0963 0308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:53:21.0965 0308 LSI_SCSI - ok
18:53:21.0983 0308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:53:21.0985 0308 luafv - ok
18:53:22.0030 0308 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
18:53:22.0031 0308 LVRS64 - ok
18:53:22.0122 0308 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
18:53:22.0142 0308 LVUVC64 - ok
18:53:22.0188 0308 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:53:22.0188 0308 MBAMProtector - ok
18:53:22.0266 0308 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:53:22.0269 0308 MBAMService - ok
18:53:22.0286 0308 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:53:22.0288 0308 Mcx2Svc - ok
18:53:22.0303 0308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:53:22.0304 0308 megasas - ok
18:53:22.0323 0308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:53:22.0326 0308 MegaSR - ok
18:53:22.0377 0308 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:53:22.0378 0308 Microsoft Office Groove Audit Service - ok
18:53:22.0396 0308 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:53:22.0397 0308 MMCSS - ok
18:53:22.0408 0308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:53:22.0409 0308 Modem - ok
18:53:22.0436 0308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:53:22.0436 0308 monitor - ok
18:53:22.0468 0308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:53:22.0468 0308 mouclass - ok
18:53:22.0500 0308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:53:22.0501 0308 mouhid - ok
18:53:22.0513 0308 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:53:22.0514 0308 mountmgr - ok
18:53:22.0530 0308 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:53:22.0532 0308 mpio - ok
18:53:22.0544 0308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:53:22.0546 0308 mpsdrv - ok
18:53:22.0600 0308 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:53:22.0608 0308 MpsSvc - ok
18:53:22.0626 0308 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:53:22.0628 0308 MRxDAV - ok
18:53:22.0658 0308 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:22.0660 0308 mrxsmb - ok
18:53:22.0688 0308 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:22.0692 0308 mrxsmb10 - ok
18:53:22.0706 0308 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:22.0708 0308 mrxsmb20 - ok
18:53:22.0736 0308 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:53:22.0737 0308 msahci - ok
18:53:22.0752 0308 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:53:22.0754 0308 msdsm - ok
18:53:22.0773 0308 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:53:22.0776 0308 MSDTC - ok
18:53:22.0795 0308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:53:22.0796 0308 Msfs - ok
18:53:22.0811 0308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:53:22.0812 0308 mshidkmdf - ok
18:53:22.0826 0308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:53:22.0826 0308 msisadrv - ok
18:53:22.0847 0308 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:53:22.0850 0308 MSiSCSI - ok
18:53:22.0855 0308 msiserver - ok
18:53:22.0881 0308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:53:22.0882 0308 MSKSSRV - ok
18:53:22.0905 0308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:53:22.0906 0308 MSPCLOCK - ok
18:53:22.0923 0308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:53:22.0923 0308 MSPQM - ok
18:53:22.0943 0308 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:53:22.0946 0308 MsRPC - ok
18:53:22.0962 0308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:53:22.0963 0308 mssmbios - ok
18:53:22.0969 0308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:53:22.0970 0308 MSTEE - ok
18:53:22.0989 0308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:53:22.0989 0308 MTConfig - ok
18:53:23.0016 0308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:53:23.0017 0308 Mup - ok
18:53:23.0030 0308 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:53:23.0035 0308 napagent - ok
18:53:23.0066 0308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:53:23.0069 0308 NativeWifiP - ok
18:53:23.0111 0308 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:53:23.0114 0308 NDIS - ok
18:53:23.0140 0308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:53:23.0141 0308 NdisCap - ok
18:53:23.0159 0308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:53:23.0160 0308 NdisTapi - ok
18:53:23.0170 0308 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:53:23.0171 0308 Ndisuio - ok
18:53:23.0186 0308 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:53:23.0188 0308 NdisWan - ok
18:53:23.0201 0308 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:53:23.0202 0308 NDProxy - ok
18:53:23.0228 0308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:53:23.0229 0308 NetBIOS - ok
18:53:23.0249 0308 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:53:23.0252 0308 NetBT - ok
18:53:23.0282 0308 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:53:23.0283 0308 Netlogon - ok
18:53:23.0318 0308 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:53:23.0320 0308 Netman - ok
18:53:23.0339 0308 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:53:23.0344 0308 netprofm - ok
18:53:23.0386 0308 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:53:23.0387 0308 NetTcpPortSharing - ok
18:53:23.0401 0308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:53:23.0402 0308 nfrd960 - ok
18:53:23.0433 0308 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:53:23.0437 0308 NlaSvc - ok
18:53:23.0466 0308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:53:23.0467 0308 Npfs - ok
18:53:23.0480 0308 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:53:23.0481 0308 nsi - ok
18:53:23.0493 0308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:53:23.0494 0308 nsiproxy - ok
18:53:23.0532 0308 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
18:53:23.0539 0308 Ntfs - ok
18:53:23.0551 0308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:53:23.0551 0308 Null - ok
18:53:23.0566 0308 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
18:53:23.0568 0308 nvraid - ok
18:53:23.0580 0308 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
18:53:23.0582 0308 nvstor - ok
18:53:23.0595 0308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:53:23.0597 0308 nv_agp - ok
18:53:23.0685 0308 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:53:23.0689 0308 odserv - ok
18:53:23.0708 0308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:53:23.0709 0308 ohci1394 - ok
18:53:23.0748 0308 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:53:23.0750 0308 ose - ok
18:53:23.0777 0308 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:53:23.0781 0308 p2pimsvc - ok
18:53:23.0795 0308 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:53:23.0800 0308 p2psvc - ok
18:53:23.0811 0308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:53:23.0813 0308 Parport - ok
18:53:23.0825 0308 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:53:23.0826 0308 partmgr - ok
18:53:23.0841 0308 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:53:23.0844 0308 PcaSvc - ok
18:53:23.0858 0308 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:53:23.0860 0308 pci - ok
18:53:23.0871 0308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:53:23.0872 0308 pciide - ok
18:53:23.0896 0308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:53:23.0899 0308 pcmcia - ok
18:53:23.0917 0308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:53:23.0917 0308 pcw - ok
18:53:23.0938 0308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:53:23.0945 0308 PEAUTH - ok
18:53:23.0989 0308 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:53:24.0003 0308 PeerDistSvc - ok
18:53:24.0038 0308 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:53:24.0039 0308 PerfHost - ok
18:53:24.0070 0308 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:53:24.0088 0308 pla - ok
18:53:24.0132 0308 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:53:24.0137 0308 PlugPlay - ok
18:53:24.0146 0308 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:53:24.0147 0308 PNRPAutoReg - ok
18:53:24.0160 0308 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:53:24.0162 0308 PNRPsvc - ok
18:53:24.0183 0308 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:53:24.0189 0308 PolicyAgent - ok
18:53:24.0213 0308 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:53:24.0215 0308 Power - ok
18:53:24.0242 0308 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:53:24.0244 0308 PptpMiniport - ok
18:53:24.0262 0308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:53:24.0263 0308 Processor - ok
18:53:24.0280 0308 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:53:24.0283 0308 ProfSvc - ok
18:53:24.0315 0308 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:53:24.0316 0308 ProtectedStorage - ok
18:53:24.0332 0308 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:53:24.0333 0308 Psched - ok
18:53:24.0378 0308 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:53:24.0378 0308 PxHlpa64 - ok
18:53:24.0417 0308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:53:24.0431 0308 ql2300 - ok
18:53:24.0463 0308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:53:24.0464 0308 ql40xx - ok
18:53:24.0483 0308 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:53:24.0487 0308 QWAVE - ok
18:53:24.0501 0308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:53:24.0502 0308 QWAVEdrv - ok
18:53:24.0516 0308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:53:24.0516 0308 RasAcd - ok
18:53:24.0543 0308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:53:24.0544 0308 RasAgileVpn - ok
18:53:24.0554 0308 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:53:24.0556 0308 RasAuto - ok
18:53:24.0568 0308 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:53:24.0570 0308 Rasl2tp - ok
18:53:24.0585 0308 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:53:24.0589 0308 RasMan - ok
18:53:24.0606 0308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:53:24.0607 0308 RasPppoe - ok
18:53:24.0636 0308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:53:24.0637 0308 RasSstp - ok
18:53:24.0717 0308 rcp_service (b694467b0325267c8eabf04a71d53d99) C:\Program Files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe
18:53:24.0722 0308 rcp_service - ok
18:53:24.0740 0308 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:53:24.0743 0308 rdbss - ok
18:53:24.0752 0308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:53:24.0753 0308 rdpbus - ok
18:53:24.0762 0308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:53:24.0763 0308 RDPCDD - ok
18:53:24.0788 0308 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
18:53:24.0790 0308 RDPDR - ok
18:53:24.0817 0308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:53:24.0817 0308 RDPENCDD - ok
18:53:24.0832 0308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:53:24.0833 0308 RDPREFMP - ok
18:53:24.0863 0308 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
18:53:24.0864 0308 RDPWD - ok
18:53:24.0873 0308 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:53:24.0875 0308 rdyboost - ok
18:53:24.0915 0308 RemoteAccess - ok
18:53:24.0932 0308 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:53:24.0933 0308 RemoteRegistry - ok
18:53:24.0947 0308 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:53:24.0949 0308 RpcEptMapper - ok
18:53:24.0970 0308 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:53:24.0971 0308 RpcLocator - ok
18:53:24.0988 0308 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:53:24.0991 0308 RpcSs - ok
18:53:25.0015 0308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:53:25.0017 0308 rspndr - ok
18:53:25.0057 0308 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:53:25.0059 0308 RTL8167 - ok
18:53:25.0070 0308 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
18:53:25.0070 0308 s3cap - ok
18:53:25.0098 0308 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:53:25.0099 0308 SamSs - ok
18:53:25.0113 0308 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:53:25.0115 0308 sbp2port - ok
18:53:25.0212 0308 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:53:25.0218 0308 SBSDWSCService - ok
18:53:25.0233 0308 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:53:25.0236 0308 SCardSvr - ok
18:53:25.0243 0308 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:53:25.0244 0308 scfilter - ok
18:53:25.0290 0308 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:53:25.0296 0308 Schedule - ok
18:53:25.0314 0308 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:53:25.0314 0308 SCPolicySvc - ok
18:53:25.0327 0308 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:53:25.0330 0308 SDRSVC - ok
18:53:25.0353 0308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:53:25.0354 0308 secdrv - ok
18:53:25.0364 0308 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:53:25.0366 0308 seclogon - ok
18:53:25.0379 0308 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:53:25.0381 0308 SENS - ok
18:53:25.0391 0308 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:53:25.0392 0308 SensrSvc - ok
18:53:25.0409 0308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:53:25.0409 0308 Serenum - ok
18:53:25.0425 0308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:53:25.0427 0308 Serial - ok
18:53:25.0433 0308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:53:25.0434 0308 sermouse - ok
18:53:25.0456 0308 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:53:25.0458 0308 SessionEnv - ok
18:53:25.0465 0308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:53:25.0466 0308 sffdisk - ok
18:53:25.0473 0308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:53:25.0474 0308 sffp_mmc - ok
18:53:25.0482 0308 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:53:25.0483 0308 sffp_sd - ok
18:53:25.0490 0308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:53:25.0491 0308 sfloppy - ok
18:53:25.0520 0308 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:53:25.0524 0308 SharedAccess - ok
18:53:25.0546 0308 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:53:25.0549 0308 ShellHWDetection - ok
18:53:25.0565 0308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:53:25.0565 0308 SiSRaid2 - ok
18:53:25.0578 0308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:53:25.0579 0308 SiSRaid4 - ok
18:53:25.0596 0308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:53:25.0597 0308 Smb - ok
18:53:25.0618 0308 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:53:25.0620 0308 SNMPTRAP - ok
18:53:25.0631 0308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:53:25.0631 0308 spldr - ok
18:53:25.0663 0308 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:53:25.0667 0308 Spooler - ok
18:53:25.0723 0308 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:53:25.0773 0308 sppsvc - ok
18:53:25.0796 0308 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:53:25.0798 0308 sppuinotify - ok
18:53:25.0847 0308 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:53:25.0851 0308 srv - ok
18:53:25.0865 0308 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:53:25.0869 0308 srv2 - ok
18:53:25.0897 0308 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:53:25.0898 0308 srvnet - ok
18:53:25.0909 0308 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:53:25.0911 0308 SSDPSRV - ok
18:53:25.0923 0308 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:53:25.0925 0308 SstpSvc - ok
18:53:25.0990 0308 Steam Client Service - ok
18:53:26.0017 0308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:53:26.0018 0308 stexstor - ok
18:53:26.0044 0308 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:53:26.0051 0308 stisvc - ok
18:53:26.0073 0308 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:53:26.0073 0308 storflt - ok
18:53:26.0086 0308 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
18:53:26.0087 0308 storvsc - ok
18:53:26.0104 0308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:53:26.0105 0308 swenum - ok
18:53:26.0172 0308 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:53:26.0174 0308 SwitchBoard - ok
18:53:26.0191 0308 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:53:26.0197 0308 swprv - ok
18:53:26.0231 0308 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:53:26.0253 0308 SysMain - ok
18:53:26.0268 0308 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
18:53:26.0271 0308 TabletInputService - ok
18:53:26.0289 0308 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:53:26.0291 0308 TapiSrv - ok
18:53:26.0304 0308 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:53:26.0306 0308 TBS - ok
18:53:26.0359 0308 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:53:26.0366 0308 Tcpip - ok
18:53:26.0415 0308 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:53:26.0423 0308 TCPIP6 - ok
18:53:26.0436 0308 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:53:26.0436 0308 tcpipreg - ok
18:53:26.0453 0308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:53:26.0454 0308 TDPIPE - ok
18:53:26.0480 0308 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:53:26.0481 0308 TDTCP - ok
18:53:26.0497 0308 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:53:26.0497 0308 tdx - ok
18:53:26.0513 0308 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:53:26.0513 0308 TermDD - ok
18:53:26.0531 0308 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:53:26.0536 0308 TermService - ok
18:53:26.0552 0308 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:53:26.0553 0308 Themes - ok
18:53:26.0578 0308 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:53:26.0580 0308 THREADORDER - ok
18:53:26.0635 0308 TipCtrl - ok
18:53:26.0650 0308 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:53:26.0652 0308 TrkWks - ok
18:53:26.0668 0308 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:53:26.0668 0308 TrustedInstaller - ok
18:53:26.0681 0308 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:53:26.0682 0308 tssecsrv - ok
18:53:26.0710 0308 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:53:26.0711 0308 tunnel - ok
18:53:26.0742 0308 tvMobiliService - ok
18:53:26.0755 0308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:53:26.0756 0308 uagp35 - ok
18:53:26.0777 0308 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:53:26.0780 0308 udfs - ok
18:53:26.0797 0308 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:53:26.0799 0308 UI0Detect - ok
18:53:26.0806 0308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:53:26.0807 0308 uliagpkx - ok
18:53:26.0838 0308 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:53:26.0839 0308 umbus - ok
18:53:26.0846 0308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:53:26.0846 0308 UmPass - ok
18:53:26.0871 0308 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
18:53:26.0874 0308 UmRdpService - ok
18:53:27.0006 0308 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:53:27.0011 0308 UMVPFSrv - ok
18:53:27.0029 0308 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:53:27.0034 0308 upnphost - ok
18:53:27.0070 0308 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
18:53:27.0071 0308 USBAAPL64 - ok
18:53:27.0105 0308 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:53:27.0107 0308 usbaudio - ok
18:53:27.0124 0308 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
18:53:27.0125 0308 usbccgp - ok
18:53:27.0140 0308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:53:27.0141 0308 usbcir - ok
18:53:27.0155 0308 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:53:27.0156 0308 usbehci - ok
18:53:27.0194 0308 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
18:53:27.0198 0308 usbhub - ok
18:53:27.0214 0308 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:53:27.0215 0308 usbohci - ok
18:53:27.0251 0308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:53:27.0253 0308 usbprint - ok
18:53:27.0285 0308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:53:27.0285 0308 usbscan - ok
18:53:27.0302 0308 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:53:27.0303 0308 USBSTOR - ok
18:53:27.0314 0308 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:53:27.0315 0308 usbuhci - ok
18:53:27.0341 0308 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
18:53:27.0343 0308 usbvideo - ok
18:53:27.0362 0308 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:53:27.0364 0308 UxSms - ok
18:53:27.0398 0308 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:53:27.0399 0308 VaultSvc - ok
18:53:27.0434 0308 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
18:53:27.0434 0308 VClone - ok
18:53:27.0457 0308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:53:27.0457 0308 vdrvroot - ok
18:53:27.0477 0308 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:53:27.0483 0308 vds - ok
18:53:27.0498 0308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:53:27.0499 0308 vga - ok
18:53:27.0518 0308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:53:27.0519 0308 VgaSave - ok
18:53:27.0527 0308 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:53:27.0530 0308 vhdmp - ok
18:53:27.0545 0308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:53:27.0546 0308 viaide - ok
18:53:27.0564 0308 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
18:53:27.0567 0308 vmbus - ok
18:53:27.0582 0308 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:53:27.0583 0308 VMBusHID - ok
18:53:27.0594 0308 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:53:27.0595 0308 volmgr - ok
18:53:27.0610 0308 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:53:27.0614 0308 volmgrx - ok
18:53:27.0627 0308 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:53:27.0630 0308 volsnap - ok
18:53:27.0650 0308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:53:27.0652 0308 vsmraid - ok
18:53:27.0687 0308 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:53:27.0709 0308 VSS - ok
18:53:27.0730 0308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:53:27.0730 0308 vwifibus - ok
18:53:27.0746 0308 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:53:27.0750 0308 W32Time - ok
18:53:27.0762 0308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:53:27.0763 0308 WacomPen - ok
18:53:27.0796 0308 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:53:27.0798 0308 WANARP - ok
18:53:27.0810 0308 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:53:27.0810 0308 Wanarpv6 - ok
18:53:27.0883 0308 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:53:27.0895 0308 WatAdminSvc - ok
18:53:27.0928 0308 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:53:27.0943 0308 wbengine - ok
18:53:27.0961 0308 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:53:27.0964 0308 WbioSrvc - ok
18:53:27.0981 0308 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
18:53:27.0985 0308 wcncsvc - ok
18:53:27.0999 0308 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:53:28.0001 0308 WcsPlugInService - ok
18:53:28.0016 0308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:53:28.0017 0308 Wd - ok
18:53:28.0036 0308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:53:28.0042 0308 Wdf01000 - ok
18:53:28.0055 0308 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:53:28.0058 0308 WdiServiceHost - ok
18:53:28.0060 0308 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:53:28.0061 0308 WdiSystemHost - ok
18:53:28.0078 0308 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
18:53:28.0081 0308 WebClient - ok
18:53:28.0100 0308 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:53:28.0104 0308 Wecsvc - ok
18:53:28.0117 0308 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:53:28.0119 0308 wercplsupport - ok
18:53:28.0147 0308 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:53:28.0149 0308 WerSvc - ok
18:53:28.0180 0308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:53:28.0180 0308 WfpLwf - ok
18:53:28.0196 0308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:53:28.0196 0308 WIMMount - ok
18:53:28.0210 0308 WinDefend - ok
18:53:28.0214 0308 WinHttpAutoProxySvc - ok
18:53:28.0257 0308 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:53:28.0260 0308 Winmgmt - ok
18:53:28.0301 0308 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:53:28.0332 0308 WinRM - ok
18:53:28.0391 0308 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:53:28.0392 0308 WinUsb - ok
18:53:28.0415 0308 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:53:28.0424 0308 Wlansvc - ok
18:53:28.0434 0308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:53:28.0434 0308 WmiAcpi - ok
18:53:28.0446 0308 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:53:28.0448 0308 wmiApSrv - ok
18:53:28.0450 0308 WMPNetworkSvc - ok
18:53:28.0486 0308 WmUsbHid (5f22132c9153639762708909f156b33d) C:\Windows\system32\nimxdfk.dll
18:53:28.0487 0308 WmUsbHid ( Backdoor.Multi.ZAccess.gen ) - infected
18:53:28.0487 0308 WmUsbHid - detected Backdoor.Multi.ZAccess.gen (0)
18:53:28.0494 0308 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:53:28.0496 0308 WPCSvc - ok
18:53:28.0510 0308 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:53:28.0512 0308 WPDBusEnum - ok
18:53:28.0522 0308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:53:28.0523 0308 ws2ifsl - ok
18:53:28.0574 0308 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:53:28.0576 0308 wscsvc - ok
18:53:28.0582 0308 WSearch - ok
18:53:28.0627 0308 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:53:28.0658 0308 wuauserv - ok
18:53:28.0675 0308 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:53:28.0677 0308 WudfPf - ok
18:53:28.0712 0308 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:53:28.0714 0308 WUDFRd - ok
18:53:28.0730 0308 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:53:28.0733 0308 wudfsvc - ok
18:53:28.0753 0308 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:53:28.0757 0308 WwanSvc - ok
18:53:28.0773 0308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:53:28.0791 0308 \Device\Harddisk0\DR0 - ok
18:53:28.0805 0308 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:53:28.0966 0308 \Device\Harddisk1\DR1 - ok
18:53:28.0969 0308 Boot (0x1200) (0fa4723dcfe48ce8a2b6d24702fee28d) \Device\Harddisk0\DR0\Partition0
18:53:28.0970 0308 \Device\Harddisk0\DR0\Partition0 - ok
18:53:28.0972 0308 Boot (0x1200) (d153c154932ae1b26dfaa072842cb049) \Device\Harddisk0\DR0\Partition1
18:53:28.0973 0308 \Device\Harddisk0\DR0\Partition1 - ok
18:53:28.0976 0308 Boot (0x1200) (94eb0a0e9f254a86fd69d81d81f572a6) \Device\Harddisk1\DR1\Partition0
18:53:28.0976 0308 \Device\Harddisk1\DR1\Partition0 - ok
18:53:28.0990 0308 Boot (0x1200) (03c78248cdf7b2b338b4642bfaf81ded) \Device\Harddisk1\DR1\Partition1
18:53:28.0991 0308 \Device\Harddisk1\DR1\Partition1 - ok
18:53:28.0991 0308 ============================================================
18:53:28.0991 0308 Scan finished
18:53:28.0991 0308 ============================================================
18:53:28.0997 1940 Detected object count: 1
18:53:28.0997 1940 Actual detected object count: 1
18:53:33.0488 1940 C:\Windows\system32\nimxdfk.dll - copied to quarantine
18:53:33.0488 1940 HKLM\SYSTEM\ControlSet001\services\WmUsbHid - will be deleted on reboot
18:53:33.0516 1940 HKLM\SYSTEM\ControlSet002\services\WmUsbHid - will be deleted on reboot
18:53:33.0600 1940 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
18:53:33.0644 1940 C:\Windows\system32\nimxdfk.dll - will be deleted on reboot
18:53:33.0644 1940 WmUsbHid ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
18:53:52.0063 4024 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 19 April 2012 - 09:43 PM

go ahead and run frst for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 claws.33

claws.33
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 20 April 2012 - 07:00 PM

Things definitely seemed like they were getting better before having to do system restore. I have already had popups and redirects as soon as opening the browser.

Scan result of Farbar Recovery Scan Tool Version: 19-04-2012
Ran by Wildcat at 20-04-2012 16:57:42
Running from C:\Users\Wildcat\Downloads
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

Attention: The tool is not run from recovery environment and will not function properly.

========================== Registry (Whitelisted) =============

HKU\Patrick\...\Run: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui none [198144 2011-05-02] (YouSendIt)
HKU\Patrick\...\Run: [Akamai NetSession Interface] "C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-03-13] (Akamai Technologies, Inc)
HKU\Patrick\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Patrick\...\Policies\system: [LogonHoursAction] 2
HKU\Patrick\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-20 16:57 - 2012-04-20 16:57 - 0065536 __ASH C:\Windows\System32\config\components{0b4db367-8b44-11e1-82e9-90e6ba431056}.TxR.blf
2012-04-20 16:57 - 2009-07-13 22:08 - 0000000 ____D C:\FRST
2012-04-20 16:56 - 2012-03-24 12:39 - 1387095 ____A C:\Users\Wildcat\Downloads\FRST64.exe
2012-04-19 19:32 - 2012-04-19 19:39 - 0000000 ____D C:\Windows\system64
2012-04-19 18:52 - 2012-04-18 19:30 - 0126778 ____A C:\TDSSKiller.2.7.29.0_19.04.2012_18.52.59_log.txt
2012-04-19 18:33 - 2012-04-19 20:12 - 0027131 ____A C:\ComboFix.txt
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-19 18:21 - 2009-07-13 19:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-19 18:21 - 2009-07-13 19:34 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-19 18:21 - 2009-07-13 19:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-19 18:21 - 2009-07-13 19:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-19 18:21 - 2009-07-13 19:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-19 18:02 - 2012-02-13 23:11 - 0208896 ____A C:\Windows\MBR.exe
2012-04-19 18:02 - 2011-12-02 17:49 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-19 18:02 - 2010-08-05 18:42 - 0000000 ___SD C:\ComboFix
2012-04-19 18:02 - 2010-01-25 16:48 - 0000000 ____D C:\Windows\ERDNT
2012-04-19 18:02 - 2009-07-14 00:50 - 0080412 ____A C:\Windows\grep.exe
2012-04-19 18:02 - 2009-07-14 00:46 - 0098816 ____A C:\Windows\sed.exe
2012-04-19 18:02 - 2009-07-13 22:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-19 18:02 - 2009-07-13 18:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-19 18:02 - 2009-06-10 13:36 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-19 18:02 - 2000-08-30 17:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-19 18:01 - 2011-05-07 20:32 - 0000000 ___AD C:\Qoobox
2012-04-19 18:01 - 2010-04-05 22:43 - 4468852 ____R (Swearware) C:\Users\Wildcat\Downloads\ComboFix.exe
2012-04-18 22:48 - 2012-04-01 15:12 - 0879714 ____A C:\Users\Wildcat\Desktop\SecurityCheck.exe
2012-04-18 22:48 - 2010-01-17 20:20 - 0000000 ____A C:\Users\Wildcat\defogger_reenable
2012-04-18 22:47 - 2012-04-20 16:57 - 0004894 ____A C:\Users\Wildcat\Downloads\gmer log.log
2012-04-18 22:47 - 2012-04-18 19:40 - 0050477 ____A C:\Users\Wildcat\Downloads\Defogger.exe
2012-04-18 19:41 - 2012-01-08 18:30 - 0008486 ____A C:\Users\Wildcat\Downloads\Attach.txt
2012-04-18 19:40 - 2012-04-18 19:37 - 0022821 ____A C:\Users\Wildcat\Downloads\DDS.txt
2012-04-18 19:37 - 2012-01-19 20:43 - 0607260 ____R (Swearware) C:\Users\Wildcat\Downloads\dds.scr
2012-04-18 19:36 - 2011-12-02 19:59 - 0302592 ____A C:\Users\Wildcat\Downloads\r88f1pcj.exe
2012-04-18 19:30 - 2012-02-28 19:25 - 0002254 ____A C:\Users\Wildcat\Desktop\eula.txt
2012-04-18 19:30 - 2011-12-28 14:00 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\Wildcat\Desktop\TDSSKiller.exe
2012-04-18 19:29 - 2012-04-18 19:06 - 0125064 ____A C:\TDSSKiller.2.7.29.0_18.04.2012_19.29.27_log.txt
2012-04-18 19:05 - 2012-04-10 16:13 - 2052792 ____A C:\Users\Wildcat\Downloads\tdsskiller.zip
2012-04-18 19:05 - 2012-04-01 17:01 - 0125298 ____A C:\TDSSKiller.2.7.29.0_18.04.2012_19.05.27_log.txt
2012-04-16 21:51 - 2011-06-20 19:40 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\PDAppFlex
2012-04-10 19:20 - 2012-02-28 00:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-10 19:20 - 2012-02-27 23:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-10 19:20 - 2012-02-27 23:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-10 19:20 - 2012-02-27 23:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-10 19:20 - 2012-02-27 23:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-10 19:20 - 2012-02-27 18:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-10 19:20 - 2012-02-27 18:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-10 19:20 - 2012-02-27 18:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-10 19:20 - 2012-02-27 18:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-10 19:20 - 2012-02-27 18:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-10 19:20 - 2012-02-13 23:11 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-10 19:20 - 2012-02-13 23:11 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-10 19:20 - 2012-02-13 23:11 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-10 19:20 - 2012-02-13 23:11 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-10 19:20 - 2012-02-13 23:11 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-10 19:20 - 2012-02-13 23:11 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-10 19:20 - 2012-02-13 23:11 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-10 19:20 - 2012-02-13 23:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-10 19:20 - 2011-05-02 22:21 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-10 19:20 - 2011-05-02 21:50 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-10 19:20 - 2009-07-13 18:41 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-10 19:20 - 2009-07-13 18:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-10 19:20 - 2009-07-13 18:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-10 19:20 - 2009-07-13 18:16 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-10 19:20 - 2009-07-13 18:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-10 19:20 - 2009-07-13 18:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-10 19:18 - 2009-07-13 18:47 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-10 19:18 - 2009-07-13 18:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-10 19:18 - 2009-07-13 18:38 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-10 19:18 - 2009-07-13 18:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-10 19:18 - 2009-07-13 18:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-10 19:18 - 2009-07-13 18:14 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-10 19:18 - 2009-07-13 18:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-10 17:30 - 2012-03-19 18:26 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Xilisoft
2012-04-10 17:21 - 2012-02-10 16:13 - 0001579 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-04-10 16:59 - 2012-04-10 16:59 - 0000446 ____A C:\Windows\SysWOW64\mqrdim.ocx
2012-04-10 16:59 - 2011-12-16 19:20 - 0001261 ____A C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2012-04-10 16:59 - 2011-05-01 21:47 - 0000000 ____D C:\Program Files (x86)\Xilisoft
2012-04-10 16:59 - 2010-03-03 21:38 - 0000000 ____D C:\Users\All Users\Xilisoft
2012-04-10 16:59 - 2010-03-03 21:38 - 0000000 ____D C:\ProgramData\Xilisoft
2012-04-10 16:59 - 2009-07-13 18:15 - 1790464 ____A C:\Windows\SysWOW64\mqrdim.dll
2012-04-10 16:25 - 2012-03-20 17:21 - 63920304 ____A C:\Users\Wildcat\Desktop\AttheConsole.psd
2012-04-10 16:17 - 2011-11-17 18:26 - 1904598 ____A C:\Users\Wildcat\Downloads\ye_olde_tardis_by_chinquixwolf-d3adayh.jpg
2012-04-10 16:15 - 2012-01-06 18:37 - 2287363 ____A C:\Users\Wildcat\Downloads\TardisConsole.jpg
2012-04-10 16:13 - 2012-04-10 16:15 - 0652856 ____A C:\Users\Wildcat\Downloads\tardisint01.jpg
2012-04-10 16:04 - 2012-04-19 19:44 - 0000000 ____D C:\Users\Wildcat\AppData\Local\Logitech® Webcam Software
2012-04-10 16:04 - 2010-11-26 12:25 - 0001119 ____A C:\Users\Wildcat\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2012-04-10 16:04 - 2010-11-26 12:25 - 0001119 ____A C:\Users\Wildcat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2012-04-09 23:08 - 2011-04-30 15:28 - 0000000 ____D C:\Users\Patrick\AppData\Roaming\RCP 5
2012-04-06 11:44 - 2011-04-05 09:18 - 6652976 ____A (Applian Technologies Inc.) C:\Users\Patrick\Downloads\FCTBSetup.exe
2012-04-06 11:31 - 2012-04-17 20:01 - 0000000 ____D C:\Users\Patrick\AppData\Local\Logitech® Webcam Software
2012-04-06 11:31 - 2011-08-09 17:49 - 38496624 ____A (Apple Inc.) C:\Users\Patrick\Downloads\SafariSetup.exe
2012-04-01 21:27 - 2011-05-17 18:44 - 0000000 ____D C:\Users\All Users\LogiShrd
2012-04-01 21:27 - 2011-05-17 18:44 - 0000000 ____D C:\ProgramData\LogiShrd
2012-04-01 21:24 - 2011-12-21 18:02 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Leadertech
2012-04-01 21:23 - 2012-04-01 21:27 - 0000000 ____D C:\Users\All Users\Logitech
2012-04-01 21:23 - 2012-04-01 21:27 - 0000000 ____D C:\ProgramData\Logitech
2012-04-01 21:23 - 2011-11-16 18:40 - 0012395 ____A C:\Windows\System32\lvcoinst.log
2012-04-01 21:23 - 2010-01-29 19:06 - 0000000 ____D C:\Program Files\Common Files\logishrd
2012-04-01 21:23 - 2009-07-13 22:32 - 0008659 ____A C:\Windows\LDPINST.LOG
2012-04-01 21:22 - 2011-12-01 19:01 - 0000000 ____D C:\Program Files (x86)\Logitech
2012-04-01 21:22 - 2009-07-13 21:54 - 0001631 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-04-01 17:33 - 2011-11-08 21:48 - 0302592 ____A C:\Users\Wildcat\Downloads\8l4mbyl4.exe
2012-04-01 17:00 - 2012-04-19 18:53 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-01 16:59 - 2012-04-19 19:38 - 0125348 ____A C:\TDSSKiller.2.7.23.0_01.04.2012_16.59.59_log.txt
2012-03-25 15:40 - 2012-03-23 16:30 - 0010782 ____A C:\Users\Patrick\Downloads\Mar Post Card.docx
2012-03-24 12:39 - 2010-08-04 17:25 - 0363573 ____A C:\Users\Wildcat\Downloads\DSCF1434 RT LR.jpg
2012-03-24 12:31 - 2006-10-24 13:18 - 0000000 ____D C:\Users\Wildcat\Desktop\daa2iso
2012-03-24 12:21 - 2011-03-20 19:35 - 0000000 ____D C:\Users\Wildcat\AppData\Local\ElevatedDiagnostics
2012-03-24 10:25 - 2012-04-03 19:36 - 0001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-24 10:23 - 2012-01-17 23:44 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-23 16:30 - 2011-10-25 15:32 - 0010767 ____A C:\Users\Patrick\Downloads\Test Post Card.docx
2012-03-23 16:04 - 2012-04-06 11:44 - 0010776 ____A C:\Users\Patrick\Downloads\Feb Post Card.docx
2012-03-22 13:12 - 2012-03-22 10:38 - 0010363 ____A C:\Users\Patrick\Documents\Contact fulfillment.docx
2012-03-22 10:31 - 2011-04-28 19:09 - 0024896 ____A C:\Users\Patrick\Documents\Conor's Deposit Invoice.docx
2012-03-21 19:55 - 2012-03-21 19:55 - 0039249 ____A C:\Users\Wildcat\Downloads\0P000094386-1332385188-ca_8453OL.pdf
2012-03-21 19:55 - 2010-04-01 19:06 - 0036513 ____A C:\Users\Wildcat\Downloads\0P000094386-1332385178-ca_3582.pdf
2012-03-21 19:49 - 2008-10-24 17:49 - 0039249 ____A C:\Users\Wildcat\Desktop\ca_8453OL 2011.pdf


============ 3 Months Modified Files and Folders =============

2012-04-20 16:57 - 2012-04-20 16:57 - 0065536 __ASH C:\Windows\System32\config\components{0b4db367-8b44-11e1-82e9-90e6ba431056}.TxR.blf
2012-04-20 16:57 - 2012-04-20 16:57 - 0000000 ____D C:\FRST
2012-04-20 16:57 - 2012-04-20 16:56 - 1387095 ____A C:\Users\Wildcat\Downloads\FRST64.exe
2012-04-20 16:57 - 2010-01-17 19:53 - 1188895 ____A C:\Windows\WindowsUpdate.log
2012-04-20 16:55 - 2011-02-22 00:11 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-20 16:55 - 2010-01-17 22:14 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\uTorrent
2012-04-20 16:54 - 2012-02-07 18:01 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-20 16:53 - 2011-12-29 23:20 - 0000000 ____D C:\Users\All Users\TVMOBiLi
2012-04-20 16:53 - 2011-12-29 23:20 - 0000000 ____D C:\ProgramData\TVMOBiLi
2012-04-20 16:53 - 2010-01-17 19:39 - 2683707392 __ASH C:\hiberfil.sys
2012-04-20 16:53 - 2009-07-13 22:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-20 16:53 - 2009-07-13 21:51 - 0031789 ____A C:\Windows\setupact.log
2012-04-19 20:12 - 2012-04-19 18:02 - 0000000 ___SD C:\ComboFix
2012-04-19 20:12 - 2012-04-19 18:02 - 0000000 ____D C:\Windows\ERDNT
2012-04-19 20:12 - 2011-04-05 09:18 - 0000000 ____D C:\users\Patrick
2012-04-19 20:12 - 2010-10-11 23:20 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-19 20:12 - 2010-10-11 23:20 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-19 20:12 - 2010-01-17 20:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-19 20:12 - 2009-07-13 20:18 - 0000000 __SHD C:\$Recycle.Bin
2012-04-19 20:11 - 2009-07-13 20:20 - 0000000 __RHD C:\users\Default
2012-04-19 20:11 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\registration
2012-04-19 19:42 - 2010-06-14 16:53 - 0000000 ____D C:\Users\Wildcat\AppData\Local\Adobe
2012-04-19 19:40 - 2009-07-13 21:45 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-19 19:40 - 2009-07-13 21:45 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-19 19:39 - 2009-07-13 22:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-19 19:33 - 2010-01-17 20:20 - 0000000 ____D C:\users\Wildcat
2012-04-19 19:32 - 2012-04-19 19:32 - 0000000 ____D C:\Windows\system64
2012-04-19 19:32 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-19 18:53 - 2012-04-19 18:52 - 0126778 ____A C:\TDSSKiller.2.7.29.0_19.04.2012_18.52.59_log.txt
2012-04-19 18:33 - 2012-04-19 18:33 - 0027131 ____A C:\ComboFix.txt
2012-04-19 18:33 - 2012-04-19 18:01 - 0000000 ___AD C:\Qoobox
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-19 18:21 - 2012-04-19 18:21 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-19 18:21 - 2009-07-13 19:34 - 80740352 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-19 18:21 - 2009-07-13 19:34 - 4980736 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-19 18:21 - 2009-07-13 19:34 - 15990784 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-19 18:21 - 2009-07-13 19:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-19 18:21 - 2009-07-13 19:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-19 18:01 - 2012-04-19 18:01 - 4468852 ____R (Swearware) C:\Users\Wildcat\Downloads\ComboFix.exe
2012-04-18 22:48 - 2012-04-18 22:48 - 0879714 ____A C:\Users\Wildcat\Desktop\SecurityCheck.exe
2012-04-18 22:48 - 2012-04-18 22:48 - 0000000 ____A C:\Users\Wildcat\defogger_reenable
2012-04-18 22:47 - 2012-04-18 22:47 - 0050477 ____A C:\Users\Wildcat\Downloads\Defogger.exe
2012-04-18 22:47 - 2012-04-18 22:47 - 0004894 ____A C:\Users\Wildcat\Downloads\gmer log.log
2012-04-18 22:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At46.job
2012-04-18 22:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At45.job
2012-04-18 22:13 - 2011-02-16 15:54 - 0000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594381243-1643902856-3051444525-1001UA.job
2012-04-18 22:13 - 2011-02-16 15:54 - 0000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594381243-1643902856-3051444525-1001Core.job
2012-04-18 21:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At44.job
2012-04-18 21:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At43.job
2012-04-18 20:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At42.job
2012-04-18 20:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At41.job
2012-04-18 19:41 - 2012-04-18 19:41 - 0008486 ____A C:\Users\Wildcat\Downloads\Attach.txt
2012-04-18 19:40 - 2012-04-18 19:40 - 0022821 ____A C:\Users\Wildcat\Downloads\DDS.txt
2012-04-18 19:37 - 2012-04-18 19:37 - 0607260 ____R (Swearware) C:\Users\Wildcat\Downloads\dds.scr
2012-04-18 19:36 - 2012-04-18 19:36 - 0302592 ____A C:\Users\Wildcat\Downloads\r88f1pcj.exe
2012-04-18 19:30 - 2012-04-18 19:29 - 0125064 ____A C:\TDSSKiller.2.7.29.0_18.04.2012_19.29.27_log.txt
2012-04-18 19:29 - 2012-04-18 19:05 - 2052792 ____A C:\Users\Wildcat\Downloads\tdsskiller.zip
2012-04-18 19:29 - 2012-04-01 17:00 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-18 19:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At40.job
2012-04-18 19:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At39.job
2012-04-18 19:06 - 2012-04-18 19:05 - 0125298 ____A C:\TDSSKiller.2.7.29.0_18.04.2012_19.05.27_log.txt
2012-04-18 16:45 - 2012-04-18 19:30 - 2072112 ____A (Kaspersky Lab ZAO) C:\Users\Wildcat\Desktop\TDSSKiller.exe
2012-04-17 18:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At38.job
2012-04-17 18:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At37.job
2012-04-17 17:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At36.job
2012-04-17 17:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At35.job
2012-04-17 16:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At34.job
2012-04-17 16:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At33.job
2012-04-17 15:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At32.job
2012-04-17 15:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At31.job
2012-04-17 14:51 - 2011-04-10 23:16 - 0118080 ____A C:\Users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-17 14:51 - 2011-04-08 20:52 - 0000000 ____D C:\Users\Patrick\AppData\Roaming\Adobe
2012-04-17 14:50 - 2009-07-13 21:45 - 5062832 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-16 21:57 - 2009-07-13 19:34 - 0443243 ___RA C:\Windows\System32\Drivers\etc\hosts
2012-04-16 21:51 - 2012-04-16 21:51 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\PDAppFlex
2012-04-16 21:51 - 2010-07-02 09:42 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-16 21:51 - 2010-07-02 09:42 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-04-16 21:51 - 2010-01-17 21:36 - 0118080 ____A C:\Users\Wildcat\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-16 21:49 - 2010-03-14 23:54 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-04-16 21:48 - 2010-06-14 16:52 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Adobe
2012-04-16 21:48 - 2010-03-15 18:48 - 0000000 ____D C:\Program Files\Adobe
2012-04-16 21:48 - 2010-01-17 21:49 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-16 21:47 - 2010-01-17 21:49 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-16 21:47 - 2010-01-17 21:49 - 0000000 ____D C:\ProgramData\Adobe
2012-04-16 21:17 - 2011-04-05 09:18 - 0000000 ____D C:\Users\Patrick\AppData\LocalLow
2012-04-16 21:17 - 2010-01-17 20:20 - 0000000 ____D C:\Users\Wildcat\AppData\LocalLow
2012-04-16 21:00 - 2011-06-05 11:46 - 0000000 ____D C:\Users\Wildcat\Documents\Website Notes
2012-04-11 23:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At48.job
2012-04-11 23:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At47.job
2012-04-11 20:56 - 2012-04-10 16:25 - 63920304 ____A C:\Users\Wildcat\Desktop\AttheConsole.psd
2012-04-11 19:39 - 2010-01-17 20:24 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Mozilla
2012-04-11 09:55 - 2011-12-16 21:55 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-10 19:20 - 2010-01-25 14:52 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-10 19:20 - 2010-01-25 14:52 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-10 19:18 - 2010-01-28 19:31 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-10 19:17 - 2012-03-24 10:25 - 0001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-10 17:30 - 2012-04-10 17:30 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Xilisoft
2012-04-10 17:29 - 2012-04-10 17:21 - 0001579 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-04-10 16:59 - 2012-04-10 16:59 - 1790464 ____A C:\Windows\SysWOW64\mqrdim.dll
2012-04-10 16:59 - 2012-04-10 16:59 - 0001261 ____A C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2012-04-10 16:59 - 2012-04-10 16:59 - 0000446 ____A C:\Windows\SysWOW64\mqrdim.ocx
2012-04-10 16:59 - 2012-04-10 16:59 - 0000000 ____D C:\Users\All Users\Xilisoft
2012-04-10 16:59 - 2012-04-10 16:59 - 0000000 ____D C:\ProgramData\Xilisoft
2012-04-10 16:59 - 2012-04-10 16:59 - 0000000 ____D C:\Program Files (x86)\Xilisoft
2012-04-10 16:17 - 2012-04-10 16:17 - 1904598 ____A C:\Users\Wildcat\Downloads\ye_olde_tardis_by_chinquixwolf-d3adayh.jpg
2012-04-10 16:17 - 2012-01-12 20:09 - 0064512 __ASH C:\Users\Wildcat\Documents\Thumbs.db
2012-04-10 16:15 - 2012-04-10 16:15 - 2287363 ____A C:\Users\Wildcat\Downloads\TardisConsole.jpg
2012-04-10 16:13 - 2012-04-10 16:13 - 0652856 ____A C:\Users\Wildcat\Downloads\tardisint01.jpg
2012-04-10 16:04 - 2012-04-10 16:04 - 0001119 ____A C:\Users\Wildcat\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2012-04-10 16:04 - 2012-04-10 16:04 - 0001119 ____A C:\Users\Wildcat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2012-04-10 16:04 - 2012-04-10 16:04 - 0000000 ____D C:\Users\Wildcat\AppData\Local\Logitech® Webcam Software
2012-04-09 23:08 - 2012-04-09 23:08 - 0000000 ____D C:\Users\Patrick\AppData\Roaming\RCP 5
2012-04-07 14:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At30.job
2012-04-07 14:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At29.job
2012-04-06 13:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At28.job
2012-04-06 13:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At27.job
2012-04-06 11:44 - 2012-04-06 11:44 - 6652976 ____A (Applian Technologies Inc.) C:\Users\Patrick\Downloads\FCTBSetup.exe
2012-04-06 11:32 - 2012-04-06 11:31 - 38496624 ____A (Apple Inc.) C:\Users\Patrick\Downloads\SafariSetup.exe
2012-04-06 11:31 - 2012-04-06 11:31 - 0000000 ____D C:\Users\Patrick\AppData\Local\Logitech® Webcam Software
2012-04-04 15:56 - 2012-03-24 10:23 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 19:37 - 2012-04-01 21:23 - 0012395 ____A C:\Windows\System32\lvcoinst.log
2012-04-03 19:37 - 2012-04-01 21:23 - 0008659 ____A C:\Windows\LDPINST.LOG
2012-04-03 19:37 - 2012-04-01 21:23 - 0000000 ____D C:\Program Files\Common Files\logishrd
2012-04-03 19:36 - 2012-04-01 21:22 - 0001631 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-04-01 23:23 - 2011-02-19 23:12 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Skype
2012-04-01 21:27 - 2012-04-01 21:27 - 0000000 ____D C:\Users\All Users\LogiShrd
2012-04-01 21:27 - 2012-04-01 21:27 - 0000000 ____D C:\ProgramData\LogiShrd
2012-04-01 21:24 - 2012-04-01 21:24 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Leadertech
2012-04-01 21:24 - 2012-04-01 21:22 - 0000000 ____D C:\Program Files (x86)\Logitech
2012-04-01 21:23 - 2012-04-01 21:23 - 0000000 ____D C:\Users\All Users\Logitech
2012-04-01 21:23 - 2012-04-01 21:23 - 0000000 ____D C:\ProgramData\Logitech
2012-04-01 17:33 - 2012-04-01 17:33 - 0302592 ____A C:\Users\Wildcat\Downloads\8l4mbyl4.exe
2012-04-01 17:01 - 2012-04-01 16:59 - 0125348 ____A C:\TDSSKiller.2.7.23.0_01.04.2012_16.59.59_log.txt
2012-04-01 16:17 - 2011-05-01 22:10 - 0506880 __ASH C:\Users\Wildcat\Desktop\Thumbs.db
2012-04-01 15:12 - 2011-11-03 22:05 - 0000000 ____D C:\Users\Wildcat\Desktop\Pictures to sort
2012-03-25 15:40 - 2012-03-25 15:40 - 0010782 ____A C:\Users\Patrick\Downloads\Mar Post Card.docx
2012-03-24 12:39 - 2012-03-24 12:39 - 0363573 ____A C:\Users\Wildcat\Downloads\DSCF1434 RT LR.jpg
2012-03-24 12:31 - 2012-03-24 12:31 - 0000000 ____D C:\Users\Wildcat\Desktop\daa2iso
2012-03-24 12:31 - 2011-04-23 22:40 - 0000000 ____D C:\Users\Wildcat\Documents\School
2012-03-24 12:21 - 2012-03-24 12:21 - 0000000 ____D C:\Users\Wildcat\AppData\Local\ElevatedDiagnostics
2012-03-24 12:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At26.job
2012-03-24 12:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At25.job
2012-03-24 11:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At24.job
2012-03-24 11:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At23.job
2012-03-24 10:31 - 2010-05-30 11:44 - 0000000 ____D C:\Users\Wildcat\AppData\Local\WinZip
2012-03-24 10:20 - 2010-02-12 23:21 - 0020346 ____A C:\Windows\PFRO.log
2012-03-24 10:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At22.job
2012-03-24 10:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At21.job
2012-03-24 09:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At20.job
2012-03-24 09:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At19.job
2012-03-24 08:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At18.job
2012-03-24 08:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At17.job
2012-03-24 07:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At16.job
2012-03-24 07:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At15.job
2012-03-24 06:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At14.job
2012-03-24 06:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At13.job
2012-03-24 05:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At12.job
2012-03-24 05:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At11.job
2012-03-24 04:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At10.job
2012-03-24 04:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At9.job
2012-03-24 03:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At8.job
2012-03-24 03:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At7.job
2012-03-24 02:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At6.job
2012-03-24 02:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At5.job
2012-03-24 01:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At4.job
2012-03-24 01:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At3.job
2012-03-24 00:18 - 2012-02-21 14:07 - 0000354 ____A C:\Windows\Tasks\At2.job
2012-03-24 00:18 - 2012-02-21 14:07 - 0000352 ____A C:\Windows\Tasks\At1.job
2012-03-23 16:30 - 2012-03-23 16:30 - 0010767 ____A C:\Users\Patrick\Downloads\Test Post Card.docx
2012-03-23 16:30 - 2012-03-23 16:04 - 0010776 ____A C:\Users\Patrick\Downloads\Feb Post Card.docx
2012-03-22 13:12 - 2012-03-22 13:12 - 0010363 ____A C:\Users\Patrick\Documents\Contact fulfillment.docx
2012-03-22 10:38 - 2012-03-22 10:31 - 0024896 ____A C:\Users\Patrick\Documents\Conor's Deposit Invoice.docx
2012-03-22 10:22 - 2011-11-10 15:01 - 0000000 ____D C:\Users\Patrick\AppData\Local\Akamai
2012-03-22 09:25 - 2011-04-05 09:18 - 0000000 ____D C:\Users\Patrick\AppData\Local\Microsoft Help
2012-03-21 21:41 - 2012-02-23 20:40 - 10527550 ____A C:\Windows\ntbtlog.txt
2012-03-21 19:55 - 2012-03-21 19:55 - 0039249 ____A C:\Users\Wildcat\Downloads\0P000094386-1332385188-ca_8453OL.pdf
2012-03-21 19:55 - 2012-03-21 19:55 - 0036513 ____A C:\Users\Wildcat\Downloads\0P000094386-1332385178-ca_3582.pdf
2012-03-21 19:49 - 2012-03-21 19:49 - 0039249 ____A C:\Users\Wildcat\Desktop\ca_8453OL 2011.pdf
2012-03-20 18:03 - 2011-12-22 20:52 - 0000000 ____D C:\Program Files (x86)\Wondershare
2012-03-20 17:41 - 2011-10-24 18:02 - 0000000 ____D C:\Users\Wildcat\Desktop\For MM
2012-03-20 17:40 - 2011-11-14 19:09 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Dropbox
2012-03-20 17:21 - 2011-11-19 13:02 - 0000000 ____D C:\Users\Wildcat\Desktop\52111
2012-03-20 16:15 - 2011-11-14 19:11 - 0000000 ___RD C:\Users\Wildcat\Dropbox
2012-03-19 21:44 - 2011-12-22 20:54 - 0000000 ____D C:\Users\All Users\xml_param
2012-03-19 21:44 - 2011-12-22 20:54 - 0000000 ____D C:\ProgramData\xml_param
2012-03-19 18:27 - 2012-03-19 18:26 - 0000000 ____D C:\Users\Wildcat\Documents\Wondershare Video Converter Ultimate
2012-03-19 18:26 - 2012-03-19 18:26 - 0001426 ____A C:\Users\Wildcat\Desktop\Wondershare Video Converter Ultimate.lnk
2012-03-19 18:26 - 2012-03-19 18:26 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Wondershare Video Converter Ultimate
2012-03-19 18:18 - 2012-03-19 18:18 - 0000000 ____D C:\Users\Wildcat\AppData\Roaming\Wondershare Video Converter Platinum
2012-03-19 18:14 - 2012-03-19 18:14 - 0000000 ____D C:\Users\Wildcat\AppData\Local\Tipard Studio
2012-03-19 18:13 - 2012-03-19 18:13 - 19836427 ____A ( ) C:\Users\Wildcat\Downloads\tp-mpeg-ts-converter-428216.exe
2012-03-19 18:13 - 2012-03-19 18:13 - 0000000 ____D C:\Users\Wildcat\AppData\Local\Wondershare
2012-03-17 17:02 - 2011-04-23 22:39 - 0000000 ____D C:\Users\Public\Documents\St. Patrick's Day
2012-03-17 15:20 - 2012-03-17 15:20 - 0180156 ____A C:\Users\Wildcat\Downloads\Young_Dubliners_-_Two_Albums_-_KalenVor.exe
2012-03-17 13:37 - 2012-03-17 13:37 - 0015628 ____A C:\Windows\SysWOW64\hs_err_pid10924.log
2012-03-11 12:09 - 2012-03-11 12:09 - 0226954 ____A C:\Users\Wildcat\Desktop\OLTlogin.xps
2012-02-29 23:54 - 2012-04-10 19:18 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 23:45 - 2012-04-10 19:18 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 23:40 - 2012-04-10 19:18 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 23:35 - 2012-04-10 19:18 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 22:49 - 2012-04-10 19:18 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 22:45 - 2012-04-10 19:18 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 22:40 - 2012-04-10 19:18 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 19:25 - 2012-02-28 19:25 - 0091343 ____A C:\Users\Wildcat\Desktop\Erick.jpg
2012-02-28 02:10 - 2012-02-28 02:10 - 0947472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msjava.dll
2012-02-28 00:34 - 2012-04-10 19:20 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 00:02 - 2012-04-10 19:20 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 23:56 - 2012-04-10 19:20 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 23:50 - 2012-04-10 19:20 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 23:49 - 2012-04-10 19:20 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 23:48 - 2012-04-10 19:20 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 23:48 - 2012-04-10 19:20 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 23:47 - 2012-04-10 19:20 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 23:45 - 2012-04-10 19:20 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 23:43 - 2012-04-10 19:20 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 23:43 - 2012-04-10 19:20 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 23:42 - 2012-04-10 19:20 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 23:39 - 2012-04-10 19:20 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 18:52 - 2012-04-10 19:20 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 18:27 - 2012-04-10 19:20 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 18:18 - 2012-04-10 19:20 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 18:12 - 2012-04-10 19:20 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 18:11 - 2012-04-10 19:20 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 18:11 - 2012-04-10 19:20 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 18:09 - 2012-04-10 19:20 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 18:08 - 2012-04-10 19:20 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 18:06 - 2012-04-10 19:20 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 18:04 - 2012-04-10 19:20 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 18:03 - 2012-04-10 19:20 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 18:03 - 2012-04-10 19:20 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 17:59 - 2012-04-10 19:20 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 18:30 - 2009-07-13 22:08 - 0032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-23 10:18 - 2010-01-17 20:08 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 19:24 - 2010-04-01 19:54 - 0000000 ____D C:\Users\Public\Documents\Websites
2012-02-21 16:23 - 2012-02-21 14:07 - 0000112 ____A C:\Users\All Users\S00Pn2G.dat
2012-02-21 16:23 - 2012-02-21 14:07 - 0000112 ____A C:\ProgramData\S00Pn2G.dat
2012-02-17 11:16 - 2012-02-17 11:16 - 0013581 ____A C:\Users\Patrick\Documents\Patrick Reid card.docx
2012-02-17 10:57 - 2011-03-01 15:09 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-14 23:27 - 2012-03-13 18:58 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 22:44 - 2012-03-13 18:58 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 21:47 - 2012-03-13 18:58 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 21:46 - 2012-03-13 18:58 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 20:04 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\rescache
2012-02-14 18:18 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-02-13 23:11 - 2012-02-13 23:11 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-13 23:11 - 2012-02-13 23:11 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-13 23:11 - 2012-02-13 23:11 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-13 23:11 - 2012-02-13 23:11 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-13 23:11 - 2012-02-13 23:11 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-13 23:11 - 2012-02-13 23:11 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-13 23:11 - 2012-02-13 23:11 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-13 23:11 - 2012-02-13 23:11 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-13 23:11 - 2012-02-13 23:11 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-13 23:11 - 2012-02-13 23:11 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-13 23:11 - 2012-02-13 23:11 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-13 23:11 - 2012-02-13 23:08 - 0003797 ____A C:\Windows\IE9_main.log
2012-02-13 23:09 - 2012-02-13 23:09 - 4068864 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 3181568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 1888256 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-02-13 23:09 - 2012-02-13 23:09 - 1863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 1619456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2012-02-13 23:09 - 2012-02-13 23:09 - 1495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 1133568 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-02-13 23:09 - 2012-02-13 23:09 - 0662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0470016 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0283648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-02-13 23:09 - 2012-02-13 23:09 - 0257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-02-13 23:09 - 2012-02-13 23:09 - 0135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-02-12 18:23 - 2012-02-12 13:55 - 0011869 ____A C:\Users\Public\Documents\Step by Step instructions for Wordpress - Fran.docx
2012-02-10 16:13 - 2012-03-20 17:38 - 0001398 ____A C:\Windows\System32\Drivers\etc\hosts.20120320-173851.backup
2012-02-10 16:13 - 2009-07-13 19:34 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts.20120416-215735.backup
2012-02-10 16:13 - 2009-07-13 19:34 - 0001398 ____A C:\Windows\System32\Drivers\etc\hosts.20120401-152812.backup
2012-02-10 16:13 - 2009-07-13 19:34 - 0001398 ____A C:\Windows\System32\Drivers\etc\hosts.20120323-174926.backup
2012-02-10 16:13 - 2009-07-13 19:34 - 0001398 ____A C:\Windows\System32\Drivers\etc\hosts.20120321-214059.backup
2012-02-10 16:13 - 2009-07-13 19:34 - 0001398 ____A C:\Windows\System32\Drivers\etc\hosts.20120321-213601.backup
2012-02-10 16:13 - 2009-07-13 19:34 - 0001398 ____A C:\Windows\System32\Drivers\etc\hosts.20120320-173229.backup
2012-02-10 16:13 - 2009-07-13 19:34 - 0001398 ____A C:\Windows\System32\Drivers\etc\hosts.20120320-173206.backup
2012-02-09 23:18 - 2012-03-13 18:58 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 23:17 - 2012-03-13 18:58 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 23:17 - 2012-03-13 18:58 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 23:17 - 2012-03-13 18:58 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 23:17 - 2012-03-13 18:58 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 22:41 - 2012-03-13 18:58 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 22:41 - 2012-03-13 18:58 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 22:41 - 2012-03-13 18:58 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 22:41 - 2012-03-13 18:58 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 22:41 - 2012-03-13 18:58 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-07 23:27 - 2009-07-13 19:34 - 0000478 ____A C:\Windows\win.ini
2012-02-07 11:02 - 2012-02-07 11:02 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-02 21:16 - 2012-03-13 18:58 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-26 22:10 - 2012-01-26 22:10 - 1601280 ____A C:\Users\Wildcat\Desktop\FORD_image_guidelines.pdf
2012-01-26 21:59 - 2012-01-26 21:22 - 0137999 ____A C:\Users\Wildcat\Downloads\PICT0118.jpg
2012-01-26 21:29 - 2012-01-26 21:29 - 0353450 ____A C:\Users\Wildcat\Downloads\HTCloseUp.jpg
2012-01-26 21:28 - 2012-01-26 21:28 - 0620763 ____A C:\Users\Wildcat\Downloads\HTFullBody.jpg
2012-01-26 21:20 - 2012-01-26 21:20 - 0135363 ____A C:\Users\Wildcat\Downloads\PICT0125.jpg
2012-01-26 12:32 - 2012-01-26 12:34 - 3644088 ____A C:\Users\Patrick\Desktop\tardis_door_sign.jpg
2012-01-24 23:27 - 2012-03-13 18:58 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 23:27 - 2012-03-13 18:58 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 23:20 - 2012-03-13 18:58 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 18:07 - 2011-04-12 19:54 - 0000000 ____D C:\Users\Patrick\AppData\Roaming\uTorrent
2012-01-23 20:01 - 2011-09-29 17:29 - 0000000 ____D C:\Users\Patrick\Downloads\Pimsleur

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 14335.18 MB
Available physical RAM: 12053.58 MB
Total Pagefile: 28668.5 MB
Available Pagefile: 26292.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

======================= Partitions =========================

1 Drive c: (Primary) (Fixed) (Total:195.31 GB) (Free:43.54 GB) NTFS
2 Drive d: () (Fixed) (Total:14.65 GB) (Free:2.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Programs/Documents) (Fixed) (Total:36.34 GB) (Free:30.3 GB) NTFS
4 Drive f: (New Volume) (Fixed) (Total:400.86 GB) (Free:154.98 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 55 GB 5006 MB
Disk 1 Online 596 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 31 KB
Partition 0 Extended 36 GB 19 GB
Partition 2 Logical 36 GB 19 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 14 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Programs/Do NTFS Partition 36 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 195 GB 31 KB
Partition 2 Primary 400 GB 195 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C Primary NTFS Partition 195 GB Healthy Boot

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F New Volume NTFS Partition 400 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-09 17:41

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 21 April 2012 - 06:17 AM

Hello

I need you to run FRST again for me but it needs to be in the recovery environment to work correctly

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 claws.33

claws.33
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 21 April 2012 - 02:45 PM

Properly run Frst:

Scan result of Farbar Recovery Scan Tool Version: 19-04-2012
Ran by SYSTEM at 21-04-2012 12:40:02
Running from H:\
Microsoft Windows XP (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RunDAOD] C:\WINDOWS\DAODx.exe [32768 2009-03-29] ()
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1040384 2008-03-16] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray [884736 2008-03-24] (Analog Devices, Inc.)
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [221288 2008-02-11] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [CTSyncService] "C:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe" /StartRunKey [1233196 2008-04-17] (Creative Technology Ltd)
HKLM\...\Run: [TweakIt Help] "C:\Program Files\ASUS\TweakIt\TweakIt.exe" -r [817152 2009-03-13] ()
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-09-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [114688 2008-12-11] ()
HKLM\...\Run: [Cpu Level Up] "C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe" -r [1168896 2009-01-22] (ASUSTek)
HKLM\...\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe" [1212416 2008-12-09] (ASUS)
HKLM\...\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg [376832 2008-06-17] ()
HKLM\...\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" [5472256 2009-05-05] ()
HKLM\...\Run: [Six Engine] "C:\Program Files\ASUS\EPU\EPU.exe" -r [4104704 2009-05-12] ()
HKLM\...\Run: [Logitech Utility] Logi_MwX.Exe [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [x]
HKLM\...\Run: [] [x]
HKLM\...\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2006-12-09] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE [1694608 2011-12-12] (Bandoo Media, inc)
HKU\Owner\...\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe" [x]
HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll

==================== Services (Whitelisted) ======

4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
4 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [124256 2009-04-22] ()
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144712 2009-06-05] (Apple Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-01] ()
2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [602112 2009-09-10] (ATI Technologies Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [390504 2011-08-30] (Apple Inc.)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd)
2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [417792 2008-03-12] (Creative Technology Ltd)
2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe -s [61440 2006-12-09] (Digidesign, A Division of Avid Technology, Inc.)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2008-04-13] (Microsoft Corp., Veritas Software)
3 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2009-12-06] (Acresso Software Inc.)
3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
3 idsvc; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [881664 2008-07-29] (Microsoft Corporation)
3 ImapiService; C:\WINDOWS\System32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
4 NetDDE; C:\Windows\System32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [132096 2008-07-29] (Microsoft Corporation)
3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
3 RSVP; C:\Windows\System32\rsvp.exe [132608 2002-09-03] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
3 Sound Blaster X-Fi MB Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe" [79360 2002-01-04] (Creative Labs)
2 srservice; C:\WINDOWS\System32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
3 SwPrv; C:\WINDOWS\System32\dllhost.exe /Processid:{B5073900-4720-4248-A16B-D25BD09D53B6} [5120 2008-04-13] (Microsoft Corporation)
3 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-13] (Microsoft Corporation)
2 wuauserv; C:\WINDOWS\System32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
4 HidServ; C:\Windows\System32\hidserv.dll [x]

========================== Drivers (Whitelisted) =============

4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2002-09-03] (Microsoft Corporation)
3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [331264 2008-03-23] (Analog Devices, Inc.)
3 AEAudio; C:\Windows\System32\Drivers\AEAudio.sys [94976 2007-07-12] (Andrea Electronics Corporation)
3 aec; C:\Windows\System32\Drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
3 AmbFilt; C:\Windows\System32\Drivers\AmbFilt.sys [1683712 2008-02-13] (Creative)
1 AmdPPM; C:\Windows\System32\Drivers\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
3 Arp1394; C:\Windows\System32\Drivers\Arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
1 AsIO; C:\Windows\System32\Drivers\AsIO.sys [12400 2007-12-17] ()
3 ati2mtag; C:\Windows\System32\Drivers\ati2mtag.sys [4476416 2009-09-10] (ATI Technologies Inc.)
3 Atmarpc; C:\Windows\System32\Drivers\Atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
3 audstub; C:\Windows\System32\Drivers\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2002-09-03] (Microsoft Corporation)
3 CCDECODE; C:\Windows\System32\Drivers\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2002-09-03] (Microsoft Corporation)
2 DigiNet; C:\Windows\System32\Drivers\DigiNet.sys [11776 2006-12-08] (Digidesign, A Division of Avid Technology, Inc.)
4 dmboot; C:\Windows\System32\Drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
4 dmio; C:\Windows\System32\Drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
4 dmload; C:\Windows\System32\Drivers\dmload.sys [5888 2002-09-03] (Microsoft Corp., Veritas Software.)
3 DMusic; C:\Windows\System32\Drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [125056 2002-09-03] (Microsoft Corporation)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\Drivers\HDAudBus.sys [138240 2004-10-27] (Windows ® Server 2003 DDK provider)
1 Imapi; C:\Windows\System32\Drivers\Imapi.sys [42112 2008-04-13] (Microsoft Corporation)
3 ip6fw; C:\Windows\System32\Drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\Drivers\IpInIp.sys [20864 2008-04-13] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\Drivers\IPSec.sys [75264 2008-04-13] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\Drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
3 L8042PR2; C:\Windows\System32\Drivers\L8042PR2.sys [51729 2003-12-17] (Logitech, Inc.)
3 LHidFlt2; C:\Windows\System32\Drivers\LHidFlt2.sys [25505 2003-12-17] (Logitech, Inc.)
3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.sys [37887 2003-12-17] (Logitech, Inc.)
3 LMouFlt2; C:\Windows\System32\Drivers\LMouFlt2.sys [70801 2003-12-17] (Logitech, Inc.)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2002-09-03] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
3 NABTSFEC; C:\Windows\System32\Drivers\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\Drivers\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 NIC1394; C:\Windows\System32\Drivers\NIC1394.sys [61824 2008-04-13] (Microsoft Corporation)
3 NwlnkFlt; C:\Windows\System32\Drivers\NwlnkFlt.sys [12416 2002-09-03] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\Drivers\NwlnkFwd.sys [32512 2002-09-03] (Microsoft Corporation)
1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
3 PSched; C:\Windows\System32\Drivers\PSched.sys [69120 2008-04-13] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\Drivers\Ptilink.sys [17792 2002-09-03] (Parallel Technologies, Inc.)
3 Raspti; C:\Windows\System32\Drivers\Raspti.sys [16512 2002-09-03] (Microsoft Corporation)
1 redbook; C:\Windows\System32\Drivers\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [111360 2008-08-07] (Realtek Semiconductor Corporation )
2 Sentinel; C:\Windows\System32\Drivers\Sentinel.sys [90176 2006-03-14] (SafeNet, Inc.)
3 SLIP; C:\Windows\System32\Drivers\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
3 splitter; C:\Windows\System32\Drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
0 sr; C:\Windows\System32\Drivers\sr.sys [73472 2008-04-13] (Microsoft Corporation)
3 streamip; C:\Windows\System32\Drivers\streamip.sys [15232 2008-04-13] (Microsoft Corporation)
3 swmidi; C:\Windows\System32\Drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
3 sysaudio; C:\Windows\System32\Drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
3 Update; C:\Windows\System32\Drivers\Update.sys [384768 2008-04-13] (Microsoft Corporation)
3 USBAAPL; C:\Windows\System32\Drivers\USBAAPL.sys [40448 2009-08-28] (Apple, Inc.)
1 vcdrom; C:\Windows\System32\Drivers\vcdrom.sys [8576 2001-12-19] (Microsoft Corporation)
3 wdmaud; C:\Windows\System32\Drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\Drivers\WSTCODEC.sys [19200 2008-04-13] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
2 adfs; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-21 12:39 - 2009-11-30 18:56 - 0000000 ____D C:\FRST
2012-04-11 12:45 - 2012-04-11 12:45 - 0076407 ____A C:\Documents and Settings\Owner\Application Data\Smiley.ico
2012-04-11 12:45 - 2012-04-11 12:45 - 0000000 ____D C:\Documents and Settings\Owner\Application Data\searchqutoolbar
2012-04-11 12:45 - 2011-04-24 16:35 - 0000000 ____D C:\Documents and Settings\Owner\Application Data\searchquband
2012-04-11 12:45 - 2009-11-14 20:00 - 0000000 ____D C:\Program Files\Windows Searchqu Toolbar
2012-04-11 12:45 - - 0000000 ____D C:\Documents and Settings\Owner\AppData\LocalLow
2012-04-06 15:39 - 2012-04-06 10:24 - 0017684 ____A C:\Windows\KB2641653.log
2012-04-06 15:39 - 2012-04-06 10:24 - 0000000 __HDC C:\Windows\$NtUninstallKB2641653$
2012-04-06 15:38 - 2012-04-06 15:33 - 0000000 __HDC C:\Windows\$NtUninstallKB2585542$
2012-04-06 15:38 - 2012-04-06 10:24 - 0000000 __HDC C:\Windows\$NtUninstallKB2646524$
2012-04-06 15:38 - 2012-04-06 10:23 - 0000000 __HDC C:\Windows\$NtUninstallKB2631813$
2012-04-06 15:38 - 2012-04-06 10:23 - 0000000 __HDC C:\Windows\$NtUninstallKB2598479$
2012-04-06 15:34 - 2012-04-06 15:38 - 0016771 ____A C:\Windows\KB2647516.log
2012-04-06 15:34 - 2012-04-06 15:38 - 0012182 ____A C:\Windows\KB2603381.log
2012-04-06 15:34 - 2012-04-06 15:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2647516$
2012-04-06 15:34 - 2012-04-06 15:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2603381$
2012-04-06 15:34 - 2012-04-06 15:34 - 0012346 ____A C:\Windows\KB2661637.log
2012-04-06 15:34 - 2012-04-06 15:34 - 0012023 ____A C:\Windows\KB2647518.log
2012-04-06 15:34 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2661637$
2012-04-06 15:34 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2647518$
2012-04-06 15:34 - 2012-04-06 10:21 - 0012709 ____A C:\Windows\KB2621440.log
2012-04-06 15:34 - 2012-04-06 10:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2621440$
2012-04-06 15:33 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2584146$
2012-04-06 15:32 - 2010-01-12 13:18 - 0000000 ____D C:\Documents and Settings\Owner\My Documents\StreamTransport
2012-04-06 11:16 - 2011-05-17 17:18 - 0000000 ____D C:\Program Files\Bonjour
2012-04-06 11:16 - 2002-01-04 20:20 - 0000000 ____D C:\Program Files\Apple Software Update
2012-04-06 11:16 - - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-04-06 10:25 - 2012-04-06 10:25 - 0000000 __HDC C:\Windows\$NtUninstallKB2564958$
2012-04-06 10:25 - 2012-04-06 10:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2567680$
2012-04-06 10:25 - 2011-07-05 18:43 - 0012441 ____A C:\Windows\KB2564958.log
2012-04-06 10:25 - 2011-07-05 18:43 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2012-04-06 10:24 - 2012-04-06 15:39 - 0000000 __HDC C:\Windows\$NtUninstallKB2641690$
2012-04-06 10:24 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2639417$
2012-04-06 10:24 - 2011-07-05 18:43 - 0017531 ____A C:\Windows\KB2536276-v2.log
2012-04-06 10:24 - 2011-07-05 18:43 - 0000000 __HDC C:\Windows\$NtUninstallKB2536276-v2$
2012-04-06 10:24 - 2011-04-24 16:31 - 0000000 __HDC C:\Windows\$NtUninstallKB2507938$
2012-04-06 10:23 - 2012-04-06 15:38 - 0015644 ____A C:\Windows\KB2592799.log
2012-04-06 10:23 - 2012-04-06 15:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2592799$
2012-04-06 10:23 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2624667$
2012-04-06 10:23 - 2012-04-06 10:25 - 0015652 ____A C:\Windows\KB2570222.log
2012-04-06 10:23 - 2012-04-06 10:25 - 0000000 __HDC C:\Windows\$NtUninstallKB2570222$
2012-04-06 10:22 - 2012-04-06 10:23 - 0014707 ____A C:\Windows\KB2570947.log
2012-04-06 10:22 - 2012-04-06 10:23 - 0000000 __HDC C:\Windows\$NtUninstallKB2570947$
2012-04-06 10:22 - 2012-04-06 10:22 - 0014578 ____A C:\Windows\KB2618451.log
2012-04-06 10:22 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2619339$
2012-04-06 10:22 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2618451$
2012-04-06 10:22 - 2012-04-06 10:21 - 0007425 ____A C:\Windows\KB2633952.log
2012-04-06 10:22 - 2012-04-06 10:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2633952$
2012-04-06 10:21 - 2012-04-06 15:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2633171$
2012-04-06 10:21 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2618444$
2012-04-06 10:21 - 2012-04-06 10:25 - 0011680 ____A C:\Windows\KB2566454.log
2012-04-06 10:21 - 2012-04-06 10:25 - 0000000 __HDC C:\Windows\$NtUninstallKB2566454$
2012-04-06 10:21 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2620712$
2012-04-06 10:20 - 2012-04-06 15:34 - 0026324 ____A C:\Windows\KB2585542.log
2012-04-06 10:20 - 2012-04-06 10:24 - 0026825 ____A C:\Windows\KB2646524.log
2012-04-06 10:20 - 2012-04-06 10:23 - 0025612 ____A C:\Windows\KB2598479.log
2012-04-06 10:20 - 2012-04-06 10:23 - 0025065 ____A C:\Windows\KB2631813.log
2012-04-06 10:20 - 2008-04-13 16:12 - 0003072 ____N C:\Windows\System32\iacenc.dll
2012-04-06 10:20 - 2002-09-03 08:24 - 0003072 ____C C:\Windows\System32\dllcache\iacenc.dll
2012-04-06 10:19 - 2012-04-06 10:22 - 0021631 ____A C:\Windows\KB2584146.log
2012-04-06 10:18 - 2008-05-09 15:23 - 0019200 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wstcodec.sys
2012-04-06 10:18 - 2008-04-13 16:11 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\ipsink.ax
2012-04-06 10:18 - 2008-04-13 11:20 - 0010880 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NdisIP.sys
2012-04-06 10:18 - 2008-04-13 10:45 - 0015232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\streamip.sys
2012-04-06 10:18 - 2008-04-13 10:45 - 0015232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\StreamIP.sys
2012-04-06 10:18 - 2008-04-13 10:43 - 0085248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NABTSFEC.sys
2012-04-06 10:18 - 2008-04-13 10:36 - 0011136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\SLIP.sys
2012-04-06 10:18 - 2008-04-13 10:36 - 0005504 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MSTEE.sys
2012-04-06 10:18 - 2002-09-03 09:14 - 0019200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WSTCODEC.SYS
2012-04-06 10:18 - 2002-09-03 09:01 - 0011136 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\slip.sys
2012-04-06 10:18 - 2002-09-03 08:47 - 0010880 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ndisip.sys
2012-04-06 10:18 - 2002-09-03 08:46 - 0085248 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\nabtsfec.sys
2012-04-06 10:18 - 2002-09-03 08:46 - 0005504 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mstee.sys
2012-04-06 10:18 - 2002-09-03 08:35 - 0016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ipsink.ax
2012-04-06 10:18 - 2002-09-03 08:28 - 0017024 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ccdecode.sys
2012-04-06 10:18 - 2002-09-03 08:28 - 0017024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\CCDECODE.sys
2012-04-06 10:17 - 2011-12-19 00:53 - 0060032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2012-04-06 10:17 - 2009-08-28 18:42 - 0060032 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys
2012-04-06 10:17 - 2008-04-13 16:12 - 0061952 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kstvtune.ax
2012-04-06 10:17 - 2008-04-13 16:12 - 0061952 ____A (Microsoft Corporation) C:\Windows\System32\kstvtune.ax
2012-04-06 10:17 - 2008-04-13 16:11 - 0091136 ____A (Microsoft Corporation) C:\Windows\System32\kswdmcap.ax
2012-04-06 10:17 - 2008-04-13 16:11 - 0020992 ____A (Microsoft Corporation) C:\Windows\System32\dshowext.ax
2012-04-06 10:17 - 2008-04-13 15:12 - 0091136 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kswdmcap.ax
2012-04-06 10:17 - 2008-04-13 15:12 - 0043008 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ksxbar.ax
2012-04-06 10:17 - 2008-04-13 15:12 - 0043008 ____A (Microsoft Corporation) C:\Windows\System32\ksxbar.ax
2012-04-06 10:17 - 2002-09-03 09:09 - 0053760 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\vfwwdm32.dll
2012-04-06 10:17 - 2002-09-03 09:09 - 0053760 ____A (Microsoft Corporation) C:\Windows\System32\vfwwdm32.dll
2012-04-06 10:17 - 2002-09-03 08:32 - 0020992 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dshowext.ax


============ 3 Months Modified Files and Folders =============

2012-04-21 12:40 - 2012-04-21 12:39 - 0000000 ____D C:\FRST
2012-04-11 13:19 - 2009-11-15 09:50 - 0524288 ____A C:\Windows\System32\config\ACEEvent.evt
2012-04-11 13:19 - 2002-01-04 20:44 - 1584097 ____A C:\Windows\WindowsUpdate.log
2012-04-11 13:19 - 2002-01-04 20:37 - 0000000 ____D C:\Documents and Settings\Owner\Application Data\uTorrent
2012-04-11 13:19 - 2002-01-04 20:11 - 0032630 ____A C:\Windows\SchedLgU.Txt
2012-04-11 13:19 - 2002-01-04 20:11 - 0000178 __ASH C:\Documents and Settings\Owner\ntuser.ini
2012-04-11 13:19 - 2002-01-04 19:51 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-11 13:19 - 2002-01-04 11:45 - 0000268 ____A C:\Windows\wiadebug.log
2012-04-11 13:15 - 2009-11-15 09:57 - 0000000 ____D C:\Windows\SxsCaPendDel
2012-04-11 12:45 - 2012-04-11 12:45 - 0000000 ____D C:\Program Files\Windows Searchqu Toolbar
2012-04-11 12:45 - 2012-04-11 12:45 - 0000000 ____D C:\Documents and Settings\Owner\Application Data\searchqutoolbar
2012-04-11 12:45 - 2012-04-11 12:45 - 0000000 ____D C:\Documents and Settings\Owner\Application Data\searchquband
2012-04-11 12:45 - 2012-04-11 12:45 - 0000000 ____D C:\Documents and Settings\Owner\AppData\LocalLow
2012-04-11 09:11 - 2002-01-04 20:11 - 0000000 ___RD C:\Documents and Settings\Owner\My Documents
2012-04-11 09:06 - 2002-01-04 11:44 - 0523610 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-11 09:03 - 2002-01-04 20:12 - 0000000 ____A C:\Windows\0.log
2012-04-11 09:02 - 2002-09-03 09:14 - 0013646 ____A C:\Windows\System32\wpa.dbl
2012-04-11 09:02 - 2002-01-04 20:11 - 0000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
2012-04-11 09:02 - 2002-01-04 20:11 - 0000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-04-11 09:02 - 2002-01-04 20:11 - 0000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-04-11 09:02 - 2002-01-04 11:45 - 0000049 ____A C:\Windows\wiaservc.log
2012-04-07 19:53 - 2002-01-04 11:43 - 2091320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-06 15:39 - 2012-04-06 15:39 - 0017684 ____A C:\Windows\KB2641653.log
2012-04-06 15:39 - 2012-04-06 15:39 - 0000000 __HDC C:\Windows\$NtUninstallKB2641653$
2012-04-06 15:39 - 2009-11-14 18:47 - 0000000 ___HD C:\Windows\$hf_mig$
2012-04-06 15:39 - 2002-01-04 11:44 - 1215863 ____A C:\Windows\FaxSetup.log
2012-04-06 15:39 - 2002-01-04 11:44 - 0600646 ____A C:\Windows\ocgen.log
2012-04-06 15:39 - 2002-01-04 11:44 - 0468986 ____A C:\Windows\tsoc.log
2012-04-06 15:39 - 2002-01-04 11:44 - 0415099 ____A C:\Windows\comsetup.log
2012-04-06 15:39 - 2002-01-04 11:44 - 0250910 ____A C:\Windows\ntdtcsetup.log
2012-04-06 15:39 - 2002-01-04 11:44 - 0191348 ____A C:\Windows\iis6.log
2012-04-06 15:39 - 2002-01-04 11:44 - 0067255 ____A C:\Windows\ocmsn.log
2012-04-06 15:39 - 2002-01-04 11:44 - 0061220 ____A C:\Windows\msgsocm.log
2012-04-06 15:39 - 2002-01-04 11:44 - 0001355 ____A C:\Windows\imsins.log
2012-04-06 15:39 - 2002-01-04 11:43 - 0193283 ____A C:\Windows\setupapi.log
2012-04-06 15:38 - 2012-04-06 15:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2646524$
2012-04-06 15:38 - 2012-04-06 15:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2631813$
2012-04-06 15:38 - 2012-04-06 15:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2598479$
2012-04-06 15:38 - 2012-04-06 15:38 - 0000000 __HDC C:\Windows\$NtUninstallKB2585542$
2012-04-06 15:38 - 2012-04-06 10:20 - 0026825 ____A C:\Windows\KB2646524.log
2012-04-06 15:38 - 2012-04-06 10:20 - 0026324 ____A C:\Windows\KB2585542.log
2012-04-06 15:38 - 2012-04-06 10:20 - 0025612 ____A C:\Windows\KB2598479.log
2012-04-06 15:38 - 2012-04-06 10:20 - 0025065 ____A C:\Windows\KB2631813.log
2012-04-06 15:38 - 2009-11-14 19:59 - 0149786 ____A C:\Windows\updspapi.log
2012-04-06 15:38 - 2002-01-04 11:44 - 0001355 ____A C:\Windows\imsins.BAK
2012-04-06 15:34 - 2012-04-06 15:34 - 0016771 ____A C:\Windows\KB2647516.log
2012-04-06 15:34 - 2012-04-06 15:34 - 0012709 ____A C:\Windows\KB2621440.log
2012-04-06 15:34 - 2012-04-06 15:34 - 0012346 ____A C:\Windows\KB2661637.log
2012-04-06 15:34 - 2012-04-06 15:34 - 0012182 ____A C:\Windows\KB2603381.log
2012-04-06 15:34 - 2012-04-06 15:34 - 0012023 ____A C:\Windows\KB2647518.log
2012-04-06 15:34 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2661637$
2012-04-06 15:34 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2647518$
2012-04-06 15:34 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2647516$
2012-04-06 15:34 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2621440$
2012-04-06 15:34 - 2012-04-06 15:34 - 0000000 __HDC C:\Windows\$NtUninstallKB2603381$
2012-04-06 15:34 - 2012-04-06 10:19 - 0021631 ____A C:\Windows\KB2584146.log
2012-04-06 15:33 - 2012-04-06 15:33 - 0000000 __HDC C:\Windows\$NtUninstallKB2584146$
2012-04-06 15:32 - 2012-04-06 15:32 - 0000000 ____D C:\Documents and Settings\Owner\My Documents\StreamTransport
2012-04-06 11:54 - 2009-11-15 09:41 - 0000000 ____D C:\Documents and Settings\Owner\Application Data\Apple Computer
2012-04-06 11:27 - 2009-11-15 09:40 - 0000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
2012-04-06 11:18 - 2010-01-12 11:05 - 0042720 ___AH C:\Windows\System32\mlfcache.dat
2012-04-06 11:16 - 2012-04-06 11:16 - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-04-06 11:16 - 2012-04-06 11:16 - 0000000 ____D C:\Program Files\Bonjour
2012-04-06 11:16 - 2012-04-06 11:16 - 0000000 ____D C:\Program Files\Apple Software Update
2012-04-06 10:25 - 2012-04-06 10:25 - 0012441 ____A C:\Windows\KB2564958.log
2012-04-06 10:25 - 2012-04-06 10:25 - 0000000 __HDC C:\Windows\$NtUninstallKB2567680$
2012-04-06 10:25 - 2012-04-06 10:25 - 0000000 __HDC C:\Windows\$NtUninstallKB2564958$
2012-04-06 10:25 - 2012-04-06 10:25 - 0000000 __HDC C:\Windows\$NtUninstallKB2544893-v2$
2012-04-06 10:25 - 2012-01-04 17:14 - 0031758 ____A C:\Windows\KB2567680.log
2012-04-06 10:25 - 2012-01-04 17:14 - 0028527 ____A C:\Windows\KB2544893-v2.log
2012-04-06 10:24 - 2012-04-06 10:24 - 0017531 ____A C:\Windows\KB2536276-v2.log
2012-04-06 10:24 - 2012-04-06 10:24 - 0000000 __HDC C:\Windows\$NtUninstallKB2641690$
2012-04-06 10:24 - 2012-04-06 10:24 - 0000000 __HDC C:\Windows\$NtUninstallKB2639417$
2012-04-06 10:24 - 2012-04-06 10:24 - 0000000 __HDC C:\Windows\$NtUninstallKB2536276-v2$
2012-04-06 10:24 - 2012-04-06 10:24 - 0000000 __HDC C:\Windows\$NtUninstallKB2507938$
2012-04-06 10:24 - 2012-01-04 17:14 - 0029049 ____A C:\Windows\KB2639417.log
2012-04-06 10:24 - 2012-01-04 17:14 - 0028142 ____A C:\Windows\KB2507938.log
2012-04-06 10:24 - 2012-01-04 17:14 - 0027553 ____A C:\Windows\KB2641690.log
2012-04-06 10:23 - 2012-04-06 10:23 - 0015652 ____A C:\Windows\KB2570222.log
2012-04-06 10:23 - 2012-04-06 10:23 - 0015644 ____A C:\Windows\KB2592799.log
2012-04-06 10:23 - 2012-04-06 10:23 - 0000000 __HDC C:\Windows\$NtUninstallKB2624667$
2012-04-06 10:23 - 2012-04-06 10:23 - 0000000 __HDC C:\Windows\$NtUninstallKB2592799$
2012-04-06 10:23 - 2012-04-06 10:23 - 0000000 __HDC C:\Windows\$NtUninstallKB2570222$
2012-04-06 10:23 - 2012-01-04 17:14 - 0027026 ____A C:\Windows\KB2624667.log
2012-04-06 10:22 - 2012-04-06 10:22 - 0014707 ____A C:\Windows\KB2570947.log
2012-04-06 10:22 - 2012-04-06 10:22 - 0014578 ____A C:\Windows\KB2618451.log
2012-04-06 10:22 - 2012-04-06 10:22 - 0007425 ____A C:\Windows\KB2633952.log
2012-04-06 10:22 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2633952$
2012-04-06 10:22 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2619339$
2012-04-06 10:22 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2618451$
2012-04-06 10:22 - 2012-04-06 10:22 - 0000000 __HDC C:\Windows\$NtUninstallKB2570947$
2012-04-06 10:22 - 2012-04-06 10:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2618444$
2012-04-06 10:22 - 2012-01-04 17:14 - 0028076 ____A C:\Windows\KB2618444.log
2012-04-06 10:22 - 2012-01-04 17:14 - 0025566 ____A C:\Windows\KB2619339.log
2012-04-06 10:22 - 2009-11-15 09:26 - 0022292 ____A C:\Windows\System32\TZLog.log
2012-04-06 10:21 - 2012-04-06 10:21 - 0011680 ____A C:\Windows\KB2566454.log
2012-04-06 10:21 - 2012-04-06 10:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2633171$
2012-04-06 10:21 - 2012-04-06 10:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2620712$
2012-04-06 10:21 - 2012-04-06 10:21 - 0000000 __HDC C:\Windows\$NtUninstallKB2566454$
2012-04-06 10:21 - 2012-01-04 17:14 - 0022565 ____A C:\Windows\KB2620712.log
2012-04-06 10:21 - 2012-01-04 17:13 - 0024990 ____A C:\Windows\KB2633171.log
2012-04-06 10:18 - 2002-01-04 11:43 - 0001547 ____A C:\Windows\setupact.log
2012-03-04 15:23 - 2009-11-15 09:27 - 54215544 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-03 01:22 - 2009-08-14 05:21 - 1860096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2012-02-03 01:22 - 2002-09-03 09:11 - 1860096 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


========================= Known DLLs (Whitelisted) ============

C:\Windows\SysWOW64\advapi32.dll is missing
C:\Windows\SysWOW64\comdlg32.dll is missing
C:\Windows\SysWOW64\gdi32.dll is missing
C:\Windows\SysWOW64\imagehlp.dll is missing
C:\Windows\SysWOW64\kernel32.dll is missing
C:\Windows\SysWOW64\lz32.dll is missing
C:\Windows\SysWOW64\ole32.dll is missing
C:\Windows\SysWOW64\oleaut32.dll is missing
[2002-09-03 08:51] - [2008-04-13 16:12] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
C:\Windows\SysWOW64\olecli32.dll is missing
[2002-09-03 08:51] - [2008-04-13 16:12] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
C:\Windows\SysWOW64\olecnv32.dll is missing
[2002-09-03 08:51] - [2002-09-03 08:51] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
C:\Windows\SysWOW64\olesvr32.dll is missing
[2002-09-03 08:51] - [2002-09-03 08:51] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll
C:\Windows\SysWOW64\olethk32.dll is missing
C:\Windows\SysWOW64\rpcrt4.dll is missing
C:\Windows\SysWOW64\shell32.dll is missing
C:\Windows\SysWOW64\url.dll is missing
C:\Windows\SysWOW64\urlmon.dll is missing
C:\Windows\SysWOW64\user32.dll is missing
C:\Windows\SysWOW64\version.dll is missing
C:\Windows\SysWOW64\wininet.dll is missing
C:\Windows\SysWOW64\wldap32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2002-09-03 09:12] - [2008-04-13 16:12] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows\System32\wininit.exe is missing.
C:\Windows\SysWOW64\wininit.exe is missing.
C:\Windows\explorer.exe
[2002-09-03 08:32] - [2008-04-13 16:12] - 1033728 ____A (Microsoft Corporation) 12896823FB95BFB3DC9B46BCAEDC9923

C:\Windows\SysWOW64\explorer.exe is missing.
C:\Windows\System32\svchost.exe
[2002-09-03 09:05] - [2008-04-13 16:12] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\Windows\SysWOW64\svchost.exe is missing.
C:\Windows\System32\User32.dll
[2002-09-03 09:08] - [2008-04-13 16:12] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows\SysWOW64\User32.dll is missing.
C:\Windows\System32\Drivers\volsnap.sys
[2002-09-03 09:10] - [2008-04-13 10:41] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025


========================= Memory info ======================

Percentage of memory in use: 6%
Total physical RAM: 14335.18 MB
Available physical RAM: 13363.91 MB
Total Pagefile: 14333.33 MB
Available Pagefile: 13364.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:14.65 GB) (Free:2.91 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (Primary) (Fixed) (Total:195.31 GB) (Free:42.82 GB) NTFS
3 Drive e: (Programs/Documents) (Fixed) (Total:36.34 GB) (Free:30.3 GB) NTFS
4 Drive f: (New Volume) (Fixed) (Total:400.86 GB) (Free:154.98 GB) NTFS
6 Drive h: () (Removable) (Total:3.74 GB) (Free:0.91 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 55 GB 5006 MB
Disk 1 Online 596 GB 1024 KB
Disk 2 Online 3835 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 31 KB
Partition 0 Extended 36 GB 19 GB
Partition 2 Logical 36 GB 19 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Programs/Do NTFS Partition 36 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 195 GB 31 KB
Partition 2 Primary 400 GB 195 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Primary NTFS Partition 195 GB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F New Volume NTFS Partition 400 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3827 MB Healthy

======================================================================================================
======================= End Of Log ==========================

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:11 AM

Posted 21 April 2012 - 02:57 PM

Greetings

Thanks for the report - looks like TDSSKiller did a good job at getting the infection

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\PROGRA~1\WINDOW~4\Datamngr
C:\Documents and Settings\Owner\Application Data\searchqutoolbar
C:\Documents and Settings\Owner\Application Data\searchquband
C:\Program Files\Windows Searchqu Toolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 claws.33

claws.33
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 22 April 2012 - 09:13 PM

Internet is faster, no redirects after testing the search engine, and no pop-ups so far!

ComboFix 12-04-19.02 - Wildcat 04/22/2012 18:57:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.14335.12376 [GMT -7:00]
Running from: c:\users\Wildcat\Desktop\ComboFix.exe
Command switches used :: c:\users\Wildcat\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\System64
c:\windows\SysWow64\gfbaksm.dat
c:\windows\SysWow64\gfbaksm.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 02:01 . 2012-04-23 02:01 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2012-04-23 02:01 . 2012-04-23 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-21 00:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{517EA492-3297-4E4D-AD7D-51FDC089C5DA}\mpengine.dll
2012-04-20 23:57 . 2012-04-20 23:58 -------- d-----w- C:\FRST
2012-04-17 04:51 . 2012-04-17 04:51 -------- d-----w- c:\users\Wildcat\AppData\Roaming\PDAppFlex
2012-04-11 02:18 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:18 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:18 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:18 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:18 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 02:18 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 02:18 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 00:30 . 2012-04-11 00:30 -------- d-----w- c:\users\Wildcat\AppData\Roaming\Xilisoft
2012-04-10 23:59 . 2012-04-10 23:59 -------- d-----w- c:\programdata\Xilisoft
2012-04-10 23:59 . 2012-04-10 23:59 1790464 ----a-w- c:\windows\SysWow64\mqrdim.dll
2012-04-10 23:59 . 2012-04-10 23:59 -------- d-----w- c:\program files (x86)\Xilisoft
2012-04-10 23:04 . 2012-04-10 23:04 -------- d-----w- c:\users\Wildcat\AppData\Local\Logitech® Webcam Software
2012-04-10 06:08 . 2012-04-10 06:08 -------- d-----w- c:\users\Patrick\AppData\Roaming\RCP 5
2012-04-06 18:31 . 2012-04-06 18:31 -------- d-----w- c:\users\Patrick\AppData\Local\Logitech® Webcam Software
2012-04-02 04:27 . 2012-04-02 04:27 -------- d-----w- c:\programdata\LogiShrd
2012-04-02 04:24 . 2012-04-02 04:24 53248 ----a-r- c:\users\Wildcat\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-02 04:24 . 2012-04-02 04:24 -------- d-----w- c:\users\Wildcat\AppData\Roaming\Leadertech
2012-04-02 04:23 . 2012-04-04 02:37 -------- d-----w- c:\program files\Common Files\logishrd
2012-04-02 04:23 . 2012-04-02 04:23 -------- d-----w- c:\programdata\Logitech
2012-04-02 04:23 . 2012-04-02 04:23 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-04-02 04:22 . 2012-04-04 02:37 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-04-02 04:22 . 2012-04-02 04:24 -------- d-----w- c:\program files (x86)\Logitech
2012-04-02 00:00 . 2012-04-19 02:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-24 19:21 . 2012-03-24 19:21 -------- d-----w- c:\users\Wildcat\AppData\Local\ElevatedDiagnostics
2012-03-24 17:23 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 09:10 . 2012-02-28 09:10 947472 ----a-w- c:\windows\SysWow64\msjava.dll
2012-02-23 17:18 . 2010-01-18 03:08 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 01:58 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 01:58 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 01:58 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 01:58 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 06:11 . 2012-02-14 06:11 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-14 06:11 . 2012-02-14 06:11 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-14 06:11 . 2012-02-14 06:11 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-14 06:11 . 2012-02-14 06:11 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-14 06:11 . 2012-02-14 06:11 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-14 06:11 . 2012-02-14 06:11 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-14 06:11 . 2012-02-14 06:11 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-14 06:11 . 2012-02-14 06:11 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-14 06:11 . 2012-02-14 06:11 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-14 06:11 . 2012-02-14 06:11 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-14 06:11 . 2012-02-14 06:11 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-14 06:11 . 2012-02-14 06:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-14 06:11 . 2012-02-14 06:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-14 06:11 . 2012-02-14 06:11 448512 ----a-w- c:\windows\system32\html.iec
2012-02-14 06:11 . 2012-02-14 06:11 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-14 06:11 . 2012-02-14 06:11 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-14 06:11 . 2012-02-14 06:11 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-14 06:11 . 2012-02-14 06:11 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-14 06:11 . 2012-02-14 06:11 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-14 06:11 . 2012-02-14 06:11 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-14 06:11 . 2012-02-14 06:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-14 06:11 . 2012-02-14 06:11 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-14 06:11 . 2012-02-14 06:11 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-14 06:11 . 2012-02-14 06:11 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-14 06:11 . 2012-02-14 06:11 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-14 06:11 . 2012-02-14 06:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-14 06:11 . 2012-02-14 06:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-14 06:11 . 2012-02-14 06:11 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-14 06:11 . 2012-02-14 06:11 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-14 06:11 . 2012-02-14 06:11 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-14 06:11 . 2012-02-14 06:11 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-14 06:11 . 2012-02-14 06:11 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-14 06:11 . 2012-02-14 06:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-14 06:11 . 2012-02-14 06:11 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-14 06:09 . 2012-02-14 06:09 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-14 06:09 . 2012-02-14 06:09 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-14 06:09 . 2012-02-14 06:09 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-14 06:09 . 2012-02-14 06:09 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-14 06:09 . 2012-02-14 06:09 4068864 ----a-w- c:\windows\system32\mf.dll
2012-02-14 06:09 . 2012-02-14 06:09 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-02-14 06:09 . 2012-02-14 06:09 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-14 06:09 . 2012-02-14 06:09 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-14 06:09 . 2012-02-14 06:09 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-14 06:09 . 2012-02-14 06:09 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-02-14 06:09 . 2012-02-14 06:09 206848 ----a-w- c:\windows\system32\mfps.dll
2012-02-14 06:09 . 2012-02-14 06:09 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-02-14 06:09 . 2012-02-14 06:09 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-02-14 06:09 . 2012-02-14 06:09 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-14 06:09 . 2012-02-14 06:09 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-02-14 06:09 . 2012-02-14 06:09 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-02-14 06:09 . 2012-02-14 06:09 144384 ----a-w- c:\windows\system32\cdd.dll
2012-02-14 06:09 . 2012-02-14 06:09 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-02-14 06:09 . 2012-02-14 06:09 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-02-10 06:18 . 2012-03-14 01:58 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 01:58 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 01:58 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 01:58 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 01:58 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 01:58 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 01:58 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 01:58 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 01:58 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 01:58 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16 . 2012-03-14 01:58 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:27 . 2012-03-14 01:58 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:27 . 2012-03-14 01:58 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:20 . 2012-03-14 01:58 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
c:\program files (x86)\uTorrentBar\tbuTor.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [BU]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-25 740216]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AdobeBridge"="" [BU]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-01 1242448]
"scheduler_monitor"="c:\program files (x86)\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [BU]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-11 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [BU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
.
c:\users\Wildcat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TVMOBiLiArtworkManager.lnk - c:\program files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe [2011-11-16 66048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-15 1038088]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 rcp_service;ReaConverter scheduler service;c:\program files (x86)\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TipCtrl;TipCtrl;c:\program files\uTIPu\TipCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tvMobiliService;tvMobiliService;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe [2011-11-16 1009152]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594381243-1643902856-3051444525-1001Core.job
- c:\users\Wildcat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 22:54]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1594381243-1643902856-3051444525-1001UA.job
- c:\users\Wildcat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 22:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-02 446392]
"combofix"="c:\combofix\CF13712.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vsapint
WmUsbHid
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Wildcat\AppData\Roaming\Mozilla\Firefox\Profiles\kzcz8s6v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110814&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Lvinfeefnyzcdcat\AppData\Local\Temp\21081533.exe - c:\users\Wildcat\AppData\Local\Temp\21081533.exe
Wow6432Node-HKCU-Run-Lvinfeefn149dcat\AppData\Local\Temp\1957995940.exe - c:\users\Wildcat\AppData\Local\Temp\1957995940.exe
Wow6432Node-HKCU-Run-Lvinfeefny0Adcat\AppData\Local\Temp\2150184359.exe - c:\users\Wildcat\AppData\Local\Temp\2150184359.exe
Wow6432Node-HKCU-Run-Lvinfeefnyz/dcat\AppData\Local\Temp\1810117482.exe - c:\users\Wildcat\AppData\Local\Temp\1810117482.exe
Wow6432Node-HKCU-Run-Lvinfeefn3zOdcat\AppData\Local\Temp\687813290.exe - c:\users\Wildcat\AppData\Local\Temp\687813290.exe
Wow6432Node-HKCU-Run-Lvinfeefnz0/dcat\AppData\Local\Temp\1813952354.exe - c:\users\Wildcat\AppData\Local\Temp\1813952354.exe
Wow6432Node-HKCU-Run-Lvinfeefn10+dcat\AppData\Local\Temp\2992580316.exe - c:\users\Wildcat\AppData\Local\Temp\2992580316.exe
Wow6432Node-HKCU-Run-Lvinfeefny0Adcat\AppData\Local\Temp\1071429376.exe - c:\users\Wildcat\AppData\Local\Temp\1071429376.exe
Wow6432Node-HKCU-Run-Lvinfeefn02/dcat\AppData\Local\Temp\3573774883.exe - c:\users\Wildcat\AppData\Local\Temp\3573774883.exe
Wow6432Node-HKCU-Run-Lvinfeefny2Pdcat\AppData\Local\Temp\109092872.exe - c:\users\Wildcat\AppData\Local\Temp\109092872.exe
Wow6432Node-HKCU-Run-Lvinfeefny1+dcat\AppData\Local\Temp\1106922914.exe - c:\users\Wildcat\AppData\Local\Temp\1106922914.exe
Wow6432Node-HKCU-Run-Lvinfeefn2w+dcat\AppData\Local\Temp\1699020007.exe - c:\users\Wildcat\AppData\Local\Temp\1699020007.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\S-1-5-21-1594381243-1643902856-3051444525-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{377D1512-713D-9215-FF17-D53A4D3F42E1}*]
"iaajfncfchaelmkici"=hex:6b,61,6d,6e,6b,66,6d,69,63,6c,6e,62,69,6a,67,66,6e,6f,
6a,65,6d,6e,00,00
"hakihbkeciokmkcc"=hex:6a,61,6e,6e,62,6d,67,64,6d,6a,6a,64,6a,6d,6a,63,70,65,
6c,6a,00,00
"eaikldpodh"=hex:69,61,63,61,6e,6b,63,65,62,62,69,68,70,6d,61,68,62,67,00,00
"dadkihjp"=hex:64,62,61,6a,6f,6c,6e,6b,62,61,61,64,6b,6c,6a,64,6e,67,69,69,6c,
6a,65,6b,62,6e,62,67,66,68,67,70,68,61,63,6c,63,6d,64,6b,00,00
.
[HKEY_USERS\S-1-5-21-1594381243-1643902856-3051444525-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8596FCE-1FF3-9F15-987D-3E2D21374131}*]
"eagdnlabgj"=hex:66,61,61,64,6b,67,68,6d,6d,61,6e,69,00,fc
"dabealjj"=hex:64,62,63,67,6f,63,61,6e,69,62,6c,6a,6e,6c,6a,66,63,62,67,65,62,
6d,6a,6b,63,6d,63,6c,6e,6c,64,62,6d,64,61,6d,61,61,6d,6a,00,39
.
[HKEY_USERS\S-1-5-21-1594381243-1643902856-3051444525-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:14,77,35,01,4c,1f,1a,25,2e,3e,fb,4b,d5,cd,2f,3a,84,27,fe,80,d3,31,b8,
ed,25,b1,f5,69,78,c5,77,c8,b8,ac,b5,bf,a3,c8,df,a2,7d,ec,b0,bd,52,05,bd,a8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1594381243-1643902856-3051444525-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:14,99,6f,9b,a5,07,98,4f,b3,22,04,91,13,34,61,4a,c8,67,1b,ab,31,
10,07,3f,e2,aa,e0,7d,cd,ea,55,8e,25,5f,de,51,b6,81,6e,5a,15,71,d6,d6,d5,dd,\
"rkeysecu"=hex:9d,39,7f,4f,25,42,bb,d2,3f,51,be,7c,5e,d6,c0,fc
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{377D1512-713D-9215-FF17-D53A4D3F42E1}\InProcServer32*]
"faoicehllpih"=hex:69,61,63,61,6e,6b,63,65,62,62,69,68,70,6d,61,68,62,67,00,00
"eaoifeglak"=hex:64,62,61,6a,6f,6c,6e,6b,62,61,61,64,6b,6c,6a,64,6e,67,69,69,
6c,6a,65,6b,62,6e,62,67,66,68,67,70,68,61,63,6c,63,6d,64,6b,00,00
"gaoicehllpihgc"=hex:69,61,63,61,6e,6b,63,65,62,62,69,68,70,6d,61,68,62,67,00,
00
"faoifeglakbf"=hex:64,62,61,6a,6f,6c,6e,6b,62,61,61,64,6b,6c,6a,64,6e,67,69,69,
6c,6a,65,6b,62,6e,62,67,66,68,67,70,68,61,63,6c,63,6d,64,6b,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-04-22 19:10:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-23 02:10
ComboFix2.txt 2012-04-20 01:33
.
Pre-Run: 45,754,654,720 bytes free
Post-Run: 45,421,387,776 bytes free
.
- - End Of File - - 717C6B45334C2E07045D3AC9039DCEB8




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users