Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comcast says I have a computer with email bot


  • This topic is locked This topic is locked
16 replies to this topic

#1 ladytrae

ladytrae

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 19 April 2012 - 07:04 PM

I got an email from Comcast saying one of my computers has an email bot. I went directly to comcast to verify the email itself was real. Im looking for advice on what I should use to scan for the bot as I check all my computers. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion:

1.6.0_17
Run by PDK at 19:51:22 on 2012-04-19
Microsoft Windows 7 Home Premium

6.1.7601.1.1252.1.1033.18.4025.2662 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated*

{108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated*

{ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-

4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware

\MsMpEng.exe
C:\Windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k

LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway Power Management

\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway

MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager

\IAAnotif.exe
C:\Program Files\CONEXANT\cAudioFilterAgent

\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gateway\Gateway Power Management

\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\BillP Studios\WinPatrol

\WinPatrol.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater

\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager

\IAANTMon.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware

\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k

NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management

\ePowerEvent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\plugin-

container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\PDK\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\Antimalware

\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?

b=ACGW&l=0409&m=nv54_series&r=27361209m6c6l03c0z1h5a48l1u2

77
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?

b=ACGW&l=0409&m=nv54_series&r=27361209m6c6l03c0z1h5a48l1u2

77
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?

b=ACGW&l=0409&m=nv54_series&r=27361209m6c6l03c0z1h5a48l1u2

77
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?

b=ACGW&l=0409&m=nv54_series&r=27361209m6c6l03c0z1h5a48l1u2

77
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-

fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-

8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-

cf10577473f7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-

b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-

bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f}

- C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios

\WinPatrol\winpatrol.exe -expressboot
mRun: [AdobeCS4ServiceManager] "C:\Program Files

(x86)\Common Files\Adobe\CS4ServiceManager

\CS4ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO

\PWRISOVM.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files

\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime

\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes

\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files

\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google

\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewi

ki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-

94A9-47F5-98DB-E99415F33AEC} - C:\Program Files

(x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-

E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-

CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-

windows-i586.cab
TCP: DhcpNameServer = 192.168.169.1
TCP: Interfaces\{A90068DA-B490-4CF6-91F9-404696BD3528} :

DhcpNameServer = 128.2.0.33 128.2.0.17
TCP: Interfaces\{F48D6876-23EC-4501-B6CA-3B5FA5049ACB} :

DhcpNameServer = 192.168.169.1
TCP: Interfaces\{F48D6876-23EC-4501-B6CA-

3B5FA5049ACB}\452716E4564702765756374737 : DhcpNameServer

= 192.168.169.1
TCP: Interfaces\{F48D6876-23EC-4501-B6CA-

3B5FA5049ACB}\472716E65647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F48D6876-23EC-4501-B6CA-

3B5FA5049ACB}\D4963627F64756C6F594E6E6F50323 :

DhcpNameServer = 192.168.15.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-

4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-

CF10577473F7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638

-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-

435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP

Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files

(x86)\Common Files\Adobe\CS4ServiceManager

\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO

\PWRISOVM.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common

Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes

\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common

Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PDK\AppData\Roaming\Mozilla

\Firefox\Profiles\zsx9seic.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -

hxxp://www.my.yahoo.com
FF - prefs.js: keyword.URL -

hxxp://www.google.com/search?ie=UTF-8&oe=UTF-

8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader

10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web

Player\npdivx32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight

\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live

\npOLW.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life

Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo

Gallery\NPWLPG.dll
FF - plugin: C:\Users\PDK\AppData\Local\Google\Update

\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\PDK\AppData\Roaming\Mozilla\Firefox

\Profiles\zsx9seic.default\extensions

\2020Player@2020Technologies.com\plugins\NP2020Player.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:

\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows

\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows

\system32\DRIVERS\vwififlt.sys --> C:\Windows

\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program

Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1

-3 63928]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway

\Gateway Power Management\ePowerSvc.exe [2009-11-11

844320]
R2 Greg_Service;GRegService;C:\Program Files

(x86)\Gateway\Registration\GregHSRW.exe [2009-8-28

1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows

\system32\svchost.exe -k HsfXAudioService [2009-7-13

20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files

(x86)\NewTech Infosystems\Gateway MyBackup

\IScheduleSvc.exe [2009-9-24 62720]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers

\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 Updater Service;Updater Service;C:\Program Files

\Gateway\Gateway Updater\UpdaterService.exe [2009-10-28

240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS

\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys

[?]
R3 IntcHdmiAddService;Intel® High Definition Audio

HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:

\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS

6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:

\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows

\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows

\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files

\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4

-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework

NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework

NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update

Service;C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2012-3-28 253088]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service

64;C:\Program Files\Common Files\Macrovision Shared

\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-15

1038088]
S3 ivusb;Initio Driver for USB Default Controller;C:

\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows

\system32\DRIVERS\ivusb.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:

\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows

\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series

Adapter Driver for Windows Vista 64 Bit;C:\Windows

\system32\DRIVERS\netw5v64.sys --> C:\Windows

\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:

\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows

\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS

\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS

[?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS

\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS

[?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS

\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

[?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers

\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys

[?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows

\system32\Drivers\usbaapl64.sys --> C:\Windows

\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:

\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows

\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-19 23:49:35 69000 ----a-w- C:

\ProgramData\Microsoft\Microsoft Antimalware\Definition

Updates\{FAAE7288-CED1-44D9-99FB-DD21FAE7F017}\offreg.dll
2012-04-19 01:32:53 8917360 ----a-w- C:

\ProgramData\Microsoft\Microsoft Antimalware\Definition

Updates\{FAAE7288-CED1-44D9-99FB-

DD21FAE7F017}\mpengine.dll
2012-04-17 23:57:17 8741536 ----a-w- C:

\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 17:04:56 81408 ----a-w- C:

\Windows\System32\imagehlp.dll
2012-04-13 17:04:56 23408 ----a-w- C:

\Windows\System32\drivers\fs_rec.sys
2012-04-13 17:04:56 159232 ----a-w- C:

\Windows\SysWow64\imagehlp.dll
2012-04-13 17:04:55 5120 ----a-w- C:

\Windows\SysWow64\wmi.dll
2012-04-13 17:04:55 5120 ----a-w- C:

\Windows\System32\wmi.dll
2012-04-13 17:04:55 220672 ----a-w- C:

\Windows\System32\wintrust.dll
2012-04-13 17:04:55 172544 ----a-w- C:

\Windows\SysWow64\wintrust.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program

Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program

Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-28 11:23:15 418464 ----a-w- C:

\Windows\SysWow64\FlashPlayerApp.exe
2012-03-28 07:27:04 8669240 ----a-w- C:

\ProgramData\Microsoft\Microsoft Antimalware\Definition

Updates\Backup\mpengine.dll
2012-03-22 09:43:31 592824 ----a-w- C:\Program

Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-22 09:43:31 44472 ----a-w- C:\Program

Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-17 23:57:46 70304 ----a-w- C:

\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:

\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:

\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:

\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:

\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:

\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:

\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:

\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:

\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:

\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:

\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:

\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:

\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:

\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:

\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:

\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:

\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:

\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:

\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 13:10:48 152576 ----a-w- C:

\Windows\SysWow64\msclmd.dll
2012-02-03 13:10:47 175616 ----a-w- C:

\Windows\System32\msclmd.dll
2012-02-03 04:34:34 3145728 ----a-w- C:

\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:

\Windows\System32\MpSigStub.exe
2012-01-25 06:38:39 77312 ----a-w- C:

\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:

\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:

\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 19:52:00.49 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:57 PM

Posted 20 April 2012 - 06:51 PM

Please uncheck wordwrap from your notepad, it makes the logs hard to read

thanks


please run the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:57 PM

Posted 24 April 2012 - 07:09 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:57 PM

Posted 25 April 2012 - 06:00 AM

This topic has been re-opened at the request of the person who originally posted.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ladytrae

ladytrae
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 25 April 2012 - 06:26 AM

04:46:43.0663 2104 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
04:46:44.0096 2104 ============================================================
04:46:44.0096 2104 Current date / time: 2012/04/25 04:46:44.0096
04:46:44.0096 2104 SystemInfo:
04:46:44.0096 2104
04:46:44.0096 2104 OS Version: 6.1.7601 ServicePack: 1.0
04:46:44.0096 2104 Product type: Workstation
04:46:44.0097 2104 ComputerName: GATEWAYLAPTOP
04:46:44.0097 2104 UserName: PDK
04:46:44.0097 2104 Windows directory: C:\Windows
04:46:44.0097 2104 System windows directory: C:\Windows
04:46:44.0097 2104 Running under WOW64
04:46:44.0097 2104 Processor architecture: Intel x64
04:46:44.0097 2104 Number of processors: 2
04:46:44.0097 2104 Page size: 0x1000
04:46:44.0097 2104 Boot type: Normal boot
04:46:44.0097 2104 ============================================================
04:46:44.0612 2104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:46:44.0623 2104 ============================================================
04:46:44.0623 2104 \Device\Harddisk0\DR0:
04:46:44.0624 2104 MBR partitions:
04:46:44.0624 2104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
04:46:44.0624 2104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
04:46:44.0624 2104 ============================================================
04:46:44.0674 2104 C: <-> \Device\Harddisk0\DR0\Partition1
04:46:44.0674 2104 ============================================================
04:46:44.0674 2104 Initialize success
04:46:44.0674 2104 ============================================================
04:47:39.0031 2536 ============================================================
04:47:39.0031 2536 Scan started
04:47:39.0032 2536 Mode: Manual; TDLFS;
04:47:39.0032 2536 ============================================================
04:47:39.0391 2536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:47:39.0402 2536 1394ohci - ok
04:47:39.0479 2536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:47:39.0484 2536 ACPI - ok
04:47:39.0518 2536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:47:39.0519 2536 AcpiPmi - ok
04:47:39.0566 2536 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
04:47:39.0568 2536 adfs - ok
04:47:39.0706 2536 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:47:39.0708 2536 AdobeARMservice - ok
04:47:39.0834 2536 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:47:39.0845 2536 AdobeFlashPlayerUpdateSvc - ok
04:47:39.0918 2536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:47:39.0950 2536 adp94xx - ok
04:47:40.0007 2536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:47:40.0024 2536 adpahci - ok
04:47:40.0066 2536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:47:40.0090 2536 adpu320 - ok
04:47:40.0159 2536 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:47:40.0161 2536 AeLookupSvc - ok
04:47:40.0235 2536 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:47:40.0242 2536 AFD - ok
04:47:40.0302 2536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:47:40.0304 2536 agp440 - ok
04:47:40.0325 2536 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:47:40.0328 2536 ALG - ok
04:47:40.0351 2536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:47:40.0352 2536 aliide - ok
04:47:40.0367 2536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:47:40.0369 2536 amdide - ok
04:47:40.0400 2536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:47:40.0402 2536 AmdK8 - ok
04:47:40.0424 2536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:47:40.0426 2536 AmdPPM - ok
04:47:40.0480 2536 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:47:40.0483 2536 amdsata - ok
04:47:40.0518 2536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:47:40.0531 2536 amdsbs - ok
04:47:40.0549 2536 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:47:40.0550 2536 amdxata - ok
04:47:40.0610 2536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:47:40.0612 2536 AppID - ok
04:47:40.0641 2536 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:47:40.0643 2536 AppIDSvc - ok
04:47:40.0685 2536 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
04:47:40.0688 2536 Appinfo - ok
04:47:40.0787 2536 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:47:40.0789 2536 Apple Mobile Device - ok
04:47:40.0826 2536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:47:40.0828 2536 arc - ok
04:47:40.0845 2536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:47:40.0847 2536 arcsas - ok
04:47:40.0884 2536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:47:40.0886 2536 AsyncMac - ok
04:47:40.0937 2536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:47:40.0938 2536 atapi - ok
04:47:41.0079 2536 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
04:47:41.0123 2536 athr - ok
04:47:41.0306 2536 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:47:41.0323 2536 AudioEndpointBuilder - ok
04:47:41.0335 2536 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:47:41.0343 2536 AudioSrv - ok
04:47:41.0394 2536 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
04:47:41.0400 2536 AxInstSV - ok
04:47:41.0488 2536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:47:41.0496 2536 b06bdrv - ok
04:47:41.0547 2536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:47:41.0554 2536 b57nd60a - ok
04:47:41.0681 2536 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
04:47:41.0714 2536 BCM43XX - ok
04:47:41.0755 2536 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:47:41.0758 2536 BDESVC - ok
04:47:41.0818 2536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:47:41.0819 2536 Beep - ok
04:47:41.0932 2536 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
04:47:41.0946 2536 BFE - ok
04:47:42.0056 2536 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
04:47:42.0082 2536 BITS - ok
04:47:42.0140 2536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:47:42.0151 2536 blbdrive - ok
04:47:42.0255 2536 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
04:47:42.0268 2536 Bonjour Service - ok
04:47:42.0321 2536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:47:42.0323 2536 bowser - ok
04:47:42.0363 2536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:47:42.0365 2536 BrFiltLo - ok
04:47:42.0384 2536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:47:42.0386 2536 BrFiltUp - ok
04:47:42.0421 2536 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
04:47:42.0437 2536 Browser - ok
04:47:42.0481 2536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:47:42.0491 2536 Brserid - ok
04:47:42.0512 2536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:47:42.0514 2536 BrSerWdm - ok
04:47:42.0534 2536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:47:42.0535 2536 BrUsbMdm - ok
04:47:42.0553 2536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:47:42.0555 2536 BrUsbSer - ok
04:47:42.0577 2536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:47:42.0580 2536 BTHMODEM - ok
04:47:42.0633 2536 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:47:42.0635 2536 bthserv - ok
04:47:42.0699 2536 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
04:47:42.0709 2536 CAXHWAZL - ok
04:47:42.0728 2536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:47:42.0731 2536 cdfs - ok
04:47:42.0780 2536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
04:47:42.0803 2536 cdrom - ok
04:47:42.0853 2536 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:47:42.0856 2536 CertPropSvc - ok
04:47:42.0886 2536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:47:42.0888 2536 circlass - ok
04:47:42.0941 2536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:47:42.0947 2536 CLFS - ok
04:47:43.0024 2536 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:47:43.0034 2536 clr_optimization_v2.0.50727_32 - ok
04:47:43.0073 2536 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:47:43.0075 2536 clr_optimization_v2.0.50727_64 - ok
04:47:43.0173 2536 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:47:43.0176 2536 clr_optimization_v4.0.30319_32 - ok
04:47:43.0254 2536 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:47:43.0258 2536 clr_optimization_v4.0.30319_64 - ok
04:47:43.0285 2536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:47:43.0287 2536 CmBatt - ok
04:47:43.0314 2536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:47:43.0316 2536 cmdide - ok
04:47:43.0382 2536 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:47:43.0390 2536 CNG - ok
04:47:43.0476 2536 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
04:47:43.0494 2536 CnxtHdAudService - ok
04:47:43.0535 2536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:47:43.0536 2536 Compbatt - ok
04:47:43.0584 2536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:47:43.0586 2536 CompositeBus - ok
04:47:43.0604 2536 COMSysApp - ok
04:47:43.0627 2536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:47:43.0629 2536 crcdisk - ok
04:47:43.0691 2536 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
04:47:43.0704 2536 CryptSvc - ok
04:47:43.0780 2536 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:47:43.0791 2536 DcomLaunch - ok
04:47:43.0838 2536 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:47:43.0847 2536 defragsvc - ok
04:47:43.0902 2536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:47:43.0931 2536 DfsC - ok
04:47:44.0001 2536 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
04:47:44.0031 2536 Dhcp - ok
04:47:44.0087 2536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:47:44.0088 2536 discache - ok
04:47:44.0137 2536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:47:44.0139 2536 Disk - ok
04:47:44.0211 2536 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
04:47:44.0225 2536 Dnscache - ok
04:47:44.0286 2536 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
04:47:44.0297 2536 dot3svc - ok
04:47:44.0328 2536 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
04:47:44.0343 2536 DPS - ok
04:47:44.0371 2536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:47:44.0373 2536 drmkaud - ok
04:47:44.0474 2536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:47:44.0484 2536 DXGKrnl - ok
04:47:44.0526 2536 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:47:44.0532 2536 EapHost - ok
04:47:44.0762 2536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:47:44.0826 2536 ebdrv - ok
04:47:44.0947 2536 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
04:47:44.0951 2536 EFS - ok
04:47:45.0058 2536 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
04:47:45.0072 2536 ehRecvr - ok
04:47:45.0109 2536 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:47:45.0125 2536 ehSched - ok
04:47:45.0177 2536 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
04:47:45.0178 2536 ElbyCDIO - ok
04:47:45.0249 2536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:47:45.0267 2536 elxstor - ok
04:47:45.0437 2536 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
04:47:45.0455 2536 ePowerSvc - ok
04:47:45.0579 2536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:47:45.0580 2536 ErrDev - ok
04:47:45.0650 2536 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:47:45.0665 2536 EventSystem - ok
04:47:45.0713 2536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:47:45.0725 2536 exfat - ok
04:47:45.0770 2536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:47:45.0783 2536 fastfat - ok
04:47:45.0862 2536 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
04:47:45.0876 2536 Fax - ok
04:47:45.0906 2536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:47:45.0908 2536 fdc - ok
04:47:45.0943 2536 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:47:45.0946 2536 fdPHost - ok
04:47:45.0966 2536 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:47:45.0968 2536 FDResPub - ok
04:47:45.0986 2536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:47:45.0988 2536 FileInfo - ok
04:47:46.0001 2536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:47:46.0002 2536 Filetrace - ok
04:47:46.0148 2536 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
04:47:46.0171 2536 FLEXnet Licensing Service - ok
04:47:46.0300 2536 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
04:47:46.0324 2536 FLEXnet Licensing Service 64 - ok
04:47:46.0452 2536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:47:46.0454 2536 flpydisk - ok
04:47:46.0507 2536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:47:46.0512 2536 FltMgr - ok
04:47:46.0629 2536 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
04:47:46.0658 2536 FontCache - ok
04:47:46.0745 2536 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:47:46.0747 2536 FontCache3.0.0.0 - ok
04:47:46.0797 2536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:47:46.0800 2536 FsDepends - ok
04:47:46.0832 2536 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
04:47:46.0834 2536 Fs_Rec - ok
04:47:46.0890 2536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:47:46.0894 2536 fvevol - ok
04:47:46.0925 2536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:47:46.0927 2536 gagp30kx - ok
04:47:47.0040 2536 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
04:47:47.0050 2536 GameConsoleService - ok
04:47:47.0077 2536 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:47:47.0078 2536 GEARAspiWDM - ok
04:47:47.0178 2536 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
04:47:47.0197 2536 gpsvc - ok
04:47:47.0343 2536 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
04:47:47.0375 2536 Greg_Service - ok
04:47:47.0441 2536 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:47:47.0454 2536 gusvc - ok
04:47:47.0595 2536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:47:47.0596 2536 hcw85cir - ok
04:47:47.0670 2536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:47:47.0688 2536 HdAudAddService - ok
04:47:47.0730 2536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:47:47.0733 2536 HDAudBus - ok
04:47:47.0748 2536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:47:47.0750 2536 HidBatt - ok
04:47:47.0777 2536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:47:47.0780 2536 HidBth - ok
04:47:47.0806 2536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:47:47.0808 2536 HidIr - ok
04:47:47.0844 2536 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
04:47:47.0846 2536 hidserv - ok
04:47:47.0872 2536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:47:47.0874 2536 HidUsb - ok
04:47:47.0918 2536 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
04:47:47.0922 2536 hkmsvc - ok
04:47:47.0985 2536 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
04:47:48.0029 2536 HomeGroupListener - ok
04:47:48.0085 2536 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
04:47:48.0098 2536 HomeGroupProvider - ok
04:47:48.0123 2536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:47:48.0126 2536 HpSAMD - ok
04:47:48.0255 2536 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
04:47:48.0269 2536 HsfXAudioService - ok
04:47:48.0393 2536 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
04:47:48.0430 2536 HSF_DPV - ok
04:47:48.0624 2536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:47:48.0636 2536 HTTP - ok
04:47:48.0669 2536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:47:48.0670 2536 hwpolicy - ok
04:47:48.0737 2536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:47:48.0739 2536 i8042prt - ok
04:47:48.0850 2536 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
04:47:48.0867 2536 IAANTMON - ok
04:47:48.0934 2536 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
04:47:48.0938 2536 iaStor - ok
04:47:49.0012 2536 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:47:49.0059 2536 iaStorV - ok
04:47:49.0219 2536 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:47:49.0234 2536 idsvc - ok
04:47:49.0771 2536 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
04:47:49.0914 2536 igfx - ok
04:47:50.0051 2536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:47:50.0053 2536 iirsp - ok
04:47:50.0146 2536 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
04:47:50.0161 2536 IKEEXT - ok
04:47:50.0231 2536 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
04:47:50.0247 2536 IntcHdmiAddService - ok
04:47:50.0289 2536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:47:50.0291 2536 intelide - ok
04:47:50.0328 2536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:47:50.0330 2536 intelppm - ok
04:47:50.0355 2536 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:47:50.0359 2536 IPBusEnum - ok
04:47:50.0392 2536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:47:50.0394 2536 IpFilterDriver - ok
04:47:50.0450 2536 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
04:47:50.0460 2536 iphlpsvc - ok
04:47:50.0496 2536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:47:50.0499 2536 IPMIDRV - ok
04:47:50.0527 2536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:47:50.0533 2536 IPNAT - ok
04:47:50.0680 2536 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
04:47:50.0698 2536 iPod Service - ok
04:47:50.0726 2536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:47:50.0727 2536 IRENUM - ok
04:47:50.0762 2536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:47:50.0764 2536 isapnp - ok
04:47:50.0806 2536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:47:50.0815 2536 iScsiPrt - ok
04:47:50.0858 2536 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
04:47:50.0860 2536 ivusb - ok
04:47:50.0912 2536 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
04:47:50.0916 2536 k57nd60a - ok
04:47:50.0952 2536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
04:47:50.0953 2536 kbdclass - ok
04:47:50.0992 2536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:47:50.0994 2536 kbdhid - ok
04:47:51.0028 2536 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:47:51.0031 2536 KeyIso - ok
04:47:51.0052 2536 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:47:51.0055 2536 KSecDD - ok
04:47:51.0083 2536 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:47:51.0086 2536 KSecPkg - ok
04:47:51.0107 2536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:47:51.0108 2536 ksthunk - ok
04:47:51.0158 2536 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:47:51.0174 2536 KtmRm - ok
04:47:51.0207 2536 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
04:47:51.0209 2536 L1E - ok
04:47:51.0265 2536 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
04:47:51.0276 2536 LanmanServer - ok
04:47:51.0327 2536 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
04:47:51.0344 2536 LanmanWorkstation - ok
04:47:51.0380 2536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:47:51.0382 2536 lltdio - ok
04:47:51.0429 2536 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:47:51.0448 2536 lltdsvc - ok
04:47:51.0461 2536 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:47:51.0464 2536 lmhosts - ok
04:47:51.0518 2536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:47:51.0521 2536 LSI_FC - ok
04:47:51.0534 2536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:47:51.0537 2536 LSI_SAS - ok
04:47:51.0562 2536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:47:51.0564 2536 LSI_SAS2 - ok
04:47:51.0592 2536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:47:51.0609 2536 LSI_SCSI - ok
04:47:51.0639 2536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:47:51.0642 2536 luafv - ok
04:47:51.0685 2536 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
04:47:51.0734 2536 mcdbus - ok
04:47:51.0766 2536 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
04:47:51.0769 2536 Mcx2Svc - ok
04:47:51.0797 2536 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
04:47:51.0798 2536 mdmxsdk - ok
04:47:51.0820 2536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:47:51.0822 2536 megasas - ok
04:47:51.0856 2536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:47:51.0866 2536 MegaSR - ok
04:47:51.0905 2536 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:47:51.0912 2536 MMCSS - ok
04:47:51.0934 2536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:47:51.0936 2536 Modem - ok
04:47:51.0953 2536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:47:51.0954 2536 monitor - ok
04:47:52.0000 2536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
04:47:52.0001 2536 mouclass - ok
04:47:52.0033 2536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:47:52.0035 2536 mouhid - ok
04:47:52.0078 2536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:47:52.0080 2536 mountmgr - ok
04:47:52.0135 2536 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
04:47:52.0138 2536 MpFilter - ok
04:47:52.0183 2536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:47:52.0198 2536 mpio - ok
04:47:52.0240 2536 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
04:47:52.0242 2536 MpNWMon - ok
04:47:52.0259 2536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:47:52.0261 2536 mpsdrv - ok
04:47:52.0351 2536 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
04:47:52.0368 2536 MpsSvc - ok
04:47:52.0413 2536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:47:52.0428 2536 MRxDAV - ok
04:47:52.0470 2536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:47:52.0484 2536 mrxsmb - ok
04:47:52.0517 2536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:47:52.0525 2536 mrxsmb10 - ok
04:47:52.0546 2536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:47:52.0562 2536 mrxsmb20 - ok
04:47:52.0607 2536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:47:52.0608 2536 msahci - ok
04:47:52.0648 2536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:47:52.0652 2536 msdsm - ok
04:47:52.0692 2536 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:47:52.0708 2536 MSDTC - ok
04:47:52.0764 2536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:47:52.0765 2536 Msfs - ok
04:47:52.0788 2536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:47:52.0789 2536 mshidkmdf - ok
04:47:52.0823 2536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:47:52.0824 2536 msisadrv - ok
04:47:52.0878 2536 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:47:52.0893 2536 MSiSCSI - ok
04:47:52.0899 2536 msiserver - ok
04:47:52.0927 2536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:47:52.0929 2536 MSKSSRV - ok
04:47:53.0033 2536 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
04:47:53.0034 2536 MsMpSvc - ok
04:47:53.0058 2536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:47:53.0059 2536 MSPCLOCK - ok
04:47:53.0070 2536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:47:53.0072 2536 MSPQM - ok
04:47:53.0138 2536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:47:53.0144 2536 MsRPC - ok
04:47:53.0195 2536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:47:53.0196 2536 mssmbios - ok
04:47:53.0215 2536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:47:53.0217 2536 MSTEE - ok
04:47:53.0234 2536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:47:53.0235 2536 MTConfig - ok
04:47:53.0267 2536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:47:53.0268 2536 Mup - ok
04:47:53.0335 2536 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
04:47:53.0356 2536 napagent - ok
04:47:53.0407 2536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:47:53.0425 2536 NativeWifiP - ok
04:47:53.0519 2536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:47:53.0536 2536 NDIS - ok
04:47:53.0550 2536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:47:53.0552 2536 NdisCap - ok
04:47:53.0585 2536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:47:53.0587 2536 NdisTapi - ok
04:47:53.0636 2536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:47:53.0639 2536 Ndisuio - ok
04:47:53.0687 2536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:47:53.0702 2536 NdisWan - ok
04:47:53.0740 2536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:47:53.0742 2536 NDProxy - ok
04:47:53.0755 2536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:47:53.0757 2536 NetBIOS - ok
04:47:53.0806 2536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:47:53.0810 2536 NetBT - ok
04:47:53.0852 2536 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:47:53.0855 2536 Netlogon - ok
04:47:53.0909 2536 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:47:53.0917 2536 Netman - ok
04:47:53.0964 2536 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:47:53.0974 2536 netprofm - ok
04:47:54.0036 2536 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:47:54.0039 2536 NetTcpPortSharing - ok
04:47:54.0388 2536 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
04:47:54.0509 2536 netw5v64 - ok
04:47:54.0661 2536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:47:54.0663 2536 nfrd960 - ok
04:47:54.0721 2536 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:47:54.0723 2536 NisDrv - ok
04:47:54.0837 2536 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
04:47:54.0843 2536 NisSrv - ok
04:47:54.0917 2536 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
04:47:54.0937 2536 NlaSvc - ok
04:47:54.0963 2536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:47:54.0965 2536 Npfs - ok
04:47:54.0992 2536 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:47:54.0995 2536 nsi - ok
04:47:55.0016 2536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:47:55.0017 2536 nsiproxy - ok
04:47:55.0164 2536 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:47:55.0190 2536 Ntfs - ok
04:47:55.0281 2536 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
04:47:55.0283 2536 NTI IScheduleSvc - ok
04:47:55.0395 2536 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
04:47:55.0396 2536 NTIDrvr - ok
04:47:55.0434 2536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:47:55.0436 2536 Null - ok
04:47:55.0492 2536 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:47:55.0509 2536 nvraid - ok
04:47:55.0549 2536 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:47:55.0564 2536 nvstor - ok
04:47:55.0606 2536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:47:55.0622 2536 nv_agp - ok
04:47:55.0716 2536 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:47:55.0728 2536 odserv - ok
04:47:55.0763 2536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:47:55.0765 2536 ohci1394 - ok
04:47:55.0805 2536 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:47:55.0820 2536 ose - ok
04:47:55.0868 2536 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:47:55.0876 2536 p2pimsvc - ok
04:47:55.0919 2536 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:47:55.0941 2536 p2psvc - ok
04:47:55.0973 2536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:47:55.0976 2536 Parport - ok
04:47:56.0024 2536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:47:56.0026 2536 partmgr - ok
04:47:56.0079 2536 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:47:56.0092 2536 PcaSvc - ok
04:47:56.0142 2536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:47:56.0146 2536 pci - ok
04:47:56.0171 2536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:47:56.0173 2536 pciide - ok
04:47:56.0211 2536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:47:56.0223 2536 pcmcia - ok
04:47:56.0271 2536 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
04:47:56.0274 2536 pcouffin - ok
04:47:56.0293 2536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:47:56.0294 2536 pcw - ok
04:47:56.0350 2536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:47:56.0363 2536 PEAUTH - ok
04:47:56.0439 2536 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:47:56.0442 2536 PerfHost - ok
04:47:56.0581 2536 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
04:47:56.0621 2536 pla - ok
04:47:56.0679 2536 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
04:47:56.0693 2536 PlugPlay - ok
04:47:56.0719 2536 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:47:56.0722 2536 PNRPAutoReg - ok
04:47:56.0757 2536 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:47:56.0763 2536 PNRPsvc - ok
04:47:56.0814 2536 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
04:47:56.0835 2536 PolicyAgent - ok
04:47:56.0874 2536 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:47:56.0880 2536 Power - ok
04:47:56.0958 2536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:47:56.0964 2536 PptpMiniport - ok
04:47:56.0998 2536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:47:57.0000 2536 Processor - ok
04:47:57.0046 2536 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
04:47:57.0059 2536 ProfSvc - ok
04:47:57.0099 2536 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:47:57.0102 2536 ProtectedStorage - ok
04:47:57.0160 2536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:47:57.0163 2536 Psched - ok
04:47:57.0296 2536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:47:57.0329 2536 ql2300 - ok
04:47:57.0467 2536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:47:57.0472 2536 ql40xx - ok
04:47:57.0520 2536 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:47:57.0530 2536 QWAVE - ok
04:47:57.0551 2536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:47:57.0553 2536 QWAVEdrv - ok
04:47:57.0567 2536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:47:57.0568 2536 RasAcd - ok
04:47:57.0633 2536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:47:57.0635 2536 RasAgileVpn - ok
04:47:57.0662 2536 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:47:57.0667 2536 RasAuto - ok
04:47:57.0715 2536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:47:57.0718 2536 Rasl2tp - ok
04:47:57.0777 2536 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
04:47:57.0795 2536 RasMan - ok
04:47:57.0812 2536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:47:57.0815 2536 RasPppoe - ok
04:47:57.0835 2536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:47:57.0837 2536 RasSstp - ok
04:47:57.0888 2536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:47:57.0907 2536 rdbss - ok
04:47:57.0935 2536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:47:57.0936 2536 rdpbus - ok
04:47:57.0952 2536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:47:57.0953 2536 RDPCDD - ok
04:47:57.0990 2536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:47:57.0991 2536 RDPENCDD - ok
04:47:58.0003 2536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:47:58.0004 2536 RDPREFMP - ok
04:47:58.0051 2536 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
04:47:58.0063 2536 RDPWD - ok
04:47:58.0106 2536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:47:58.0110 2536 rdyboost - ok
04:47:58.0154 2536 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:47:58.0170 2536 RemoteAccess - ok
04:47:58.0210 2536 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:47:58.0226 2536 RemoteRegistry - ok
04:47:58.0262 2536 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:47:58.0266 2536 RpcEptMapper - ok
04:47:58.0293 2536 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:47:58.0296 2536 RpcLocator - ok
04:47:58.0367 2536 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:47:58.0376 2536 RpcSs - ok
04:47:58.0415 2536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:47:58.0417 2536 rspndr - ok
04:47:58.0484 2536 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
04:47:58.0497 2536 RSUSBSTOR - ok
04:47:58.0504 2536 RtsUIR - ok
04:47:58.0545 2536 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:47:58.0547 2536 SamSs - ok
04:47:58.0601 2536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:47:58.0604 2536 sbp2port - ok
04:47:58.0658 2536 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:47:58.0671 2536 SCardSvr - ok
04:47:58.0730 2536 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
04:47:58.0762 2536 SCDEmu - ok
04:47:58.0790 2536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:47:58.0791 2536 scfilter - ok
04:47:58.0899 2536 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
04:47:58.0932 2536 Schedule - ok
04:47:58.0974 2536 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:47:58.0976 2536 SCPolicySvc - ok
04:47:59.0027 2536 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
04:47:59.0041 2536 SDRSVC - ok
04:47:59.0094 2536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:47:59.0095 2536 secdrv - ok
04:47:59.0132 2536 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
04:47:59.0136 2536 seclogon - ok
04:47:59.0172 2536 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
04:47:59.0177 2536 SENS - ok
04:47:59.0209 2536 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:47:59.0213 2536 SensrSvc - ok
04:47:59.0243 2536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:47:59.0245 2536 Serenum - ok
04:47:59.0288 2536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:47:59.0291 2536 Serial - ok
04:47:59.0338 2536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:47:59.0340 2536 sermouse - ok
04:47:59.0389 2536 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
04:47:59.0405 2536 SessionEnv - ok
04:47:59.0436 2536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:47:59.0438 2536 sffdisk - ok
04:47:59.0451 2536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:47:59.0453 2536 sffp_mmc - ok
04:47:59.0466 2536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:47:59.0467 2536 sffp_sd - ok
04:47:59.0492 2536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:47:59.0493 2536 sfloppy - ok
04:47:59.0551 2536 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:47:59.0567 2536 SharedAccess - ok
04:47:59.0622 2536 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
04:47:59.0637 2536 ShellHWDetection - ok
04:47:59.0663 2536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:47:59.0665 2536 SiSRaid2 - ok
04:47:59.0689 2536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:47:59.0691 2536 SiSRaid4 - ok
04:47:59.0725 2536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:47:59.0728 2536 Smb - ok
04:47:59.0782 2536 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:47:59.0787 2536 SNMPTRAP - ok
04:47:59.0803 2536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:47:59.0804 2536 spldr - ok
04:47:59.0877 2536 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
04:47:59.0895 2536 Spooler - ok
04:48:00.0160 2536 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
04:48:00.0222 2536 sppsvc - ok
04:48:00.0346 2536 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:48:00.0350 2536 sppuinotify - ok
04:48:00.0438 2536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:48:00.0448 2536 srv - ok
04:48:00.0493 2536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:48:00.0507 2536 srv2 - ok
04:48:00.0570 2536 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
04:48:00.0577 2536 SrvHsfHDA - ok
04:48:00.0685 2536 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
04:48:00.0732 2536 SrvHsfV92 - ok
04:48:00.0909 2536 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
04:48:00.0922 2536 SrvHsfWinac - ok
04:48:00.0961 2536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:48:00.0975 2536 srvnet - ok
04:48:01.0022 2536 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:48:01.0029 2536 SSDPSRV - ok
04:48:01.0078 2536 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
04:48:01.0079 2536 SSPORT - ok
04:48:01.0099 2536 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:48:01.0104 2536 SstpSvc - ok
04:48:01.0131 2536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:48:01.0133 2536 stexstor - ok
04:48:01.0202 2536 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
04:48:01.0240 2536 stisvc - ok
04:48:01.0268 2536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:48:01.0269 2536 swenum - ok
04:48:01.0322 2536 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:48:01.0342 2536 swprv - ok
04:48:01.0398 2536 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
04:48:01.0401 2536 SynTP - ok
04:48:01.0550 2536 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
04:48:01.0585 2536 SysMain - ok
04:48:01.0697 2536 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
04:48:01.0704 2536 TabletInputService - ok
04:48:01.0758 2536 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
04:48:01.0776 2536 TapiSrv - ok
04:48:01.0815 2536 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:48:01.0823 2536 TBS - ok
04:48:02.0017 2536 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:48:02.0062 2536 Tcpip - ok
04:48:02.0267 2536 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:48:02.0286 2536 TCPIP6 - ok
04:48:02.0384 2536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:48:02.0386 2536 tcpipreg - ok
04:48:02.0433 2536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:48:02.0435 2536 TDPIPE - ok
04:48:02.0465 2536 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
04:48:02.0467 2536 TDTCP - ok
04:48:02.0526 2536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:48:02.0529 2536 tdx - ok
04:48:02.0562 2536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:48:02.0564 2536 TermDD - ok
04:48:02.0631 2536 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
04:48:02.0648 2536 TermService - ok
04:48:02.0681 2536 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:48:02.0685 2536 Themes - ok
04:48:02.0711 2536 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:48:02.0714 2536 THREADORDER - ok
04:48:02.0741 2536 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:48:02.0757 2536 TrkWks - ok
04:48:02.0820 2536 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
04:48:02.0833 2536 TrustedInstaller - ok
04:48:02.0876 2536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:48:02.0878 2536 tssecsrv - ok
04:48:02.0945 2536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:48:02.0948 2536 TsUsbFlt - ok
04:48:03.0024 2536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:48:03.0026 2536 tunnel - ok
04:48:03.0060 2536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:48:03.0062 2536 uagp35 - ok
04:48:03.0101 2536 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
04:48:03.0102 2536 UBHelper - ok
04:48:03.0153 2536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:48:03.0170 2536 udfs - ok
04:48:03.0205 2536 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:48:03.0210 2536 UI0Detect - ok
04:48:03.0257 2536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:48:03.0259 2536 uliagpkx - ok
04:48:03.0314 2536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:48:03.0316 2536 umbus - ok
04:48:03.0346 2536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:48:03.0348 2536 UmPass - ok
04:48:03.0433 2536 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
04:48:03.0443 2536 Updater Service - ok
04:48:03.0482 2536 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:48:03.0499 2536 upnphost - ok
04:48:03.0547 2536 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
04:48:03.0550 2536 USBAAPL64 - ok
04:48:03.0586 2536 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:48:03.0589 2536 usbccgp - ok
04:48:03.0600 2536 USBCCID - ok
04:48:03.0648 2536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:48:03.0651 2536 usbcir - ok
04:48:03.0681 2536 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
04:48:03.0683 2536 usbehci - ok
04:48:03.0728 2536 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:48:03.0741 2536 usbhub - ok
04:48:03.0765 2536 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:48:03.0767 2536 usbohci - ok
04:48:03.0809 2536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:48:03.0810 2536 usbprint - ok
04:48:03.0881 2536 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:48:03.0883 2536 usbscan - ok
04:48:03.0913 2536 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:48:03.0927 2536 USBSTOR - ok
04:48:03.0952 2536 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
04:48:03.0953 2536 usbuhci - ok
04:48:04.0023 2536 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
04:48:04.0036 2536 usbvideo - ok
04:48:04.0060 2536 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:48:04.0065 2536 UxSms - ok
04:48:04.0103 2536 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:48:04.0106 2536 VaultSvc - ok
04:48:04.0153 2536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:48:04.0154 2536 vdrvroot - ok
04:48:04.0227 2536 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
04:48:04.0245 2536 vds - ok
04:48:04.0277 2536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:48:04.0279 2536 vga - ok
04:48:04.0295 2536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:48:04.0297 2536 VgaSave - ok
04:48:04.0337 2536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:48:04.0348 2536 vhdmp - ok
04:48:04.0369 2536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:48:04.0371 2536 viaide - ok
04:48:04.0414 2536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:48:04.0416 2536 volmgr - ok
04:48:04.0484 2536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:48:04.0490 2536 volmgrx - ok
04:48:04.0525 2536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:48:04.0530 2536 volsnap - ok
04:48:04.0569 2536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:48:04.0583 2536 vsmraid - ok
04:48:04.0719 2536 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
04:48:04.0760 2536 VSS - ok
04:48:04.0896 2536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
04:48:04.0897 2536 vwifibus - ok
04:48:04.0912 2536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:48:04.0914 2536 vwififlt - ok
04:48:04.0968 2536 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:48:04.0982 2536 W32Time - ok
04:48:05.0009 2536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:48:05.0011 2536 WacomPen - ok
04:48:05.0067 2536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:48:05.0069 2536 WANARP - ok
04:48:05.0081 2536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:48:05.0083 2536 Wanarpv6 - ok
04:48:05.0238 2536 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:48:05.0266 2536 WatAdminSvc - ok
04:48:05.0399 2536 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
04:48:05.0433 2536 wbengine - ok
04:48:05.0557 2536 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:48:05.0569 2536 WbioSrvc - ok
04:48:05.0628 2536 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
04:48:05.0644 2536 wcncsvc - ok
04:48:05.0668 2536 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:48:05.0673 2536 WcsPlugInService - ok
04:48:05.0715 2536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:48:05.0717 2536 Wd - ok
04:48:05.0772 2536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:48:05.0783 2536 Wdf01000 - ok
04:48:05.0807 2536 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:48:05.0825 2536 WdiServiceHost - ok
04:48:05.0831 2536 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:48:05.0836 2536 WdiSystemHost - ok
04:48:05.0894 2536 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
04:48:05.0914 2536 WebClient - ok
04:48:05.0967 2536 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:48:05.0989 2536 Wecsvc - ok
04:48:06.0025 2536 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:48:06.0032 2536 wercplsupport - ok
04:48:06.0071 2536 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:48:06.0079 2536 WerSvc - ok
04:48:06.0137 2536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:48:06.0139 2536 WfpLwf - ok
04:48:06.0159 2536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:48:06.0161 2536 WIMMount - ok
04:48:06.0254 2536 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
04:48:06.0266 2536 winachsf - ok
04:48:06.0305 2536 WinDefend - ok
04:48:06.0315 2536 WinHttpAutoProxySvc - ok
04:48:06.0380 2536 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:48:06.0391 2536 Winmgmt - ok
04:48:06.0561 2536 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
04:48:06.0602 2536 WinRM - ok
04:48:06.0759 2536 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
04:48:06.0761 2536 WinUsb - ok
04:48:06.0854 2536 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:48:06.0878 2536 Wlansvc - ok
04:48:07.0109 2536 wlidsvc (e23a257a54fa12c2aef8ad51e6556357) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:48:07.0148 2536 wlidsvc - ok
04:48:07.0284 2536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:48:07.0285 2536 WmiAcpi - ok
04:48:07.0348 2536 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:48:07.0360 2536 wmiApSrv - ok
04:48:07.0414 2536 WMPNetworkSvc - ok
04:48:07.0449 2536 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:48:07.0453 2536 WPCSvc - ok
04:48:07.0503 2536 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
04:48:07.0520 2536 WPDBusEnum - ok
04:48:07.0550 2536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:48:07.0551 2536 ws2ifsl - ok
04:48:07.0583 2536 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
04:48:07.0601 2536 wscsvc - ok
04:48:07.0608 2536 WSearch - ok
04:48:07.0808 2536 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
04:48:07.0854 2536 wuauserv - ok
04:48:07.0994 2536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:48:07.0997 2536 WudfPf - ok
04:48:08.0044 2536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:48:08.0057 2536 WUDFRd - ok
04:48:08.0121 2536 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
04:48:08.0128 2536 wudfsvc - ok
04:48:08.0173 2536 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:48:08.0184 2536 WwanSvc - ok
04:48:08.0219 2536 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
04:48:08.0220 2536 XAudio - ok
04:48:08.0253 2536 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
04:48:08.0444 2536 \Device\Harddisk0\DR0 - ok
04:48:08.0449 2536 Boot (0x1200) (2c99732e23d82c49aa2cbbe826095d75) \Device\Harddisk0\DR0\Partition0
04:48:08.0451 2536 \Device\Harddisk0\DR0\Partition0 - ok
04:48:08.0480 2536 Boot (0x1200) (42f39f3c483338cbc01aaaa87fce5091) \Device\Harddisk0\DR0\Partition1
04:48:08.0482 2536 \Device\Harddisk0\DR0\Partition1 - ok
04:48:08.0483 2536 ============================================================
04:48:08.0483 2536 Scan finished
04:48:08.0483 2536 ============================================================
04:48:08.0504 3736 Detected object count: 0
04:48:08.0504 3736 Actual detected object count: 0
04:48:28.0019 0840 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 04:49:39
-----------------------------
04:49:39.152 OS Version: Windows x64 6.1.7601 Service Pack 1
04:49:39.152 Number of processors: 2 586 0x170A
04:49:39.153 ComputerName: GATEWAYLAPTOP UserName: PDK
04:49:40.097 Initialize success
04:51:34.489 AVAST engine defs: 12042500
04:51:52.985 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:51:52.989 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
04:51:53.005 Disk 0 MBR read successfully
04:51:53.010 Disk 0 MBR scan
04:51:53.025 Disk 0 Windows VISTA default MBR code
04:51:53.041 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
04:51:53.083 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
04:51:53.154 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293143 MB offset 24782848
04:51:53.300 Disk 0 scanning C:\Windows\system32\drivers
04:52:09.642 Service scanning
04:52:46.202 Modules scanning
04:52:46.216 Disk 0 trace - called modules:
04:52:46.305 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:52:46.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005786060]
04:52:46.325 3 CLASSPNP.SYS[fffff88001bbc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046b2050]
04:52:47.581 AVAST engine scan C:\Windows
04:52:52.774 AVAST engine scan C:\Windows\system32
04:57:39.753 AVAST engine scan C:\Windows\system32\drivers
04:57:58.076 AVAST engine scan C:\Users\PDK
04:58:36.821 Disk 0 MBR has been saved successfully to "C:\Users\PDK\Desktop\MBR.dat"
04:58:36.840 The log file has been saved successfully to "C:\Users\PDK\Desktop\aswMBR.txt"
05:00:12.720 Disk 0 MBR has been saved successfully to "C:\Users\PDK\Desktop\MBR.dat"
05:00:12.732 The log file has been saved successfully to "C:\Users\PDK\Desktop\aswMBR.txt"
05:06:14.464 AVAST engine scan C:\ProgramData
05:07:28.568 Scan finished successfully
05:07:48.858 Disk 0 MBR has been saved successfully to "C:\Users\PDK\Desktop\MBR.dat"
05:07:48.868 The log file has been saved successfully to "C:\Users\PDK\Desktop\aswMBR.txt"


I feel my infected computer is the desktop. However I started with this one and this is good practice. Thank you for this help.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:57 PM

Posted 25 April 2012 - 04:58 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ladytrae

ladytrae
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 26 April 2012 - 12:14 AM

ComboFix 12-04-25.02 - PDK 04/26/2012 0:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2558 [GMT -4:00]
Running from: c:\users\PDK\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
c:\users\PDK\AppData\Roaming\inst.exe
c:\users\PDK\AppData\Roaming\vso_ts_preview.xml
c:\users\PDK\ia_remove.sh7758.tmp
c:\users\PDK\ia_remove.sh8025.tmp
c:\users\PDK\ia_remove.sh8337.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 04:45 . 2012-04-26 04:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 03:56 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4264C169-CEAE-45B7-91D7-79F55D112533}\mpengine.dll
2012-04-25 23:28 . 2012-04-25 23:28 53248 ----a-r- c:\users\PDK\AppData\Roaming\Microsoft\Installer\{CC742826-F806-45C9-A433-09B871BD232D}\ARPPRODUCTICON.exe
2012-04-25 23:28 . 2012-04-25 23:28 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-04-25 23:28 . 2012-04-25 23:28 -------- d-----w- c:\program files (x86)\Royal
2012-04-25 22:24 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-25 22:24 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-25 22:24 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-25 22:24 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-25 22:24 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-25 22:24 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-25 22:24 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-25 22:24 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-25 11:37 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-25 11:37 . 2012-04-25 22:24 -------- d-----w- c:\programdata\AVAST Software
2012-04-25 11:37 . 2012-04-25 22:24 -------- d-----w- c:\program files\AVAST Software
2012-04-25 09:20 . 2012-04-25 09:22 -------- d-----w- c:\users\PDK\AppData\Local\ElevatedDiagnostics
2012-04-17 23:57 . 2012-04-17 23:57 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 17:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 17:04 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 17:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 17:04 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 17:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 17:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 17:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-06 17:06 . 2012-04-06 17:06 -------- d-----w- c:\users\PDK\AppData\Roaming\Template
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-28 11:23 . 2012-04-17 23:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 23:57 . 2011-12-01 22:44 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-02-03 23:55 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-15 23:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 23:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 23:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 23:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 23:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 23:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 13:23 . 2012-02-03 13:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-03 13:23 . 2012-02-03 13:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-03 13:23 . 2012-02-03 13:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-03 13:23 . 2012-02-03 13:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-03 13:23 . 2012-02-03 13:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-03 13:23 . 2012-02-03 13:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-03 13:23 . 2012-02-03 13:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-03 13:23 . 2012-02-03 13:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-03 13:23 . 2012-02-03 13:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-03 13:23 . 2012-02-03 13:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-03 13:23 . 2012-02-03 13:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-03 13:23 . 2012-02-03 13:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-03 13:23 . 2012-02-03 13:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-03 13:23 . 2012-02-03 13:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-03 13:23 . 2012-02-03 13:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-03 13:23 . 2012-02-03 13:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-03 13:23 . 2012-02-03 13:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-03 13:23 . 2012-02-03 13:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-03 13:23 . 2012-02-03 13:23 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-03 13:23 . 2012-02-03 13:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-03 13:23 . 2012-02-03 13:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-03 13:23 . 2012-02-03 13:23 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-03 13:23 . 2012-02-03 13:23 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-03 13:23 . 2012-02-03 13:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-03 13:23 . 2012-02-03 13:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-03 13:23 . 2012-02-03 13:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-03 13:23 . 2012-02-03 13:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-03 13:23 . 2012-02-03 13:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-03 13:23 . 2012-02-03 13:23 448512 ----a-w- c:\windows\system32\html.iec
2012-02-03 13:23 . 2012-02-03 13:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-03 13:23 . 2012-02-03 13:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-03 13:23 . 2012-02-03 13:23 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-03 13:23 . 2012-02-03 13:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-03 13:23 . 2012-02-03 13:23 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-03 13:10 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-03 13:10 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-03 04:34 . 2012-03-15 23:55 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-16 1038088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 23:57]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142836522-115091619-568052348-1000Core.job
- c:\users\PDK\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 18:08]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142836522-115091619-568052348-1000UA.job
- c:\users\PDK\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 18:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv54_series&r=27361209m6c6l03c0z1h5a48l1u277
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv54_series&r=27361209m6c6l03c0z1h5a48l1u277
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.169.1
FF - ProfilePath - c:\users\PDK\AppData\Roaming\Mozilla\Firefox\Profiles\zsx9seic.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-04-26 01:01:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 05:01
.
Pre-Run: 236,372,422,656 bytes free
Post-Run: 235,698,020,352 bytes free
.
- - End Of File - - 94FF7C60A1637BC4DB3719152D5D3E5B

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:57 PM

Posted 26 April 2012 - 06:06 AM

Hi,

Please run the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ladytrae

ladytrae
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 26 April 2012 - 01:01 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PDK :: GATEWAYLAPTOP [administrator]

4/26/2012 11:36:02 AM
mbam-log-2012-04-26 (11-36-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198985
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Users\PDK\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe a variant of Win32/Keygen.AS application
C:\Users\PDK\Downloads\ps\New folder\Adobe Photoshop CS4 Extended.iso BAT/HostsChanger.A application
C:\Users\PDK\Downloads\ps\New folder\Adobe CS4 Activation Patch\Activation Blocker.cmd BAT/HostsChanger.A application

Everything is running good. Thank you

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:57 PM

Posted 26 April 2012 - 02:02 PM

Please run the following;

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\PDK\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe 
C:\Users\PDK\Downloads\ps\New folder\Adobe Photoshop CS4 Extended.iso 
C:\Users\PDK\Downloads\ps\New folder\Adobe CS4 Activation Patch\Activation Blocker.cmd 


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Posted ImageYour Java is out of date.
Java™ 6 Update 17 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.




If you could please run DDS, TDSSKiller and aswMBR on the second computer and post those logs as well as the Combofix log from this computer I can look at those for you too. (we'll clean up the tools at the end)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ladytrae

ladytrae
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 28 April 2012 - 09:36 PM

Here is the last file for the laptop.
ComboFix 12-04-25.02 - PDK 04/26/2012 15:34:55.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2523 [GMT -4:00]
Running from: c:\users\PDK\Desktop\ComboFix.exe
Command switches used :: c:\users\PDK\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\PDK\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe"
"c:\users\PDK\Downloads\ps\New folder\Adobe CS4 Activation Patch\Activation Blocker.cmd"
"c:\users\PDK\Downloads\ps\New folder\Adobe Photoshop CS4 Extended.iso"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PDK\Downloads\ConvertXtoDVD 3.3.4.106e And Keygen [1337x]\Keygen.exe
c:\users\PDK\Downloads\ps\New folder\Adobe CS4 Activation Patch\Activation Blocker.cmd
c:\users\PDK\Downloads\ps\New folder\Adobe Photoshop CS4 Extended.iso
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 19:46 . 2012-04-26 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 15:54 . 2012-04-26 15:54 -------- d-----w- c:\program files (x86)\ESET
2012-04-26 15:31 . 2012-04-26 15:31 -------- d-----w- c:\users\PDK\AppData\Roaming\Malwarebytes
2012-04-26 15:31 . 2012-04-26 15:31 -------- d-----w- c:\programdata\Malwarebytes
2012-04-26 15:31 . 2012-04-26 15:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-26 15:31 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 03:56 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4264C169-CEAE-45B7-91D7-79F55D112533}\mpengine.dll
2012-04-25 23:28 . 2012-04-25 23:28 53248 ----a-r- c:\users\PDK\AppData\Roaming\Microsoft\Installer\{CC742826-F806-45C9-A433-09B871BD232D}\ARPPRODUCTICON.exe
2012-04-25 23:28 . 2012-04-25 23:28 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-04-25 23:28 . 2012-04-25 23:28 -------- d-----w- c:\program files (x86)\Royal
2012-04-25 22:24 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-25 22:24 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-25 22:24 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-25 22:24 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-25 22:24 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-25 22:24 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-25 22:24 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-25 22:24 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-25 11:37 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-25 11:37 . 2012-04-25 22:24 -------- d-----w- c:\programdata\AVAST Software
2012-04-25 11:37 . 2012-04-25 22:24 -------- d-----w- c:\program files\AVAST Software
2012-04-25 09:20 . 2012-04-25 09:22 -------- d-----w- c:\users\PDK\AppData\Local\ElevatedDiagnostics
2012-04-17 23:57 . 2012-04-17 23:57 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 17:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 17:04 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 17:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 17:04 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 17:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 17:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 17:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-06 17:06 . 2012-04-06 17:06 -------- d-----w- c:\users\PDK\AppData\Roaming\Template
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-28 11:23 . 2012-04-17 23:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 23:57 . 2011-12-01 22:44 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-02-03 23:55 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-15 23:54 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 23:54 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 23:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 23:54 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 23:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 23:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 13:23 . 2012-02-03 13:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-03 13:23 . 2012-02-03 13:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-03 13:23 . 2012-02-03 13:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-03 13:23 . 2012-02-03 13:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-03 13:23 . 2012-02-03 13:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-03 13:23 . 2012-02-03 13:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-03 13:23 . 2012-02-03 13:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-03 13:23 . 2012-02-03 13:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-03 13:23 . 2012-02-03 13:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-03 13:23 . 2012-02-03 13:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-03 13:23 . 2012-02-03 13:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-03 13:23 . 2012-02-03 13:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-03 13:23 . 2012-02-03 13:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-03 13:23 . 2012-02-03 13:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-03 13:23 . 2012-02-03 13:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-03 13:23 . 2012-02-03 13:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-03 13:23 . 2012-02-03 13:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-03 13:23 . 2012-02-03 13:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-03 13:23 . 2012-02-03 13:23 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-03 13:23 . 2012-02-03 13:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-03 13:23 . 2012-02-03 13:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-03 13:23 . 2012-02-03 13:23 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-03 13:23 . 2012-02-03 13:23 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-03 13:23 . 2012-02-03 13:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-03 13:23 . 2012-02-03 13:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-03 13:23 . 2012-02-03 13:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-03 13:23 . 2012-02-03 13:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-03 13:23 . 2012-02-03 13:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-03 13:23 . 2012-02-03 13:23 448512 ----a-w- c:\windows\system32\html.iec
2012-02-03 13:23 . 2012-02-03 13:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-03 13:23 . 2012-02-03 13:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-03 13:23 . 2012-02-03 13:23 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-03 13:23 . 2012-02-03 13:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-03 13:23 . 2012-02-03 13:23 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-03 13:10 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-02-03 13:10 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-03 04:34 . 2012-03-15 23:55 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_04.48.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-26 04:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-26 19:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:47 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-26 19:48 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-26 19:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-28 19:04 . 2012-04-26 19:49 53434 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-26 19:49 51928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-04 09:07 . 2012-04-26 19:49 12966 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1142836522-115091619-568052348-1000_UserData.bin
+ 2012-04-26 15:35 . 2012-04-26 15:35 9560 c:\windows\system32\NetworkList\Icons\{5AE458AB-092A-42E6-A09F-93B321E9B984}_48.bin
+ 2012-04-26 15:35 . 2012-04-26 15:35 4280 c:\windows\system32\NetworkList\Icons\{5AE458AB-092A-42E6-A09F-93B321E9B984}_32.bin
+ 2012-04-26 15:35 . 2012-04-26 15:35 2456 c:\windows\system32\NetworkList\Icons\{5AE458AB-092A-42E6-A09F-93B321E9B984}_24.bin
- 2012-04-26 04:46 . 2012-04-26 04:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-26 19:47 . 2012-04-26 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-26 19:47 . 2012-04-26 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-26 04:46 . 2012-04-26 04:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-25 11:36 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-26 15:31 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-25 11:36 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-26 15:31 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-26 19:46 377144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-26 04:46 377144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-12-06 06:33 . 2012-04-26 19:46 3060660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1142836522-115091619-568052348-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-16 1038088]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 23:57]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142836522-115091619-568052348-1000Core.job
- c:\users\PDK\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 18:08]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1142836522-115091619-568052348-1000UA.job
- c:\users\PDK\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 18:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv54_series&r=27361209m6c6l03c0z1h5a48l1u277
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv54_series&r=27361209m6c6l03c0z1h5a48l1u277
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\PDK\AppData\Roaming\Mozilla\Firefox\Profiles\zsx9seic.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-04-26 16:01:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 20:01
ComboFix2.txt 2012-04-26 05:01
.
Pre-Run: 233,559,515,136 bytes free
Post-Run: 233,509,400,576 bytes free
.
- - End Of File - - 821CE257EE12DD7CDCE7DBC217F1496E


This is where the desktop begins.
Before we get to involved in this machine Id like to point out its used by my kids a lot and Im considering doing a complete factory reformat. It may be the best route to go if its as "junked up" as I think it may be.
Please tell me what you think. Thank you. Here we go...

tdsskiller - found no threats

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Ladytrae at 22:18:22 on 2012-04-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2242 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\MHotKey.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files (x86)\Panasonic\Panasonic-DMS\MFP Utilities\MfpDtMng.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MgcsLoad.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\USB Sharing\usbshare.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\alg.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\msiexec.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0110&m=sx2800
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RivalGaming Games: {26d675ac-d925-4bbf-a720-62c2aa4a81eb} - C:\Users\Ladytrae\AppData\Local\RivalGaming\RivalGaming.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Users\Ladytrae\AppData\Local\Temp\E_S5226.tmp" /EF "HKCU"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Ladytrae\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HUEYPR~1.LNK - C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\USBSHA~1.LNK - C:\Program Files (x86)\USB Sharing\usbshare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files (x86)\SmartWhois\swmsie.exe
IE: {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files (x86)\SmartWhois\swmsie.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{37893AAD-E4AC-4C81-AA61-8D18768C02DB} : DhcpNameServer = 192.168.169.1
TCP: Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6E9A84AE-CDC0-49FA-A6D3-590DAA06961B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6E9A84AE-CDC0-49FA-A6D3-590DAA06961B}\2656C6B696E6E2433366 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CC8FF45E-6299-46BB-8AA0-FCDAA8C0D398} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F1A9691A-CACE-4FE5-A9A5-87F4026CA3BE} : DhcpNameServer = 192.168.169.1
TCP: Interfaces\{F1A9691A-CACE-4FE5-A9A5-87F4026CA3BE}\452716E45647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F1A9691A-CACE-4FE5-A9A5-87F4026CA3BE}\452716E4564702765756374737 : DhcpNameServer = 192.168.169.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RivalGaming Games: {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\Ladytrae\AppData\Local\RivalGaming\RivalGaming.dll
BHO-X64: RivalGaming Games - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\Program Files (x86)\SmartWhois\swmsie.exe
IE-X64: {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\Program Files (x86)\SmartWhois\swmsie.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ladytrae\AppData\Roaming\Mozilla\Firefox\Profiles\hiby8shv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3020840&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3020840&SearchSource=2&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_2_3\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Ladytrae\AppData\Roaming\Mozilla\Firefox\Profiles\hiby8shv.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbasic.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ladytrae\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Ladytrae\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=mlUKFfZa&q=
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-11-16 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-11-16 55296]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
R2 MFP Data Manage;MFP Data Manage;C:\Program Files (x86)\Panasonic\Panasonic-DMS\MFP Utilities\MfpDtMng.exe [2010-8-21 229376]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-11-29 90112]
R2 Port Controller;Port Controller;C:\Program Files (x86)\Panasonic\Panasonic-DMS\Port Controller\MgcsLoad.exe [2010-8-21 40960]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\Windows\system32\DRIVERS\Amps2x64.sys --> C:\Windows\system32\DRIVERS\Amps2x64.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-26 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 253088]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-17 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-26 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netr7364;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 Spyder2;ColorVision Spyder2;C:\Windows\system32\DRIVERS\Spyder2.sys --> C:\Windows\system32\DRIVERS\Spyder2.sys [?]
S3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\ts_arusbx.sys --> C:\Windows\system32\DRIVERS\ts_arusbx.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-04-28 18:58:27 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AD65F79-2479-4AE3-9EC4-1232196E27AE}\mpengine.dll
2012-04-19 21:33:59 -------- d-----w- C:\Program Files (x86)\Ski Region Simulator 2012
2012-04-19 21:32:22 -------- d-----w- C:\temp
2012-04-19 21:17:49 -------- d-----w- C:\Program Files (x86)\MagicISO
2012-04-19 14:35:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-12 00:42:09 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 00:42:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:42:08 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 00:39:24 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 00:39:23 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 00:39:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 00:39:22 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 00:39:22 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 00:39:22 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 00:39:22 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-09 23:10:02 -------- d-----w- C:\Users\Ladytrae\AppData\Roaming\Need for Speed World
2012-04-09 22:16:37 -------- d-----w- C:\Users\Ladytrae\AppData\Local\Electronic_Arts_Inc
2012-04-03 15:56:43 -------- d-----w- C:\Program Files (x86)\Dogpile Bundle Toolbar
2012-04-03 15:56:32 -------- d-----w- C:\Users\Ladytrae\AppData\Local\RivalGaming
2012-04-02 01:04:07 -------- d-----w- C:\Program Files\iPod
2012-04-02 01:04:06 -------- d-----w- C:\Program Files\iTunes
2012-04-02 01:04:06 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-04-19 14:35:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2002-09-04 12:14:36 1206784 ----a-w- C:\Program Files (x86)\AutoEye_PlugIn.8bf
.
============= FINISH: 22:19:16.12 ===============

Attached Files



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:57 PM

Posted 28 April 2012 - 09:43 PM

Hi

Please run ComboFix on the second computer:

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 ladytrae

ladytrae
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 02 May 2012 - 04:34 AM

ComboFix 12-05-01.03 - Ladytrae 05/02/2012 4:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2483 [GMT -4:00]
Running from: c:\users\Ladytrae\Desktop\Bleeping\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\plugins\npbasic.dll
c:\program files (x86)\POL
c:\program files (x86)\POL\menu.gif
c:\program files (x86)\POL\POL.chm
c:\program files (x86)\POL\qs.html
c:\program files (x86)\POL\tray.gif
c:\program files (x86)\POL\Uninstall.exe
c:\users\Ladytrae\AppData\Local\RivalGaming\RiVAlgaming.dll
c:\users\Ladytrae\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Ladytrae\AppData\Roaming\Microsoft\~DFK28dde0.tmp
c:\users\Ladytrae\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Ladytrae\AppData\Roaming\Microsoft\bass.dll
c:\users\Ladytrae\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Ladytrae\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Ladytrae\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Ladytrae\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Ladytrae\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Ladytrae\xobglu32.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\tcpip.copy
c:\windows\SysWow64\drivers\mgcscrd.sys
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 09:03 . 2012-05-02 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 08:45 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FAFDA33-4567-4A7D-A3FD-68F7AC3D5F3E}\mpengine.dll
2012-04-30 21:45 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-30 21:45 . 2012-04-30 21:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-19 21:33 . 2012-04-19 21:46 -------- d-----w- c:\program files (x86)\Ski Region Simulator 2012
2012-04-19 21:32 . 2012-04-19 21:45 -------- d-----w- C:\temp
2012-04-19 21:17 . 2012-04-19 21:18 -------- d-----w- c:\program files (x86)\MagicISO
2012-04-19 14:35 . 2012-04-19 14:35 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-19 14:35 . 2012-04-19 14:35 -------- d-----w- c:\windows\system32\Macromed
2012-04-12 00:42 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 00:42 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 00:42 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 00:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 00:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 00:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 00:39 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 00:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 00:39 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 00:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 23:10 . 2012-04-09 23:10 -------- d-----w- c:\users\Ladytrae\AppData\Roaming\Need for Speed World
2012-04-09 22:16 . 2012-04-09 22:16 -------- d-----w- c:\users\Ladytrae\AppData\Local\Electronic_Arts_Inc
2012-04-03 15:56 . 2012-04-03 15:56 -------- d-----w- c:\program files (x86)\Dogpile Bundle Toolbar
2012-04-03 15:56 . 2012-05-02 08:58 -------- d-----w- c:\users\Ladytrae\AppData\Local\RivalGaming
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 14:35 . 2011-07-26 02:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 00:44 . 2011-04-27 20:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2011-04-18 18:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-17 06:38 . 2012-03-13 23:25 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:25 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:25 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:25 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 23:13 . 2012-02-10 23:14 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7275D582-D740-4291-BBB6-D7DC915F6B60}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 23:26 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:26 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 23:26 3145728 ----a-w- c:\windows\system32\win32k.sys
2002-09-04 12:14 . 2002-09-19 18:13 1206784 ----a-w- c:\program files (x86)\AutoEye_PlugIn.8bf
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2012-04-03 378880]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2012-04-03 15:56 1615360 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2012-04-03 1615360]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-26 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Ladytrae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-6-25 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hueyPROTray.lnk - c:\program files (x86)\Pantone\hueyPRO\hueyPROTray.exe [2012-3-2 1081344]
USB Sharing.lnk - c:\program files (x86)\USB Sharing\usbshare.exe [2011-11-15 139264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
.
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R2 Port Controller;Port Controller;c:\program files (x86)\Panasonic\Panasonic-DMS\Port Controller\MgcsLoad.exe [2001-03-27 40960]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-18 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 netr7364;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [x]
R3 ts_arusb;[CommView] Atheros Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ts_arusbx.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MFP Data Manage;MFP Data Manage;c:\program files (x86)\Panasonic\Panasonic-DMS\MFP Utilities\MfpDtMng.exe [2000-06-04 229376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-21 90112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2x64.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - EraserUtilRebootDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 14:35]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 01:47]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 01:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ladytrae\AppData\Roaming\Mozilla\Firefox\Profiles\hiby8shv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3020840&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=mlUKFfZa&q=
FF - user.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=mlUKFfZa&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ARAX Disk Doctor Data Recovery - n:\diskdoctor\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\MHotKey.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ChiFuncExt.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-05-02 05:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 09:19
.
Pre-Run: 171,125,637,120 bytes free
Post-Run: 171,090,665,472 bytes free
.
- - End Of File - - 2B7E66FBC11202BBFA8BBD3EEACD95E4

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:57 PM

Posted 02 May 2012 - 05:27 PM

please run Malwarebytes Antimalware and the ESET online scanner on this second computer


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 ladytrae

ladytrae
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 03 May 2012 - 02:16 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.02.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ladytrae :: LADYTRAE-PC [administrator]

5/2/2012 10:09:04 PM
mbam-log-2012-05-02 (22-09-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202696
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Users\Ladytrae\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\383313f7-56c3d5e4 multiple threats
C:\Users\Ladytrae\Downloads\FileExtensionFinder-1.0.exe a variant of Win32/Toolbar.Zugo application
C:\Users\Ladytrae\Downloads\halo.exe a variant of Win32/InstallCore.J application
C:\Users\Ladytrae\Downloads\AllData Install CD\alldata install cd uncompressed\IWON.exe Win32/AdInstaller application
C:\Users\Ladytrae\Downloads\CompUtilities\Hirens.BootCD.10.4.zip Win32/PSWTool.KonBoot.A application
C:\Users\Ladytrae\Downloads\CompUtilities\UBCD4WinV350.exe Win32/PrcView application
C:\Users\Ladytrae\Downloads\CompUtilities\Hirens.BootCD.10.4\Hiren's.BootCD.10.4.iso Win32/PSWTool.KonBoot.A application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users