Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:sirefef-fq problems and possibly more?


  • This topic is locked This topic is locked
21 replies to this topic

#1 aka-goldfish

aka-goldfish

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 21 April 2012 - 08:34 PM

Hello, first time on here looking for some help, definitely out of my league with these issues. First issue was extreme slow downs to the point of inability for every action tried when starting windows normally. I was eventually able to boot up in safe mode and tried Malwarebytes, but an error repeatedly came up that vbalgrid could not be found, even after a new installation and trying the chameleon application. Other programs like Google Chrome and CCleaner were also not able to run. I tried system restore from safe mode, but received an error that system restore could not be completed because (I forget the exact wording) the shadow could not be found. I restarted, but this started a boot loop, and it only stopped after a few tries at the startup repair function on the F8 bootup menu and I was finally able to use the system restore point. I tried to uninstall Trendmicro since it was outdated anyway, and I downloaded Avast in safe mode with networking and ran a full scan which found several things, including the Win32Sirefef-fq and -ho. Avast then did a boot scan which found more instances of rootkits, but when it finished, it entered the boot loop again and I had to repeat all the startup repair steps to get the pc to restore and finally run again, and lost all the changes that Avast made.

So I followed the preparation guide as best I could, I'm not sure if the firewall step worked though as I received a "Due to an unidentified problem, windows cannot display firewall settings" error, and I'm running Vista 64 so did not do the GMER log. Thank you ahead of time for all your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Zach at 20:49:51 on 2012-04-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4231 [GMT -4:00]
.
AV: Trend Micro Internet Security Pro *Enabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security Pro *Enabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Zach's Stuff\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [AdobeBridge]
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19L4861Z05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart

1
uRunOnce: [Application Restart #4] C:\Users\Zach\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session --

http://msg.edit.yahoo.com/config/reset_cookies?&.y=Y%3Dv%3D1%26n%3D7htlc56m2dg0u%26l%3D40hj7n1eo%2Fo%26p%3Dm2l1a62a132a0g00%26r%3D5k%26lg%3Den%2DUS%26intl%3Dus%26np%3D1%3B%20path%3D%2F%3B%20domain%3D%

2Eyahoo%2Ecom&.t=T%3Dz%3DLbOIPBLhjIPBdlWV%2Fxg2O%2EONjY0TwYwNjU1NTQzMzY%2D%26a%3DYAE%26sk%3DDAATvf3c%2FL0LZr%26ks%3DEAAipLXudbTTfm9swyGiG2etw%2D%2D%7EE%26d%

3Dc2wBTVRFek9BRTNNVEl5TWpNME5ERS0BYQFZQUUBZwFKRUFWTE1CU042VzJIRENKQlY1QUQ1SUY2NAFvawFaVzAtAXp6AUxiT0lQQmdXQQF0aXABc1pGQTdB%3B%20path%3D%2F%3B%20domain%3D%2Eyahoo%2Ecom&.ver=2&.done=http%

3a//us.rd.yahoo.com/messenger/client/%3fhttp%3a//mail.yahoo.com
uRunOnce: [Application Restart #2] C:\Users\Zach\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session --

http://msg.edit.yahoo.com/config/reset_cookies?&.y=Y%3Dv%3D1%26n%3D88v17qf1u694g%26l%3Dp0274hofh0j4h%2Fo%26p%3Dm2l1cbc012000000%26r%3Dhd%26lg%3Den%2DUS%26intl%3Dus%26np%3D1%3B%20path%3D%2F%3B%20domain%3D%

2Eyahoo%2Ecom&.t=T%3Dz%3DOHVXPBONqXPBK4IIYudgvNvNjUxNwY2MU4wTzQzMzY3%26a%3DQAE%26sk%3DDAAsZdi339k%2FLS%26ks%3DEAAPqhB0s9uQMGI9fOtoxjM%2Ew%2D%2D%7EE%26d%

3Dc2wBTVRJMk1BRXhOamszT0RNME5ERXcBYQFRQUUBZwFUREdHUlQzUVVXV0ZCVzNGUE5FSDVMRUNJUQF6egFPSFZYUEJnV0EBdGlwAXNaRkE3QQ%2D%2D%3B%20path%3D%2F%3B%20domain%3D%2Eyahoo%2Ecom&.ver=2&.done=http%

3a//us.rd.yahoo.com/messenger/client/%3fhttp%3a//mail.yahoo.com
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Zach's Stuff\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: C:\Users\Zach\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
StartupFolder: C:\Users\Zach\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: taobao.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4099E8E4-D7AF-4A35-8FA8-8DD5E72BAC6C} : DhcpNameServer = 192.168.1.254
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Zach's Stuff\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] %WINDIR%\SMINST\launcher.exe
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\mz0vbgo6.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npww.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Zach\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Zach\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Zach's Stuff\iTunes\Mozilla Plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 amdide64;amdide64;C:\Windows\system32\DRIVERS\amdide64.sys --> C:\Windows\system32\DRIVERS\amdide64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 npf;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-4-28 1038088]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== Created Last 30 ================
.
2012-04-21 00:10:44 -------- d-----w- C:\d82f84b5694164d74c
2012-04-21 00:10:07 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-15 03:32:14 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-15 03:32:14 -------- d-----w- C:\Program Files\AVAST Software
2012-04-15 02:35:54 -------- d-----w- C:\Program Files\CCleaner
2012-04-15 01:42:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware(29)
2012-04-07 17:29:51 -------- d-----w- C:\Users\Zach\AppData\Local\Amazon
2012-04-07 17:16:01 -------- d-----w- C:\Users\Zach\AppData\Roaming\calibre
2012-04-07 17:15:50 -------- d-----w- C:\Program Files (x86)\Calibre2
2012-04-07 16:59:24 -------- d-----w- C:\Users\Zach\AppData\Roaming\Mobipocket
2012-04-07 16:59:13 -------- d-----w- C:\Program Files (x86)\Mobipocket.com
2012-04-06 16:41:57 -------- d-----w- C:\tmp
2012-04-04 14:42:01 -------- d-----w- C:\Program Files\iPod(38)
.
==================== Find3M ====================
.
2012-04-21 23:33:52 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-13 13:16:36 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:50:25.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 22 April 2012 - 12:23 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 aka-goldfish

aka-goldfish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 22 April 2012 - 09:34 AM

Thank you for the quick response! Below is the frst64 log. I'm not sure if it matters, but the first time I restarted windows decided to install and configure windows updates, so I let it finish that and then restarted a second time to run the scan.

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 22-04-2012 10:22:57
Running from E:\
Windows Vista ™ Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47392 2010-03-16] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5174568 2010-03-08] (Nero AG)
HKLM-x32\...\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Zach's Stuff\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\NeroMediaHomeUser.4\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\NeroMediaHomeUser.4\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Zach\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Zach\...\Run: [AdobeBridge] [x]
HKU\Zach\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5174568 2010-03-08] (Nero AG)
HKU\Zach\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [226904 2007-07-12] (Macrovision Corporation)
HKU\Zach\...\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19L4861Z05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 [2676584 2011-06-08] (Hewlett-Packard Co.)
HKLM-x32\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
HKLM-x32\...\Runonce: [!BingBar] "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE" /C:"BBSetup.exe cabLocation=.\BingBarPartnerConfig.cab ismu=2" [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 Ati External Event Utility; C:\Windows\System32\Ati2evxx.exe [905216 2008-08-30] (ATI Technologies Inc.)
2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [73728 2007-08-07] ()
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2009-04-28] (Acresso Software Inc.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
2 NeroMediaHomeService.4; "C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe" [517416 2010-03-08] (Nero AG)
3 p2pimsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 p2psvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-07-07] ()
3 PNRPAutoReg; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 SCardSvr; C:\Windows\SysWow64\SCardSvr.dll [95232 2009-04-10] (Microsoft Corporation)
2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
2 Tb2RCAssist; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27648 2008-01-20] (Microsoft Corporation)
2 Tb2RCAssist; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [21504 2008-01-20] (Microsoft Corporation)
2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
2 WIBUKEY; C:\Windows\System32\DC21x4.dll [6656 2008-01-20] (Oak Technology Inc.)
3 msiserver; C:\Windows\System32\msiexec /V [x]

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [88632 2008-06-27] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
0 amdide64; C:\Windows\System32\Drivers\amdide64.sys [10632 2007-10-11] (Advanced Micro Devices)
0 AtiPcie; C:\Windows\System32\Drivers\AtiPcie.sys [16400 2008-04-28] (ATI Technologies Inc.)
3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl664.sys [550912 2006-10-06] (Broadcom Corporation)
3 CAXHWBS2; C:\Windows\System32\Drivers\CAXHWBS2.sys [403968 2008-03-16] (Conexant Systems, Inc.)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33344 2008-10-23] (LogMeIn, Inc.)
3 mcdbus; C:\Windows\System32\Drivers\mcdbus.sys [255424 2008-07-28] (MagicISO, Inc.)
3 mcdbus; C:\Windows\SysWow64\Drivers\mcdbus.sys [255424 2008-07-28] (MagicISO, Inc.)
2 npf; C:\Windows\System32\Drivers\npf.sys [40464 2008-06-29] (CACE Technologies)
3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [4708864 2008-08-30] (ATI Technologies Inc.)
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR64.SYS [65536 2008-04-30] (Realtek Semiconductor Corp.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-21] (Duplex Secure Ltd.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2008-01-20] (Microsoft Corporation)
3 ATICDSDr; \??\C:\Users\Zach\AppData\Local\Temp\ATICDSDr.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: WIBUKEY
NETSVCx32: Themes

============ One Month Created Files and Folders ==============

2012-04-22 06:03 - 2010-08-18 16:21 - 0000000 ____A C:\Users\Zach\Desktop\New Text Document.txt
2012-04-22 06:00 - 2009-04-10 23:15 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-22 06:00 - 2009-04-10 23:11 - 4699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-22 06:00 - 2008-01-20 18:50 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-22 06:00 - 2008-01-20 18:49 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-22 06:00 - 2006-11-02 07:04 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-22 06:00 - 2006-11-02 07:04 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-22 06:00 - 2006-11-02 03:15 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-22 06:00 - 2006-11-02 01:44 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-21 16:54 - 2011-05-04 16:03 - 0022760 ____A C:\Users\Zach\Desktop\Attach.txt
2012-04-21 16:53 - 2012-04-21 16:49 - 0022344 ____A C:\Users\Zach\Desktop\DDS.txt
2012-04-21 16:49 - 2009-03-01 12:49 - 0607260 ____R (Swearware) C:\Users\Zach\Desktop\dds.scr
2012-04-21 16:40 - 2011-10-17 08:03 - 0000216 ____A C:\Users\Zach\defogger_reenable
2012-04-21 15:54 - 2011-12-23 07:11 - 0000124 ____A C:\Users\Zach\My Documents\ax_files.xml
2012-04-21 15:54 - 2011-12-23 07:11 - 0000124 ____A C:\Users\Zach\Documents\ax_files.xml
2012-04-21 15:50 - 2012-02-28 07:35 - 1428992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-21 15:50 - 2012-02-28 07:33 - 1383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-21 15:50 - 2012-02-28 07:33 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-21 15:50 - 2012-02-28 07:24 - 1383424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-21 15:50 - 2012-02-28 07:23 - 0193024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-21 15:50 - 2012-02-28 06:19 - 0759808 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-21 15:50 - 2012-02-28 05:56 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-21 15:50 - 2011-11-16 08:43 - 1032192 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-21 15:50 - 2011-11-16 08:23 - 0834048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-21 15:50 - 2011-04-21 07:24 - 7020544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-21 15:50 - 2011-04-21 06:57 - 6090240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-21 15:50 - 2011-02-16 08:40 - 0032256 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-21 15:50 - 2011-02-16 08:18 - 0027648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-21 15:50 - 2009-11-17 23:26 - 0485376 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-21 15:50 - 2009-11-17 23:26 - 0389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-21 15:50 - 2009-07-15 02:23 - 0590848 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-21 15:50 - 2009-06-17 22:57 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-21 15:50 - 2009-06-17 22:56 - 0380928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-21 15:50 - 2009-04-10 23:11 - 1129984 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-21 15:50 - 2009-04-10 22:28 - 0671232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-21 15:50 - 2009-04-10 22:28 - 0471040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-21 15:50 - 2008-01-20 18:50 - 5720064 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-21 15:50 - 2008-01-20 18:49 - 0270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-21 15:50 - 2008-01-20 18:49 - 0180736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-21 15:50 - 2008-01-20 18:48 - 3618304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-21 15:50 - 2008-01-20 18:48 - 0375808 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-21 15:50 - 2008-01-20 18:48 - 0224768 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-21 15:50 - 2006-11-02 03:19 - 0108544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-21 15:50 - 2006-11-02 01:46 - 0106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-21 15:50 - 1999-08-29 00:15 - 1176576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-21 15:42 - 2011-07-22 13:10 - 0074048 ____A C:\Users\Zach\Local Settings\GDIPFONTCACHEV1.DAT
2012-04-21 15:42 - 2011-07-22 13:10 - 0074048 ____A C:\Users\Zach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-04-21 15:42 - 2011-07-22 13:10 - 0074048 ____A C:\Users\Zach\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-21 15:41 - 2011-09-06 14:40 - 0000869 ____A C:\Users\Public\Desktop\Alcohol 120%.lnk
2012-04-21 15:41 - 2011-09-06 14:40 - 0000869 ____A C:\Users\All Users\Desktop\Alcohol 120%.lnk
2012-04-21 08:52 - 2008-01-20 18:47 - 0602600 ____A C:\Windows\ntbtlog.txt
2012-04-20 20:17 - 2012-04-15 05:49 - 0011680 ____A C:\Users\Zach\Local Settings\dd_vcredistUI05C3.txt
2012-04-20 20:17 - 2012-04-15 05:49 - 0011680 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI05C3.txt
2012-04-20 20:17 - 2012-04-15 05:49 - 0011680 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI05C3.txt
2012-04-20 20:17 - 2012-03-16 13:13 - 0001832 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI05C3.txt
2012-04-20 20:17 - 2012-03-16 13:13 - 0001832 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI05C3.txt
2012-04-20 20:17 - 2012-03-16 13:13 - 0001832 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI05C3.txt
2012-04-20 16:10 - 2010-07-24 21:40 - 0433394 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI4929.txt
2012-04-20 16:10 - 2010-07-24 21:40 - 0433394 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI4929.txt
2012-04-20 16:10 - 2010-07-24 21:40 - 0433394 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI4929.txt
2012-04-20 16:10 - 2010-07-24 21:40 - 0011594 ____A C:\Users\Zach\Local Settings\dd_vcredistUI4929.txt
2012-04-20 16:10 - 2010-07-24 21:40 - 0011594 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI4929.txt
2012-04-20 16:10 - 2010-07-24 21:40 - 0011594 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI4929.txt
2012-04-20 16:10 - 2010-01-20 09:05 - 0000000 ____D C:\d82f84b5694164d74c
2012-04-20 16:10 - 2009-07-14 16:18 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-04-20 16:10 - 2002-02-15 12:12 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-04-15 05:49 - 2012-04-20 16:14 - 0011664 ____A C:\Users\Zach\Local Settings\dd_vcredistUI6703.txt
2012-04-15 05:49 - 2012-04-20 16:14 - 0011664 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI6703.txt
2012-04-15 05:49 - 2012-04-20 16:14 - 0011664 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI6703.txt
2012-04-15 05:49 - 2012-04-20 16:13 - 0001824 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI6703.txt
2012-04-15 05:49 - 2012-04-20 16:13 - 0001824 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI6703.txt
2012-04-15 05:49 - 2012-04-20 16:13 - 0001824 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI6703.txt
2012-04-14 20:46 - 2008-01-20 19:21 - 0293735 ____A C:\Windows\WindowsUpdate.log
2012-04-14 20:43 - 2006-11-02 07:07 - 0015690 ____A C:\Windows\PFRO.log
2012-04-14 19:32 - 2012-04-20 20:17 - 0429052 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI0F08.txt
2012-04-14 19:32 - 2012-04-20 20:17 - 0429052 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI0F08.txt
2012-04-14 19:32 - 2012-04-20 20:17 - 0429052 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI0F08.txt
2012-04-14 19:32 - 2012-04-20 20:17 - 0011626 ____A C:\Users\Zach\Local Settings\dd_vcredistUI0F08.txt
2012-04-14 19:32 - 2012-04-20 20:17 - 0011626 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI0F08.txt
2012-04-14 19:32 - 2012-04-20 20:17 - 0011626 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI0F08.txt
2012-04-14 19:32 - 2008-10-30 07:30 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-14 19:32 - 2008-10-30 07:30 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-04-14 19:32 - 2008-10-30 07:30 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-14 19:32 - 2008-10-30 07:27 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-14 18:57 - 2010-07-12 14:17 - 0000919 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 18:57 - 2010-07-12 14:17 - 0000919 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 18:35 - 2012-04-21 15:41 - 0000781 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-04-14 18:35 - 2012-04-21 15:41 - 0000781 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-04-14 18:35 - 2008-07-30 17:31 - 0000000 ____D C:\Program Files\CCleaner
2012-04-14 17:42 - 2012-04-20 19:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware(29)
2012-04-07 09:29 - 2011-04-02 23:25 - 0000000 ____D C:\Users\Zach\Local Settings\Application Data\Amazon
2012-04-07 09:29 - 2011-04-02 23:25 - 0000000 ____D C:\Users\Zach\Local Settings\Amazon
2012-04-07 09:29 - 2011-04-02 23:25 - 0000000 ____D C:\Users\Zach\AppData\Local\Amazon
2012-04-07 09:16 - 2011-08-14 15:43 - 0000000 ____D C:\Users\Zach\Application Data\calibre
2012-04-07 09:16 - 2011-08-14 15:43 - 0000000 ____D C:\Users\Zach\AppData\Roaming\calibre
2012-04-07 09:15 - 2010-03-29 17:33 - 0000000 ____D C:\Program Files (x86)\Calibre2
2012-04-07 08:59 - 2011-09-08 01:19 - 0000000 ____D C:\Program Files (x86)\Mobipocket.com
2012-04-07 08:59 - 2011-09-06 14:42 - 0000000 ____D C:\Users\Zach\Application Data\Mobipocket
2012-04-07 08:59 - 2011-09-06 14:42 - 0000000 ____D C:\Users\Zach\AppData\Roaming\Mobipocket
2012-04-07 08:59 - 2009-05-22 13:22 - 0000000 ____D C:\Users\Zach\My Documents\My eBooks
2012-04-07 08:59 - 2009-05-22 13:22 - 0000000 ____D C:\Users\Zach\Documents\My eBooks
2012-04-06 08:41 - 2012-04-21 11:52 - 0000000 ____D C:\tmp
2012-04-04 06:42 - 2012-04-20 19:43 - 0000000 ____D C:\Program Files\iPod(38)


============ 3 Months Modified Files and Folders =============

2012-04-22 10:22 - 2012-04-22 10:22 - 0000000 ____D C:\FRST
2012-04-22 06:18 - 2006-11-02 07:42 - 0032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-22 06:18 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-22 06:17 - 2006-11-02 07:22 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-22 06:17 - 2006-11-02 07:22 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-22 06:08 - 2012-04-14 20:46 - 0293735 ____A C:\Windows\WindowsUpdate.log
2012-04-22 06:03 - 2012-04-22 06:03 - 0000000 ____A C:\Users\Zach\Desktop\New Text Document.txt
2012-04-22 06:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At22.job
2012-04-22 06:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At21.job
2012-04-22 06:01 - 2011-12-20 18:25 - 0000254 ____A C:\Windows\Tasks\HP Photo Creations Messager.job
2012-04-22 06:01 - 2008-05-21 19:19 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-22 06:01 - 2008-05-21 19:19 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-04-22 06:01 - 2008-05-21 19:19 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-22 05:58 - 2006-11-02 04:46 - 0703516 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-22 05:57 - 2006-11-02 04:35 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-04-21 17:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At44.job
2012-04-21 17:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At43.job
2012-04-21 16:54 - 2012-04-21 16:54 - 0022760 ____A C:\Users\Zach\Desktop\Attach.txt
2012-04-21 16:53 - 2012-04-21 16:53 - 0022344 ____A C:\Users\Zach\Desktop\DDS.txt
2012-04-21 16:49 - 2012-04-21 16:49 - 0607260 ____R (Swearware) C:\Users\Zach\Desktop\dds.scr
2012-04-21 16:46 - 2009-09-08 13:41 - 0000000 ____D C:\Jackie's Stuff
2012-04-21 16:40 - 2012-04-21 16:40 - 0000216 ____A C:\Users\Zach\defogger_reenable
2012-04-21 16:40 - 2008-07-10 18:52 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-21 16:40 - 2008-07-10 15:46 - 0000000 ____D C:\users\Zach
2012-04-21 15:54 - 2012-04-21 15:54 - 0000124 ____A C:\Users\Zach\My Documents\ax_files.xml
2012-04-21 15:54 - 2012-04-21 15:54 - 0000124 ____A C:\Users\Zach\Documents\ax_files.xml
2012-04-21 15:42 - 2012-04-21 15:42 - 0074048 ____A C:\Users\Zach\Local Settings\GDIPFONTCACHEV1.DAT
2012-04-21 15:42 - 2012-04-21 15:42 - 0074048 ____A C:\Users\Zach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-04-21 15:42 - 2012-04-21 15:42 - 0074048 ____A C:\Users\Zach\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-21 15:41 - 2012-04-21 15:41 - 0000869 ____A C:\Users\Public\Desktop\Alcohol 120%.lnk
2012-04-21 15:41 - 2012-04-21 15:41 - 0000869 ____A C:\Users\All Users\Desktop\Alcohol 120%.lnk
2012-04-21 15:41 - 2010-08-07 21:44 - 0000000 ____D C:\users\NeroMediaHomeUser.4
2012-04-21 15:37 - 2012-04-21 08:52 - 0602600 ____A C:\Windows\ntbtlog.txt
2012-04-21 15:33 - 2009-09-10 12:32 - 0560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-04-21 12:51 - 2006-11-02 04:33 - 83099648 ____A C:\Windows\System32\config\software_previous
2012-04-21 12:50 - 2012-04-20 16:10 - 0000000 ____D C:\d82f84b5694164d74c
2012-04-21 12:50 - 2012-04-14 19:32 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-21 12:50 - 2012-04-14 19:32 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-04-21 12:50 - 2012-04-14 19:32 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-21 12:50 - 2012-04-14 19:32 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-21 12:50 - 2011-12-20 18:25 - 0000000 ____D C:\Program Files (x86)\Bing Bar Installer
2012-04-21 12:50 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2012-04-21 12:50 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-21 12:50 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2012-04-21 12:48 - 2006-11-02 04:33 - 46399488 ____A C:\Windows\System32\config\system_previous
2012-04-21 12:46 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-04-21 12:46 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-04-21 12:31 - 2006-11-02 04:33 - 57933824 ____A C:\Windows\System32\config\components_previous
2012-04-21 12:26 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-04-21 11:23 - 2008-05-21 19:56 - 0000000 ____D C:\Windows\SMINST
2012-04-21 11:20 - 2012-02-06 15:20 - 0000000 ____D C:\Program Files (x86)\Easy Flash Recovery
2012-04-21 08:52 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-21 08:29 - 2006-11-02 04:33 - 0524288 ____A C:\Windows\System32\config\default_previous
2012-04-21 08:08 - 2012-04-14 20:43 - 0015690 ____A C:\Windows\PFRO.log
2012-04-21 05:05 - 2011-07-22 15:30 - 0000000 ____D C:\Windows\pss
2012-04-20 20:17 - 2012-04-20 20:17 - 0011680 ____A C:\Users\Zach\Local Settings\dd_vcredistUI05C3.txt
2012-04-20 20:17 - 2012-04-20 20:17 - 0011680 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI05C3.txt
2012-04-20 20:17 - 2012-04-20 20:17 - 0011680 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI05C3.txt
2012-04-20 20:17 - 2012-04-20 20:17 - 0001832 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI05C3.txt
2012-04-20 20:17 - 2012-04-20 20:17 - 0001832 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI05C3.txt
2012-04-20 20:17 - 2012-04-20 20:17 - 0001832 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI05C3.txt
2012-04-20 20:17 - 2008-07-10 15:57 - 0001356 ____A C:\Users\Zach\Local Settings\d3d9caps.dat
2012-04-20 20:17 - 2008-07-10 15:57 - 0001356 ____A C:\Users\Zach\Local Settings\Application Data\d3d9caps.dat
2012-04-20 20:17 - 2008-07-10 15:57 - 0001356 ____A C:\Users\Zach\AppData\Local\d3d9caps.dat
2012-04-20 19:48 - 2012-04-14 18:35 - 0000000 ____D C:\Program Files\CCleaner
2012-04-20 19:48 - 2012-03-11 09:53 - 0000000 ____D C:\Program Files\iTunes
2012-04-20 19:48 - 2011-08-24 12:31 - 0000000 ____D C:\Users\Zach\Application Data\vlc
2012-04-20 19:48 - 2011-08-24 12:31 - 0000000 ____D C:\Users\Zach\AppData\Roaming\vlc
2012-04-20 19:48 - 2011-08-17 12:54 - 0000000 ____D C:\Program Files (x86)\Winamp Detect
2012-04-20 19:48 - 2011-08-17 12:53 - 0000000 ____D C:\Users\Zach\Application Data\Winamp
2012-04-20 19:48 - 2011-08-17 12:53 - 0000000 ____D C:\Users\Zach\AppData\Roaming\Winamp
2012-04-20 19:48 - 2011-08-17 12:53 - 0000000 ____D C:\Program Files (x86)\Winamp
2012-04-20 19:48 - 2011-05-18 13:54 - 0000000 ____D C:\Program Files (x86)\Norton Security Scan
2012-04-20 19:48 - 2010-07-06 18:24 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-04-20 19:48 - 2010-01-09 21:39 - 0000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-04-20 19:48 - 2010-01-09 20:01 - 0000000 ____D C:\Program Files (x86)\Adsen File Splitter
2012-04-20 19:48 - 2009-07-28 08:14 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-20 19:48 - 2009-07-14 15:52 - 0000000 ____D C:\Program Files (x86)\Acoustica MP3 Audio Mixer
2012-04-20 19:48 - 2008-07-16 18:52 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-04-20 19:48 - 2008-07-16 18:52 - 0000000 ____D C:\Users\All Users\Application Data\FLEXnet
2012-04-20 19:48 - 2008-07-16 18:52 - 0000000 ____D C:\ProgramData\FLEXnet
2012-04-20 19:48 - 2008-07-10 16:25 - 0000000 ____D C:\Zach's Stuff
2012-04-20 19:44 - 2011-05-18 13:54 - 0000000 ____D C:\Windows\System32\Drivers\NSSx64
2012-04-20 19:43 - 2012-03-11 09:53 - 0000000 ____D C:\Program Files\iPod
2012-04-20 19:42 - 2011-12-20 18:26 - 0000000 ____D C:\Program Files (x86)\MSN Toolbar
2012-04-20 19:42 - 2011-05-18 13:54 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-20 19:42 - 2010-01-09 21:36 - 0000000 ____D C:\Program Files (x86)\Red Kawa
2012-04-20 19:42 - 2009-07-14 15:49 - 0000000 ____D C:\Program Files (x86)\SoftwareClub.ws
2012-04-20 16:14 - 2012-04-20 16:10 - 0011594 ____A C:\Users\Zach\Local Settings\dd_vcredistUI4929.txt
2012-04-20 16:14 - 2012-04-20 16:10 - 0011594 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI4929.txt
2012-04-20 16:14 - 2012-04-20 16:10 - 0011594 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI4929.txt
2012-04-20 16:13 - 2012-04-20 16:10 - 0433394 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI4929.txt
2012-04-20 16:13 - 2012-04-20 16:10 - 0433394 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI4929.txt
2012-04-20 16:13 - 2012-04-20 16:10 - 0433394 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI4929.txt
2012-04-20 16:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At42.job
2012-04-20 16:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At41.job
2012-04-15 05:49 - 2012-04-15 05:49 - 0011664 ____A C:\Users\Zach\Local Settings\dd_vcredistUI6703.txt
2012-04-15 05:49 - 2012-04-15 05:49 - 0011664 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI6703.txt
2012-04-15 05:49 - 2012-04-15 05:49 - 0011664 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI6703.txt
2012-04-15 05:49 - 2012-04-15 05:49 - 0001824 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI6703.txt
2012-04-15 05:49 - 2012-04-15 05:49 - 0001824 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI6703.txt
2012-04-15 05:49 - 2012-04-15 05:49 - 0001824 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI6703.txt
2012-04-15 00:18 - 2012-04-07 09:15 - 0000000 ____D C:\Program Files (x86)\Calibre2
2012-04-15 00:18 - 2008-09-25 15:07 - 0000000 ____D C:\Program Files (x86)\MagicISO
2012-04-15 00:18 - 2008-07-10 16:13 - 0000000 ____D C:\Users\Zach\Application Data\Adobe
2012-04-15 00:18 - 2008-07-10 16:13 - 0000000 ____D C:\Users\Zach\AppData\Roaming\Adobe
2012-04-15 00:09 - 2008-07-11 17:13 - 0000000 ____D C:\Program Files\Trend Micro
2012-04-14 20:39 - 2008-07-18 17:43 - 0000000 ____D C:\Program Files (x86)\Steam
2012-04-14 20:39 - 2008-07-10 16:25 - 0000000 ____D C:\Users\Zach\Application Data\uTorrent
2012-04-14 20:39 - 2008-07-10 16:25 - 0000000 ____D C:\Users\Zach\AppData\Roaming\uTorrent
2012-04-14 20:24 - 2010-07-14 21:31 - 0000000 ____D C:\Users\Zach\Local Settings\Trend Micro
2012-04-14 20:24 - 2010-07-14 21:31 - 0000000 ____D C:\Users\Zach\Local Settings\Application Data\Trend Micro
2012-04-14 20:24 - 2010-07-14 21:31 - 0000000 ____D C:\Users\Zach\AppData\Local\Trend Micro
2012-04-14 19:33 - 2012-04-14 19:32 - 0429052 ____A C:\Users\Zach\Local Settings\dd_vcredistMSI0F08.txt
2012-04-14 19:33 - 2012-04-14 19:32 - 0429052 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistMSI0F08.txt
2012-04-14 19:33 - 2012-04-14 19:32 - 0429052 ____A C:\Users\Zach\AppData\Local\dd_vcredistMSI0F08.txt
2012-04-14 19:33 - 2012-04-14 19:32 - 0011626 ____A C:\Users\Zach\Local Settings\dd_vcredistUI0F08.txt
2012-04-14 19:33 - 2012-04-14 19:32 - 0011626 ____A C:\Users\Zach\Local Settings\Application Data\dd_vcredistUI0F08.txt
2012-04-14 19:33 - 2012-04-14 19:32 - 0011626 ____A C:\Users\Zach\AppData\Local\dd_vcredistUI0F08.txt
2012-04-14 19:25 - 2010-07-14 21:42 - 0000000 ____D C:\Users\Public\Documents\Trend Micro
2012-04-14 19:25 - 2010-07-14 21:42 - 0000000 ____D C:\Users\All Users\Documents\Trend Micro
2012-04-14 19:25 - 2008-07-10 15:46 - 0000000 ____D C:\Users\Zach\AppData\LocalLow
2012-04-14 19:22 - 2008-07-11 17:14 - 0000000 ____D C:\Users\All Users\Trend Micro
2012-04-14 19:22 - 2008-07-11 17:14 - 0000000 ____D C:\Users\All Users\Application Data\Trend Micro
2012-04-14 19:22 - 2008-07-11 17:14 - 0000000 ____D C:\ProgramData\Trend Micro
2012-04-14 19:08 - 2011-05-09 05:32 - 0000000 ____D C:\Users\Zach\Local Settings\Google
2012-04-14 19:08 - 2011-05-09 05:32 - 0000000 ____D C:\Users\Zach\Local Settings\Application Data\Google
2012-04-14 19:08 - 2011-05-09 05:32 - 0000000 ____D C:\Users\Zach\AppData\Local\Google
2012-04-14 19:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At48.job
2012-04-14 19:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At47.job
2012-04-14 18:57 - 2012-04-14 18:57 - 0000919 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 18:57 - 2012-04-14 18:57 - 0000919 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-14 18:57 - 2009-07-28 08:14 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware(84)
2012-04-14 18:49 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At27.job
2012-04-14 18:49 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At14.job
2012-04-14 18:49 - 2011-05-18 13:54 - 0000446 ___AH C:\Windows\Tasks\Norton Security Scan for Zach.job
2012-04-14 18:38 - 2010-05-08 08:51 - 0000000 ____D C:\Users\Zach\Application Data\DAEMON Tools Lite
2012-04-14 18:38 - 2010-05-08 08:51 - 0000000 ____D C:\Users\Zach\AppData\Roaming\DAEMON Tools Lite
2012-04-14 18:38 - 2010-04-13 17:30 - 0000000 ____D C:\Users\Zach\Application Data\FileZilla
2012-04-14 18:38 - 2010-04-13 17:30 - 0000000 ____D C:\Users\Zach\AppData\Roaming\FileZilla
2012-04-14 18:38 - 2010-03-04 19:51 - 0000000 ____D C:\Users\Zach\Application Data\Media Player Classic
2012-04-14 18:38 - 2010-03-04 19:51 - 0000000 ____D C:\Users\Zach\AppData\Roaming\Media Player Classic
2012-04-14 18:38 - 2008-04-09 13:57 - 0000000 ____D C:\Windows\Panther
2012-04-14 18:35 - 2012-04-14 18:35 - 0000781 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-04-14 18:35 - 2012-04-14 18:35 - 0000781 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-04-14 17:51 - 2012-04-14 17:42 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware(29)
2012-04-07 09:38 - 2012-04-07 08:59 - 0000000 ____D C:\Users\Zach\My Documents\My eBooks
2012-04-07 09:38 - 2012-04-07 08:59 - 0000000 ____D C:\Users\Zach\Documents\My eBooks
2012-04-07 09:29 - 2012-04-07 09:29 - 0000000 ____D C:\Users\Zach\Local Settings\Application Data\Amazon
2012-04-07 09:29 - 2012-04-07 09:29 - 0000000 ____D C:\Users\Zach\Local Settings\Amazon
2012-04-07 09:29 - 2012-04-07 09:29 - 0000000 ____D C:\Users\Zach\AppData\Local\Amazon
2012-04-07 09:29 - 2009-04-17 21:04 - 0000000 ____D C:\Program Files (x86)\Amazon
2012-04-07 09:17 - 2012-04-07 09:16 - 0000000 ____D C:\Users\Zach\Application Data\calibre
2012-04-07 09:17 - 2012-04-07 09:16 - 0000000 ____D C:\Users\Zach\AppData\Roaming\calibre
2012-04-07 09:09 - 2012-04-07 08:59 - 0000000 ____D C:\Users\Zach\Application Data\Mobipocket
2012-04-07 09:09 - 2012-04-07 08:59 - 0000000 ____D C:\Users\Zach\AppData\Roaming\Mobipocket
2012-04-07 08:59 - 2012-04-07 08:59 - 0000000 ____D C:\Program Files (x86)\Mobipocket.com
2012-04-06 08:43 - 2012-04-06 08:41 - 0000000 ____D C:\tmp
2012-04-04 11:56 - 2009-07-28 08:14 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 06:42 - 2012-04-04 06:42 - 0000000 ____D C:\Program Files\iPod(38)
2012-04-03 15:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At40.job
2012-04-03 15:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At39.job
2012-04-03 14:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At38.job
2012-04-03 14:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At37.job
2012-04-03 13:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At36.job
2012-04-03 13:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At35.job
2012-04-03 12:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At34.job
2012-04-03 12:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At33.job
2012-04-03 11:02 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At32.job
2012-04-03 11:02 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At31.job
2012-04-03 10:13 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At30.job
2012-04-03 10:13 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At28.job
2012-04-03 10:13 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At26.job
2012-04-03 10:13 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At24.job
2012-04-03 10:13 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At29.job
2012-04-03 10:13 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At25.job
2012-04-03 10:13 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At23.job
2012-04-03 05:12 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At20.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At8.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At6.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At4.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At2.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At18.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At16.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At12.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000346 ____A C:\Windows\Tasks\At10.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At9.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At7.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At5.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At3.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At19.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At17.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At15.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At13.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At11.job
2012-04-03 05:12 - 2012-02-06 16:05 - 0000344 ____A C:\Windows\Tasks\At1.job
2012-04-02 18:04 - 2012-02-06 16:06 - 0000346 ____A C:\Windows\Tasks\At46.job
2012-04-02 18:04 - 2012-02-06 16:06 - 0000344 ____A C:\Windows\Tasks\At45.job
2012-03-21 04:47 - 2012-03-21 04:47 - 0000872 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-03-21 04:47 - 2012-03-21 04:47 - 0000872 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-03-21 04:45 - 2012-03-21 04:44 - 22259528 ____A C:\Users\Zach\My Documents\vlc-2.0.1-win32.exe
2012-03-21 04:45 - 2012-03-21 04:44 - 22259528 ____A C:\Users\Zach\Documents\vlc-2.0.1-win32.exe
2012-03-16 13:13 - 2008-07-10 20:25 - 0031744 ____A C:\Users\Zach\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-16 13:13 - 2008-07-10 20:25 - 0031744 ____A C:\Users\Zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-16 13:13 - 2008-07-10 20:25 - 0031744 ____A C:\Users\Zach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-14 23:26 - 2006-11-02 07:21 - 5125280 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-11 10:50 - 2012-03-11 10:50 - 0044863 ____A C:\Users\Zach\Application Data\UserTile.png
2012-03-11 10:50 - 2012-03-11 10:50 - 0044863 ____A C:\Users\Zach\AppData\Roaming\UserTile.png
2012-03-11 09:53 - 2012-03-11 09:53 - 0001586 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-11 09:53 - 2012-03-11 09:53 - 0001586 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-03-06 21:11 - 2011-03-17 11:01 - 0000000 ____D C:\Windows\System32\Service
2012-03-06 15:15 - 2012-04-20 16:10 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-04-20 16:10 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-05 22:44 - 2012-04-22 06:00 - 4699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-04 07:41 - 2010-08-13 08:54 - 0000000 ____D C:\Users\All Users\DivX
2012-03-04 07:41 - 2010-08-13 08:54 - 0000000 ____D C:\Users\All Users\Application Data\DivX
2012-03-04 07:41 - 2010-08-13 08:54 - 0000000 ____D C:\ProgramData\DivX
2012-03-04 07:41 - 2008-07-10 19:23 - 0000000 ____D C:\Program Files (x86)\DivX
2012-02-29 07:37 - 2012-04-22 06:00 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 07:37 - 2012-04-22 06:00 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 07:35 - 2012-04-22 06:00 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 07:11 - 2012-04-22 06:00 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 07:11 - 2012-04-22 06:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 07:09 - 2012-04-22 06:00 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 05:52 - 2012-04-22 06:00 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-28 07:35 - 2012-04-21 15:50 - 1428992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 07:35 - 2012-04-21 15:50 - 1032192 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 07:35 - 2012-04-21 15:50 - 0108544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 07:34 - 2012-04-21 15:50 - 1129984 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 7020544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 5720064 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 0759808 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 0590848 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 0375808 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 0224768 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 07:33 - 2012-04-21 15:50 - 0032256 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 07:26 - 2012-04-21 15:50 - 1176576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 07:26 - 2012-04-21 15:50 - 0834048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 07:26 - 2012-04-21 15:50 - 0106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 07:24 - 2012-04-21 15:50 - 3618304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 07:24 - 2012-04-21 15:50 - 0671232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-02-28 07:24 - 2012-04-21 15:50 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 07:24 - 2012-04-21 15:50 - 0471040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-28 07:24 - 2012-04-21 15:50 - 0027648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 07:23 - 2012-04-21 15:50 - 6090240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 07:23 - 2012-04-21 15:50 - 0380928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-28 07:23 - 2012-04-21 15:50 - 0270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 07:23 - 2012-04-21 15:50 - 0193024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-28 07:23 - 2012-04-21 15:50 - 0180736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-28 06:56 - 2012-04-21 15:50 - 0485376 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-28 06:21 - 2012-04-21 15:50 - 0389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-28 06:19 - 2012-04-21 15:50 - 1383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 05:56 - 2012-04-21 15:50 - 1383424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 15:04 - 2012-02-27 15:04 - 0000000 ____D C:\Users\Zach\My Documents\New Folder
2012-02-27 15:04 - 2012-02-27 15:04 - 0000000 ____D C:\Users\Zach\Documents\New Folder
2012-02-16 09:10 - 2009-05-14 17:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 14:59 - 2012-02-15 14:59 - 0000000 ____D C:\3dde48ab4afa77e6b5617b13883b
2012-02-15 07:01 - 2012-02-15 07:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 07:01 - 2012-02-15 07:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-14 08:49 - 2012-03-14 06:02 - 0327680 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-14 08:49 - 2012-03-14 06:02 - 0196096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-14 07:45 - 2012-03-14 06:02 - 0219648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-14 07:45 - 2012-03-14 06:02 - 0160768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-13 06:38 - 2012-03-14 06:02 - 2002944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-13 06:12 - 2012-03-14 06:02 - 1172480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-13 06:06 - 2012-03-14 06:02 - 0834048 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-13 06:03 - 2012-03-14 06:02 - 1555968 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-13 05:47 - 2012-03-14 06:02 - 0683008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-13 05:44 - 2012-03-14 06:02 - 1068544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-13 05:16 - 2012-02-06 15:55 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-07 07:02 - 2012-02-07 07:02 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-06 17:47 - 2012-02-06 16:11 - 0000000 ____D C:\Program Files (x86)\ZAR
2012-02-06 17:40 - 2011-04-02 23:22 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-02-06 17:40 - 2011-04-02 23:22 - 0000000 ____D C:\Users\All Users\Application Data\regid.1986-12.com.adobe
2012-02-06 17:40 - 2011-04-02 23:22 - 0000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2012-02-06 16:20 - 2012-02-06 16:20 - 0000000 ____D C:\Windows\Sun
2012-02-06 16:15 - 2009-06-07 18:41 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-02-06 16:15 - 2009-06-07 18:41 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
2012-02-06 16:15 - 2009-06-07 18:41 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-02-06 16:14 - 2012-02-06 16:06 - 0000112 ____A C:\Users\All Users\pvGnFTLOQ.dat
2012-02-06 16:14 - 2012-02-06 16:06 - 0000112 ____A C:\Users\All Users\Application Data\pvGnFTLOQ.dat
2012-02-06 16:14 - 2012-02-06 16:06 - 0000112 ____A C:\ProgramData\pvGnFTLOQ.dat
2012-02-06 16:11 - 2012-02-06 16:11 - 0000745 ____A C:\Users\Zach\Desktop\Zero Assumption Recovery.lnk
2012-02-06 16:02 - 2012-02-06 16:02 - 0000000 ____D C:\recovered
2012-02-06 16:01 - 2012-02-06 16:01 - 0000000 ____D C:\Program Files (x86)\SoftOrbits Flash Drive Recovery
2012-02-06 15:58 - 2012-02-06 15:58 - 0000000 ____D C:\Program Files (x86)\Fast Flash Recovery
2012-02-06 15:58 - 2008-07-11 17:17 - 0000794 ____A C:\Windows\System32\Drivers\etc\tmvsthfud.bin
2012-02-06 15:58 - 2008-07-11 17:17 - 0000794 ____A C:\Windows\System32\Drivers\etc\tmvsthfss.bin
2012-02-06 15:56 - 2012-02-06 15:56 - 0000000 ____D C:\Program Files (x86)\Ontrack
2012-02-06 15:54 - 2012-02-06 15:54 - 0000000 ____D C:\Windows\system64
2012-02-06 15:11 - 2012-02-06 15:11 - 0000000 ____D C:\Program Files (x86)\Smart PC Solutions
2012-02-02 07:34 - 2012-03-14 06:02 - 2765824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-26 21:52 - 2009-10-02 11:59 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 5886.38 MB
Available physical RAM: 5258.91 MB
Total Pagefile: 5694.3 MB
Available Pagefile: 5379.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Partition_1) (Fixed) (Total:580.67 GB) (Free:195.59 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: (J'S DRIVE) (Fixed) (Total:74.5 GB) (Free:12.92 GB) FAT32
8 Drive x: (Recovery) (Fixed) (Total:15.5 GB) (Free:7.98 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 596 GB 1528 KB
Disk 1 Online 75 GB 10 MB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 32 KB
Partition 2 Primary 581 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 X Recovery NTFS Partition 15 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Partition_1 NTFS Partition 581 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 E J'S DRIVE FAT32 Partition 75 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-22 06:14

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 22 April 2012 - 10:16 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 WIBUKEY; C:\Windows\System32\DC21x4.dll [6656 2008-01-20] (Oak Technology Inc.)
C:\Windows\System32\DC21x4.dll
NETSVC: WIBUKEY
CMD: Del /q C:\Windows\Tasks\At*.job

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 aka-goldfish

aka-goldfish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 22 April 2012 - 10:51 AM

Hello again, I think the system started up quicker after that fix! Below is the fixlog.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-22 11:45:23 R:1
Running from D:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
WIBUKEY service deleted successfully.
C:\Windows\System32\DC21x4.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs WIBUKEY Deleted successfully.

========= Del /q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========


==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 22 April 2012 - 11:03 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 aka-goldfish

aka-goldfish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 22 April 2012 - 12:11 PM

Before I ran combofix I tried to disable the windows firewall again and it came up with the same "Due to an unidentified problem, windows cannot display firewall settings" error as before, and when I clicked on the Windows Defender, I got "Application failed to initialize: 0x80070006. The handle is invalid.". I checked to see if TrendMicro was running, and there was no tray icon, it wasn't listed anywhere in the All Programs under the start menu, and it was not listed as a program under the uninstall list from My Computer. I ran Combofix, and it said that Trend Micro was still active. I tried to uninstall as listed under the help link posted, but the only files in the Trend Micro folders I could find under Program Files and Program Data were logs. I put those folders in the recycling bin just in case somehow they were causing it to be considered active, but Combofix said TrendMicro was still active, but it would still run the scan at my own risk. Combofix seemed to run alright and the machine rebooted fine, but it sounds like it's running kinda hard again and it took a while to load up Firefox again. So here's the log. Thank you!

ComboFix 12-04-22.01 - Zach 04/22/2012 12:31:46.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4460 [GMT -4:00]
Running from: c:\users\Zach\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *Enabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security Pro *Enabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\Magic Speed.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\Reach-a-Mail.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\Smart PC.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery on the Web.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Uninstall Smart Flash Recovery.lnk
c:\users\Zach\AppData\Roaming\Adobe\plugs
c:\users\Zach\AppData\Roaming\Adobe\shed
c:\windows\SysWow64\is-74B68.tmp
c:\windows\SysWow64\is-OELRJ.tmp
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-22 18:22 . 2012-04-22 18:23 -------- d-----w- C:\FRST
2012-04-22 16:40 . 2012-04-22 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-22 14:00 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-22 14:00 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 14:00 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 14:00 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 14:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-22 14:00 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-22 14:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-22 14:00 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-21 00:10 . 2012-04-21 20:50 -------- d-----w- C:\d82f84b5694164d74c
2012-04-21 00:10 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-21 00:10 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-15 03:32 . 2012-04-21 20:50 -------- d-----w- c:\programdata\AVAST Software
2012-04-15 03:32 . 2012-04-21 20:50 -------- d-----w- c:\program files\AVAST Software
2012-04-15 02:35 . 2012-04-21 03:48 -------- d-----w- c:\program files\CCleaner
2012-04-15 01:42 . 2012-04-15 01:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware(29)
2012-04-07 17:29 . 2012-04-07 17:29 -------- d-----w- c:\users\Zach\AppData\Local\Amazon
2012-04-07 17:16 . 2012-04-07 17:17 -------- d-----w- c:\users\Zach\AppData\Roaming\calibre
2012-04-07 17:15 . 2012-04-15 08:18 -------- d-----w- c:\program files (x86)\Calibre2
2012-04-07 16:59 . 2012-04-07 17:09 -------- d-----w- c:\users\Zach\AppData\Roaming\Mobipocket
2012-04-07 16:59 . 2012-04-07 16:59 -------- d-----w- c:\program files (x86)\Mobipocket.com
2012-04-06 16:41 . 2012-04-06 16:43 -------- d-----w- C:\tmp
2012-04-04 14:42 . 2012-04-04 14:42 -------- d-----w- c:\program files\iPod(38)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 23:33 . 2009-09-10 20:32 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-04-04 19:56 . 2009-07-28 16:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:49 . 2012-03-14 14:02 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 14:02 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 14:02 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 14:02 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 14:02 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 14:02 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 14:02 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 14:02 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 14:02 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 14:02 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-13 13:16 . 2012-02-06 23:55 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-02 15:34 . 2012-03-14 14:02 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-01-27 05:52 . 2009-10-02 19:59 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\zach's stuff\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2008-11-28 3656]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-8-19 2068832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-16 5453824]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\mz0vbgo6.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-On the Rain-Slick Precipice of Darkness, Episode Two - c:\program files (x86)\Hothead Games\Precipice of Darkness
AddRemove-Nations Photo Lab ROES - c:\windows\system32\javaws.exe
AddRemove-Nations Photo Lab ROES Easy - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*3*b*0*1*#*5* ³äz\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*<õh\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*B*e*l*p˙j|\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACRAD46\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACRAD46\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2c9c7b&0&UID268435458\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2c9c7b&0&UID268435458\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A4\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A4\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A5\5&2c9c7b&0&UID268435458\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A5\5&2c9c7b&0&UID268435458\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A6\5&2c9c7b&0&UID268435458\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A6\5&2c9c7b&0&UID268435458\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM0124\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM030E\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM030E\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM031F\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM031F\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-04-22 12:51:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-22 16:51
.
Pre-Run: 209,980,895,232 bytes free
Post-Run: 209,979,682,816 bytes free
.
- - End Of File - - 705E415544563F60B458FBFBB399CF5C

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 22 April 2012 - 12:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 aka-goldfish

aka-goldfish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 22 April 2012 - 03:22 PM

Didn't have any trouble running those. PC seems to have calmed down a little after the combofix. Here's the logs:

15:40:41.0093 2832 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
15:40:41.0559 2832 ============================================================
15:40:41.0559 2832 Current date / time: 2012/04/22 15:40:41.0559
15:40:41.0559 2832 SystemInfo:
15:40:41.0559 2832
15:40:41.0559 2832 OS Version: 6.0.6002 ServicePack: 2.0
15:40:41.0559 2832 Product type: Workstation
15:40:41.0559 2832 ComputerName: ZACH-PC
15:40:41.0560 2832 UserName: Zach
15:40:41.0560 2832 Windows directory: C:\Windows
15:40:41.0560 2832 System windows directory: C:\Windows
15:40:41.0560 2832 Running under WOW64
15:40:41.0560 2832 Processor architecture: Intel x64
15:40:41.0560 2832 Number of processors: 4
15:40:41.0560 2832 Page size: 0x1000
15:40:41.0560 2832 Boot type: Normal boot
15:40:41.0560 2832 ============================================================
15:40:43.0006 2832 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:40:43.0010 2832 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:40:43.0446 2832 \Device\Harddisk0\DR0:
15:40:43.0446 2832 MBR partitions:
15:40:43.0446 2832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1EFE6E8
15:40:43.0446 2832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EFE727, BlocksNum 0x4895879A
15:40:43.0446 2832 \Device\Harddisk1\DR1:
15:40:43.0447 2832 MBR partitions:
15:40:43.0447 2832 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0x950A000
15:40:43.0484 2832 C: <-> \Device\Harddisk0\DR0\Partition1
15:40:43.0500 2832 D: <-> \Device\Harddisk0\DR0\Partition0
15:40:43.0502 2832 O: <-> \Device\Harddisk1\DR1\Partition0
15:40:43.0502 2832 Initialize success
15:40:43.0502 2832 ============================================================
15:41:07.0163 0484 ============================================================
15:41:07.0163 0484 Scan started
15:41:07.0163 0484 Mode: Manual;
15:41:07.0163 0484 ============================================================
15:41:08.0127 0484 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:41:08.0129 0484 ACPI - ok
15:41:08.0197 0484 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
15:41:08.0198 0484 adfs - ok
15:41:08.0301 0484 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:41:08.0302 0484 AdobeARMservice - ok
15:41:08.0385 0484 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:41:08.0393 0484 adp94xx - ok
15:41:08.0448 0484 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:41:08.0452 0484 adpahci - ok
15:41:08.0471 0484 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:41:08.0472 0484 adpu160m - ok
15:41:08.0489 0484 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:41:08.0491 0484 adpu320 - ok
15:41:08.0517 0484 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:41:08.0518 0484 AeLookupSvc - ok
15:41:08.0574 0484 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:41:08.0579 0484 AFD - ok
15:41:08.0601 0484 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:41:08.0602 0484 agp440 - ok
15:41:08.0622 0484 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:41:08.0624 0484 aic78xx - ok
15:41:08.0643 0484 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:41:08.0644 0484 ALG - ok
15:41:08.0656 0484 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:41:08.0657 0484 aliide - ok
15:41:08.0674 0484 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:41:08.0675 0484 amdide - ok
15:41:08.0739 0484 amdide64 (d52a2e98c5eeff88ced28793b6b04d84) C:\Windows\system32\DRIVERS\amdide64.sys
15:41:08.0740 0484 amdide64 - ok
15:41:08.0787 0484 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
15:41:08.0788 0484 AmdK8 - ok
15:41:08.0844 0484 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:41:08.0845 0484 Appinfo - ok
15:41:08.0945 0484 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:41:08.0946 0484 Apple Mobile Device - ok
15:41:08.0991 0484 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:41:08.0992 0484 arc - ok
15:41:09.0011 0484 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:41:09.0012 0484 arcsas - ok
15:41:09.0065 0484 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:41:09.0065 0484 AsyncMac - ok
15:41:09.0093 0484 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:41:09.0094 0484 atapi - ok
15:41:09.0125 0484 Ati External Event Utility (18985fee743da6f1ae382bdf7d889430) C:\Windows\system32\Ati2evxx.exe
15:41:09.0131 0484 Ati External Event Utility - ok
15:41:09.0253 0484 ATICDSDr - ok
15:41:09.0358 0484 atikmdag (3471469d4a85564cdd72e4459d106f0b) C:\Windows\system32\DRIVERS\atikmdag.sys
15:41:09.0428 0484 atikmdag - ok
15:41:09.0448 0484 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:41:09.0448 0484 AtiPcie - ok
15:41:09.0510 0484 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:41:09.0513 0484 AudioEndpointBuilder - ok
15:41:09.0526 0484 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:41:09.0529 0484 AudioSrv - ok
15:41:09.0637 0484 AxAutoMntSrv (7692f4b242e45870873caf4cb85cf769) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
15:41:09.0639 0484 AxAutoMntSrv - ok
15:41:09.0688 0484 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:41:09.0692 0484 b57nd60a - ok
15:41:09.0722 0484 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:41:09.0738 0484 BCM43XV - ok
15:41:09.0745 0484 Beep - ok
15:41:09.0811 0484 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
15:41:09.0826 0484 BFE - ok
15:41:09.0891 0484 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
15:41:09.0899 0484 BITS - ok
15:41:09.0911 0484 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:41:09.0912 0484 blbdrive - ok
15:41:10.0011 0484 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:41:10.0016 0484 Bonjour Service - ok
15:41:10.0038 0484 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:41:10.0039 0484 bowser - ok
15:41:10.0094 0484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:41:10.0094 0484 BrFiltLo - ok
15:41:10.0111 0484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:41:10.0112 0484 BrFiltUp - ok
15:41:10.0140 0484 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:41:10.0141 0484 Browser - ok
15:41:10.0152 0484 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:41:10.0154 0484 Brserid - ok
15:41:10.0174 0484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:41:10.0175 0484 BrSerWdm - ok
15:41:10.0193 0484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:41:10.0194 0484 BrUsbMdm - ok
15:41:10.0208 0484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:41:10.0209 0484 BrUsbSer - ok
15:41:10.0221 0484 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:41:10.0222 0484 BTHMODEM - ok
15:41:10.0248 0484 catchme - ok
15:41:10.0298 0484 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
15:41:10.0301 0484 CAXHWBS2 - ok
15:41:10.0313 0484 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:41:10.0315 0484 cdfs - ok
15:41:10.0337 0484 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:41:10.0338 0484 cdrom - ok
15:41:10.0383 0484 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:41:10.0384 0484 CertPropSvc - ok
15:41:10.0403 0484 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
15:41:10.0404 0484 circlass - ok
15:41:10.0431 0484 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:41:10.0436 0484 CLFS - ok
15:41:10.0487 0484 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:10.0488 0484 clr_optimization_v2.0.50727_32 - ok
15:41:10.0525 0484 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:41:10.0526 0484 clr_optimization_v2.0.50727_64 - ok
15:41:10.0592 0484 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:41:10.0595 0484 clr_optimization_v4.0.30319_32 - ok
15:41:10.0619 0484 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:41:10.0621 0484 clr_optimization_v4.0.30319_64 - ok
15:41:10.0669 0484 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
15:41:10.0670 0484 CmBatt - ok
15:41:10.0691 0484 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:41:10.0692 0484 cmdide - ok
15:41:10.0706 0484 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
15:41:10.0707 0484 Compbatt - ok
15:41:10.0713 0484 COMSysApp - ok
15:41:10.0816 0484 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:41:10.0817 0484 crcdisk - ok
15:41:10.0863 0484 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
15:41:10.0865 0484 CryptSvc - ok
15:41:10.0905 0484 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:41:10.0911 0484 DcomLaunch - ok
15:41:10.0935 0484 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:41:10.0937 0484 DfsC - ok
15:41:11.0040 0484 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:41:11.0089 0484 DFSR - ok
15:41:11.0162 0484 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:41:11.0165 0484 Dhcp - ok
15:41:11.0186 0484 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:41:11.0188 0484 disk - ok
15:41:11.0246 0484 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:41:11.0248 0484 Dnscache - ok
15:41:11.0271 0484 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:41:11.0275 0484 dot3svc - ok
15:41:11.0329 0484 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
15:41:11.0331 0484 Dot4 - ok
15:41:11.0359 0484 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:41:11.0360 0484 Dot4Print - ok
15:41:11.0386 0484 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
15:41:11.0387 0484 dot4usb - ok
15:41:11.0440 0484 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:41:11.0441 0484 DPS - ok
15:41:11.0485 0484 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:41:11.0485 0484 drmkaud - ok
15:41:11.0562 0484 DTSRVC (b9997aeb24135477963366d4240c4819) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
15:41:11.0563 0484 DTSRVC - ok
15:41:11.0601 0484 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:41:11.0617 0484 DXGKrnl - ok
15:41:11.0683 0484 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:41:11.0685 0484 E1G60 - ok
15:41:11.0735 0484 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:41:11.0737 0484 EapHost - ok
15:41:11.0763 0484 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:41:11.0765 0484 Ecache - ok
15:41:11.0799 0484 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:41:11.0803 0484 ehRecvr - ok
15:41:11.0817 0484 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:41:11.0819 0484 ehSched - ok
15:41:11.0862 0484 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:41:11.0863 0484 ehstart - ok
15:41:11.0880 0484 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:41:11.0885 0484 elxstor - ok
15:41:11.0916 0484 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:41:11.0919 0484 EMDMgmt - ok
15:41:11.0937 0484 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:41:11.0938 0484 ErrDev - ok
15:41:11.0999 0484 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:41:12.0002 0484 EventSystem - ok
15:41:12.0035 0484 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:41:12.0037 0484 exfat - ok
15:41:12.0066 0484 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:41:12.0069 0484 fastfat - ok
15:41:12.0088 0484 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:41:12.0088 0484 fdc - ok
15:41:12.0109 0484 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:41:12.0111 0484 fdPHost - ok
15:41:12.0126 0484 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:41:12.0128 0484 FDResPub - ok
15:41:12.0143 0484 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:41:12.0144 0484 FileInfo - ok
15:41:12.0169 0484 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:41:12.0170 0484 Filetrace - ok
15:41:12.0234 0484 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:41:12.0251 0484 FLEXnet Licensing Service - ok
15:41:12.0360 0484 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:41:12.0377 0484 FLEXnet Licensing Service 64 - ok
15:41:12.0398 0484 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:41:12.0399 0484 flpydisk - ok
15:41:12.0452 0484 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:41:12.0456 0484 FltMgr - ok
15:41:12.0550 0484 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:41:12.0576 0484 FontCache - ok
15:41:12.0619 0484 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:41:12.0620 0484 FontCache3.0.0.0 - ok
15:41:12.0645 0484 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:41:12.0645 0484 Fs_Rec - ok
15:41:12.0664 0484 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:41:12.0665 0484 gagp30kx - ok
15:41:12.0744 0484 GameConsoleService (3eafdd637416393722aa98e940dfd0a0) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
15:41:12.0747 0484 GameConsoleService - ok
15:41:12.0830 0484 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:41:12.0830 0484 GEARAspiWDM - ok
15:41:12.0866 0484 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:41:12.0871 0484 gpsvc - ok
15:41:12.0891 0484 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
15:41:12.0892 0484 hamachi - ok
15:41:12.0941 0484 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
15:41:12.0944 0484 HdAudAddService - ok
15:41:13.0000 0484 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:41:13.0007 0484 HDAudBus - ok
15:41:13.0034 0484 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:41:13.0034 0484 HidBth - ok
15:41:13.0061 0484 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
15:41:13.0062 0484 HidIr - ok
15:41:13.0134 0484 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
15:41:13.0135 0484 hidserv - ok
15:41:13.0156 0484 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:41:13.0157 0484 HidUsb - ok
15:41:13.0180 0484 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:41:13.0183 0484 hkmsvc - ok
15:41:13.0235 0484 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:41:13.0236 0484 HpCISSs - ok
15:41:13.0681 0484 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:41:13.0683 0484 hpqcxs08 - ok
15:41:13.0812 0484 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:41:13.0814 0484 hpqddsvc - ok
15:41:13.0851 0484 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:41:13.0876 0484 HSF_DPV - ok
15:41:13.0911 0484 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:41:13.0916 0484 HTTP - ok
15:41:13.0933 0484 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:41:13.0934 0484 i2omp - ok
15:41:13.0983 0484 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:41:13.0984 0484 i8042prt - ok
15:41:14.0009 0484 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:41:14.0013 0484 iaStorV - ok
15:41:14.0102 0484 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:41:14.0103 0484 IDriverT - ok
15:41:14.0187 0484 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:41:14.0205 0484 idsvc - ok
15:41:14.0220 0484 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:41:14.0221 0484 iirsp - ok
15:41:14.0261 0484 IJPLMSVC (51516252dbbfed36f70b341dba263167) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
15:41:14.0262 0484 IJPLMSVC - ok
15:41:14.0289 0484 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:41:14.0306 0484 IKEEXT - ok
15:41:14.0390 0484 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys
15:41:14.0423 0484 IntcAzAudAddService - ok
15:41:14.0469 0484 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:41:14.0469 0484 intelide - ok
15:41:14.0483 0484 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:41:14.0484 0484 intelppm - ok
15:41:14.0513 0484 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:41:14.0516 0484 IPBusEnum - ok
15:41:14.0532 0484 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:41:14.0534 0484 IpFilterDriver - ok
15:41:14.0557 0484 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
15:41:14.0561 0484 iphlpsvc - ok
15:41:14.0568 0484 IpInIp - ok
15:41:14.0583 0484 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:41:14.0584 0484 IPMIDRV - ok
15:41:14.0600 0484 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:41:14.0602 0484 IPNAT - ok
15:41:14.0662 0484 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
15:41:14.0679 0484 iPod Service - ok
15:41:14.0694 0484 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:41:14.0695 0484 IRENUM - ok
15:41:14.0745 0484 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:41:14.0746 0484 isapnp - ok
15:41:14.0799 0484 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:41:14.0800 0484 iScsiPrt - ok
15:41:14.0810 0484 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:41:14.0811 0484 iteatapi - ok
15:41:14.0857 0484 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:41:14.0858 0484 iteraid - ok
15:41:14.0876 0484 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:41:14.0877 0484 kbdclass - ok
15:41:14.0896 0484 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:41:14.0896 0484 kbdhid - ok
15:41:14.0910 0484 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:41:14.0912 0484 KeyIso - ok
15:41:14.0966 0484 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
15:41:14.0983 0484 KSecDD - ok
15:41:14.0991 0484 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:41:14.0992 0484 ksthunk - ok
15:41:15.0061 0484 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:41:15.0067 0484 KtmRm - ok
15:41:15.0093 0484 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
15:41:15.0098 0484 LanmanServer - ok
15:41:15.0125 0484 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:41:15.0130 0484 LanmanWorkstation - ok
15:41:15.0144 0484 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:41:15.0145 0484 lltdio - ok
15:41:15.0177 0484 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:41:15.0183 0484 lltdsvc - ok
15:41:15.0203 0484 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:41:15.0205 0484 lmhosts - ok
15:41:15.0225 0484 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:41:15.0227 0484 LSI_FC - ok
15:41:15.0247 0484 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:41:15.0249 0484 LSI_SAS - ok
15:41:15.0268 0484 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:41:15.0270 0484 LSI_SCSI - ok
15:41:15.0289 0484 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:41:15.0291 0484 luafv - ok
15:41:15.0349 0484 mcdbus (2757f2e17c452e24682eb0ccea74997d) C:\Windows\system32\DRIVERS\mcdbus.sys
15:41:15.0350 0484 mcdbus - ok
15:41:15.0372 0484 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:41:15.0374 0484 Mcx2Svc - ok
15:41:15.0399 0484 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:41:15.0400 0484 mdmxsdk - ok
15:41:15.0440 0484 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:41:15.0441 0484 megasas - ok
15:41:15.0462 0484 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:41:15.0468 0484 MegaSR - ok
15:41:15.0492 0484 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:41:15.0493 0484 MMCSS - ok
15:41:15.0502 0484 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:41:15.0503 0484 Modem - ok
15:41:15.0513 0484 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:41:15.0513 0484 monitor - ok
15:41:15.0522 0484 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:41:15.0522 0484 mouclass - ok
15:41:15.0549 0484 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:41:15.0549 0484 mouhid - ok
15:41:15.0580 0484 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:41:15.0581 0484 MountMgr - ok
15:41:15.0634 0484 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:41:15.0635 0484 mpio - ok
15:41:15.0651 0484 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:41:15.0652 0484 mpsdrv - ok
15:41:15.0734 0484 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
15:41:15.0752 0484 MpsSvc - ok
15:41:15.0764 0484 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:41:15.0765 0484 Mraid35x - ok
15:41:15.0785 0484 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:41:15.0787 0484 MRxDAV - ok
15:41:15.0811 0484 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:41:15.0814 0484 mrxsmb - ok
15:41:15.0851 0484 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:41:15.0855 0484 mrxsmb10 - ok
15:41:15.0864 0484 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:41:15.0866 0484 mrxsmb20 - ok
15:41:15.0880 0484 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:41:15.0881 0484 msahci - ok
15:41:15.0899 0484 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:41:15.0900 0484 msdsm - ok
15:41:15.0923 0484 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:41:15.0926 0484 MSDTC - ok
15:41:15.0945 0484 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:41:15.0946 0484 Msfs - ok
15:41:15.0988 0484 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:41:15.0989 0484 msisadrv - ok
15:41:16.0016 0484 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:41:16.0020 0484 MSiSCSI - ok
15:41:16.0026 0484 msiserver - ok
15:41:16.0067 0484 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:41:16.0068 0484 MSKSSRV - ok
15:41:16.0115 0484 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:41:16.0116 0484 MSPCLOCK - ok
15:41:16.0129 0484 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:41:16.0130 0484 MSPQM - ok
15:41:16.0157 0484 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:41:16.0162 0484 MsRPC - ok
15:41:16.0174 0484 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:41:16.0175 0484 mssmbios - ok
15:41:16.0192 0484 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:41:16.0193 0484 MSTEE - ok
15:41:16.0211 0484 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:41:16.0212 0484 Mup - ok
15:41:16.0243 0484 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:41:16.0260 0484 napagent - ok
15:41:16.0311 0484 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:41:16.0314 0484 NativeWifiP - ok
15:41:16.0383 0484 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:41:16.0388 0484 NDIS - ok
15:41:16.0405 0484 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:41:16.0405 0484 NdisTapi - ok
15:41:16.0413 0484 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:41:16.0414 0484 Ndisuio - ok
15:41:16.0430 0484 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:41:16.0432 0484 NdisWan - ok
15:41:16.0444 0484 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:41:16.0445 0484 NDProxy - ok
15:41:16.0555 0484 NeroMediaHomeService.4 (d554bab5233582daeadcd78b8495f77b) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
15:41:16.0558 0484 NeroMediaHomeService.4 - ok
15:41:16.0614 0484 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
15:41:16.0616 0484 Net Driver HPZ12 - ok
15:41:16.0633 0484 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:41:16.0633 0484 NetBIOS - ok
15:41:16.0651 0484 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:41:16.0653 0484 netbt - ok
15:41:16.0669 0484 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:41:16.0670 0484 Netlogon - ok
15:41:16.0693 0484 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:41:16.0696 0484 Netman - ok
15:41:16.0712 0484 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:41:16.0718 0484 netprofm - ok
15:41:16.0755 0484 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:41:16.0757 0484 NetTcpPortSharing - ok
15:41:16.0771 0484 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:41:16.0772 0484 nfrd960 - ok
15:41:16.0791 0484 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:41:16.0795 0484 NlaSvc - ok
15:41:16.0859 0484 npf (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\drivers\npf.sys
15:41:16.0859 0484 npf - ok
15:41:16.0874 0484 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:41:16.0875 0484 Npfs - ok
15:41:16.0889 0484 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:41:16.0891 0484 nsi - ok
15:41:16.0904 0484 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:41:16.0905 0484 nsiproxy - ok
15:41:16.0954 0484 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:41:16.0964 0484 Ntfs - ok
15:41:16.0972 0484 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:41:16.0973 0484 Null - ok
15:41:16.0988 0484 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:41:16.0991 0484 nvraid - ok
15:41:17.0012 0484 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:41:17.0013 0484 nvstor - ok
15:41:17.0030 0484 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:41:17.0032 0484 nv_agp - ok
15:41:17.0040 0484 NwlnkFlt - ok
15:41:17.0049 0484 NwlnkFwd - ok
15:41:17.0112 0484 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:41:17.0130 0484 odserv - ok
15:41:17.0188 0484 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:41:17.0189 0484 ohci1394 - ok
15:41:17.0209 0484 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:41:17.0212 0484 ose - ok
15:41:17.0255 0484 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:41:17.0273 0484 p2pimsvc - ok
15:41:17.0302 0484 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:41:17.0308 0484 p2psvc - ok
15:41:17.0360 0484 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
15:41:17.0361 0484 Parport - ok
15:41:17.0382 0484 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
15:41:17.0383 0484 partmgr - ok
15:41:17.0409 0484 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:41:17.0411 0484 PcaSvc - ok
15:41:17.0428 0484 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:41:17.0429 0484 pci - ok
15:41:17.0481 0484 pciide (4423e6d4d20c5d9ae27608bbe55347f7) C:\Windows\system32\drivers\pciide.sys
15:41:17.0481 0484 pciide - ok
15:41:17.0543 0484 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
15:41:17.0546 0484 pcmcia - ok
15:41:17.0589 0484 PdiPorts (117eb9a45636991a3d88eabc12111f3f) C:\Windows\system32\DRIVERS\PdiPorts.sys
15:41:17.0590 0484 PdiPorts - ok
15:41:17.0617 0484 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:41:17.0634 0484 PEAUTH - ok
15:41:17.0668 0484 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:41:17.0670 0484 PerfHost - ok
15:41:17.0710 0484 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:41:17.0735 0484 pla - ok
15:41:17.0761 0484 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:41:17.0769 0484 PlugPlay - ok
15:41:17.0831 0484 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
15:41:17.0832 0484 Pml Driver HPZ12 - ok
15:41:17.0875 0484 PnkBstrA - ok
15:41:17.0922 0484 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:41:17.0928 0484 PNRPAutoReg - ok
15:41:17.0955 0484 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:41:17.0962 0484 PNRPsvc - ok
15:41:18.0005 0484 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:41:18.0021 0484 PolicyAgent - ok
15:41:18.0068 0484 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:41:18.0069 0484 PptpMiniport - ok
15:41:18.0091 0484 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
15:41:18.0092 0484 Processor - ok
15:41:18.0111 0484 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:41:18.0115 0484 ProfSvc - ok
15:41:18.0127 0484 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:41:18.0128 0484 ProtectedStorage - ok
15:41:18.0147 0484 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:41:18.0148 0484 PSched - ok
15:41:18.0168 0484 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:41:18.0169 0484 PxHlpa64 - ok
15:41:18.0206 0484 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:41:18.0231 0484 ql2300 - ok
15:41:18.0244 0484 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:41:18.0246 0484 ql40xx - ok
15:41:18.0273 0484 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:41:18.0278 0484 QWAVE - ok
15:41:18.0298 0484 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:41:18.0300 0484 QWAVEdrv - ok
15:41:18.0499 0484 R300 (3471469d4a85564cdd72e4459d106f0b) C:\Windows\system32\DRIVERS\atikmdag.sys
15:41:18.0532 0484 R300 - ok
15:41:18.0549 0484 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:41:18.0550 0484 RasAcd - ok
15:41:18.0596 0484 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:41:18.0599 0484 RasAuto - ok
15:41:18.0623 0484 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:41:18.0625 0484 Rasl2tp - ok
15:41:18.0646 0484 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:41:18.0652 0484 RasMan - ok
15:41:18.0681 0484 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:41:18.0682 0484 RasPppoe - ok
15:41:18.0704 0484 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:41:18.0705 0484 RasSstp - ok
15:41:18.0736 0484 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:41:18.0740 0484 rdbss - ok
15:41:18.0753 0484 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:41:18.0753 0484 RDPCDD - ok
15:41:18.0783 0484 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:41:18.0788 0484 rdpdr - ok
15:41:18.0924 0484 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:41:18.0924 0484 RDPENCDD - ok
15:41:19.0151 0484 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
15:41:19.0153 0484 RDPWD - ok
15:41:19.0173 0484 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:41:19.0176 0484 RemoteAccess - ok
15:41:19.0196 0484 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:41:19.0199 0484 RemoteRegistry - ok
15:41:19.0221 0484 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:41:19.0223 0484 RpcLocator - ok
15:41:19.0246 0484 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:41:19.0252 0484 RpcSs - ok
15:41:19.0264 0484 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:41:19.0266 0484 rspndr - ok
15:41:19.0332 0484 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
15:41:19.0334 0484 RTHDMIAzAudService - ok
15:41:19.0358 0484 RTSTOR (fe1d4924e1680a192f9617c5eca19c93) C:\Windows\system32\drivers\RTSTOR64.SYS
15:41:19.0359 0484 RTSTOR - ok
15:41:19.0377 0484 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:41:19.0378 0484 SamSs - ok
15:41:19.0399 0484 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:41:19.0400 0484 sbp2port - ok
15:41:19.0428 0484 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:41:19.0432 0484 SCardSvr - ok
15:41:19.0464 0484 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:41:19.0471 0484 Schedule - ok
15:41:19.0482 0484 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:41:19.0483 0484 SCPolicySvc - ok
15:41:19.0505 0484 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
15:41:19.0507 0484 sdbus - ok
15:41:19.0528 0484 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:41:19.0532 0484 SDRSVC - ok
15:41:19.0666 0484 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:41:19.0668 0484 SeaPort - ok
15:41:19.0686 0484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:41:19.0687 0484 secdrv - ok
15:41:19.0694 0484 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:41:19.0696 0484 seclogon - ok
15:41:19.0713 0484 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
15:41:19.0715 0484 SENS - ok
15:41:19.0728 0484 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
15:41:19.0729 0484 Serenum - ok
15:41:19.0750 0484 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
15:41:19.0752 0484 Serial - ok
15:41:19.0781 0484 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:41:19.0781 0484 sermouse - ok
15:41:19.0805 0484 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:41:19.0807 0484 SessionEnv - ok
15:41:19.0824 0484 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:41:19.0825 0484 sffdisk - ok
15:41:19.0835 0484 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:41:19.0836 0484 sffp_mmc - ok
15:41:19.0851 0484 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:41:19.0851 0484 sffp_sd - ok
15:41:19.0869 0484 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:41:19.0870 0484 sfloppy - ok
15:41:19.0898 0484 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
15:41:19.0904 0484 SharedAccess - ok
15:41:19.0965 0484 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:41:19.0969 0484 ShellHWDetection - ok
15:41:19.0988 0484 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:41:19.0989 0484 SiSRaid2 - ok
15:41:20.0011 0484 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:41:20.0013 0484 SiSRaid4 - ok
15:41:20.0076 0484 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:41:20.0113 0484 slsvc - ok
15:41:20.0140 0484 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:41:20.0142 0484 SLUINotify - ok
15:41:20.0172 0484 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:41:20.0173 0484 Smb - ok
15:41:20.0206 0484 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:41:20.0208 0484 SNMPTRAP - ok
15:41:20.0231 0484 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:41:20.0231 0484 spldr - ok
15:41:20.0257 0484 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:41:20.0261 0484 Spooler - ok
15:41:20.0288 0484 sptd - ok
15:41:20.0330 0484 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:41:20.0337 0484 srv - ok
15:41:20.0367 0484 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:41:20.0369 0484 srv2 - ok
15:41:20.0381 0484 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:41:20.0383 0484 srvnet - ok
15:41:20.0400 0484 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:41:20.0403 0484 SSDPSRV - ok
15:41:20.0446 0484 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:41:20.0448 0484 SstpSvc - ok
15:41:20.0550 0484 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
15:41:20.0555 0484 StarWindServiceAE - ok
15:41:20.0613 0484 Steam Client Service - ok
15:41:20.0677 0484 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
15:41:20.0678 0484 StillCam - ok
15:41:20.0709 0484 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:41:20.0726 0484 stisvc - ok
15:41:20.0748 0484 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:41:20.0748 0484 swenum - ok
15:41:20.0830 0484 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:41:20.0837 0484 SwitchBoard - ok
15:41:20.0865 0484 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:41:20.0882 0484 swprv - ok
15:41:20.0899 0484 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:41:20.0900 0484 Symc8xx - ok
15:41:20.0915 0484 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:41:20.0916 0484 Sym_hi - ok
15:41:20.0936 0484 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:41:20.0937 0484 Sym_u3 - ok
15:41:20.0972 0484 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:41:20.0980 0484 SysMain - ok
15:41:21.0008 0484 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:41:21.0011 0484 TabletInputService - ok
15:41:21.0039 0484 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:41:21.0043 0484 TapiSrv - ok
15:41:21.0098 0484 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:41:21.0100 0484 TBS - ok
15:41:21.0144 0484 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
15:41:21.0154 0484 Tcpip - ok
15:41:21.0186 0484 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
15:41:21.0195 0484 Tcpip6 - ok
15:41:21.0217 0484 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:41:21.0218 0484 tcpipreg - ok
15:41:21.0236 0484 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:41:21.0237 0484 TDPIPE - ok
15:41:21.0252 0484 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:41:21.0254 0484 TDTCP - ok
15:41:21.0275 0484 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:41:21.0276 0484 tdx - ok
15:41:21.0301 0484 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:41:21.0302 0484 TermDD - ok
15:41:21.0327 0484 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:41:21.0332 0484 TermService - ok
15:41:21.0357 0484 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:41:21.0360 0484 Themes - ok
15:41:21.0383 0484 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:41:21.0384 0484 THREADORDER - ok
15:41:21.0407 0484 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:41:21.0410 0484 TrkWks - ok
15:41:21.0433 0484 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:41:21.0433 0484 TrustedInstaller - ok
15:41:21.0451 0484 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:41:21.0452 0484 tssecsrv - ok
15:41:21.0470 0484 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:41:21.0471 0484 tunmp - ok
15:41:21.0491 0484 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:41:21.0492 0484 tunnel - ok
15:41:21.0502 0484 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:41:21.0504 0484 uagp35 - ok
15:41:21.0527 0484 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:41:21.0531 0484 udfs - ok
15:41:21.0552 0484 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:41:21.0554 0484 UI0Detect - ok
15:41:21.0579 0484 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:41:21.0581 0484 uliagpkx - ok
15:41:21.0605 0484 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:41:21.0609 0484 uliahci - ok
15:41:21.0627 0484 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:41:21.0629 0484 UlSata - ok
15:41:21.0645 0484 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:41:21.0648 0484 ulsata2 - ok
15:41:21.0656 0484 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:41:21.0657 0484 umbus - ok
15:41:21.0680 0484 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:41:21.0686 0484 upnphost - ok
15:41:21.0742 0484 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:41:21.0743 0484 USBAAPL64 - ok
15:41:21.0794 0484 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:41:21.0796 0484 usbccgp - ok
15:41:21.0822 0484 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
15:41:21.0824 0484 usbcir - ok
15:41:21.0853 0484 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:41:21.0854 0484 usbehci - ok
15:41:21.0868 0484 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:41:21.0870 0484 usbhub - ok
15:41:21.0884 0484 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
15:41:21.0885 0484 usbohci - ok
15:41:21.0906 0484 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:41:21.0907 0484 usbprint - ok
15:41:21.0930 0484 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:41:21.0931 0484 usbscan - ok
15:41:21.0952 0484 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:41:21.0953 0484 USBSTOR - ok
15:41:21.0976 0484 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:41:21.0977 0484 usbuhci - ok
15:41:22.0002 0484 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:41:22.0005 0484 UxSms - ok
15:41:22.0037 0484 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:41:22.0054 0484 vds - ok
15:41:22.0073 0484 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:41:22.0074 0484 vga - ok
15:41:22.0088 0484 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:41:22.0089 0484 VgaSave - ok
15:41:22.0108 0484 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:41:22.0109 0484 viaide - ok
15:41:22.0142 0484 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:41:22.0143 0484 volmgr - ok
15:41:22.0166 0484 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:41:22.0171 0484 volmgrx - ok
15:41:22.0203 0484 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:41:22.0207 0484 volsnap - ok
15:41:22.0230 0484 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:41:22.0232 0484 vsmraid - ok
15:41:22.0281 0484 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:41:22.0307 0484 VSS - ok
15:41:22.0333 0484 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:41:22.0338 0484 W32Time - ok
15:41:22.0357 0484 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:41:22.0358 0484 WacomPen - ok
15:41:22.0409 0484 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:41:22.0410 0484 Wanarp - ok
15:41:22.0414 0484 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:41:22.0415 0484 Wanarpv6 - ok
15:41:22.0437 0484 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:41:22.0454 0484 wcncsvc - ok
15:41:22.0476 0484 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:41:22.0478 0484 WcsPlugInService - ok
15:41:22.0496 0484 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:41:22.0497 0484 Wd - ok
15:41:22.0528 0484 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:41:22.0545 0484 Wdf01000 - ok
15:41:22.0556 0484 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:41:22.0559 0484 WdiServiceHost - ok
15:41:22.0562 0484 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:41:22.0564 0484 WdiSystemHost - ok
15:41:22.0578 0484 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:41:22.0583 0484 WebClient - ok
15:41:22.0608 0484 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:41:22.0612 0484 Wecsvc - ok
15:41:22.0626 0484 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:41:22.0629 0484 wercplsupport - ok
15:41:22.0644 0484 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:41:22.0647 0484 WerSvc - ok
15:41:22.0683 0484 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:41:22.0700 0484 winachsf - ok
15:41:22.0720 0484 WinDefend - ok
15:41:22.0728 0484 WinHttpAutoProxySvc - ok
15:41:22.0770 0484 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:41:22.0774 0484 Winmgmt - ok
15:41:22.0827 0484 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:41:22.0868 0484 WinRM - ok
15:41:22.0905 0484 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:41:22.0922 0484 Wlansvc - ok
15:41:23.0040 0484 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:41:23.0055 0484 wlidsvc - ok
15:41:23.0080 0484 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
15:41:23.0081 0484 WmiAcpi - ok
15:41:23.0103 0484 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:41:23.0105 0484 wmiApSrv - ok
15:41:23.0149 0484 WMPNetworkSvc - ok
15:41:23.0180 0484 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:41:23.0184 0484 WPCSvc - ok
15:41:23.0209 0484 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:41:23.0212 0484 WPDBusEnum - ok
15:41:23.0242 0484 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:41:23.0243 0484 WpdUsb - ok
15:41:23.0324 0484 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:41:23.0341 0484 WPFFontCache_v0400 - ok
15:41:23.0357 0484 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:41:23.0358 0484 ws2ifsl - ok
15:41:23.0390 0484 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
15:41:23.0393 0484 wscsvc - ok
15:41:23.0400 0484 WSearch - ok
15:41:23.0466 0484 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
15:41:23.0506 0484 wuauserv - ok
15:41:23.0530 0484 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:41:23.0532 0484 WUDFRd - ok
15:41:23.0555 0484 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:41:23.0558 0484 wudfsvc - ok
15:41:23.0580 0484 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
15:41:23.0581 0484 XAudio - ok
15:41:23.0598 0484 XAudioService (510652a925b5d6c3892379d263a87f00) C:\Windows\system32\DRIVERS\xaudio64.exe
15:41:23.0603 0484 XAudioService - ok
15:41:23.0662 0484 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
15:41:23.0666 0484 yukonx64 - ok
15:41:23.0678 0484 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:41:23.0727 0484 \Device\Harddisk0\DR0 - ok
15:41:23.0733 0484 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk1\DR1
15:41:23.0738 0484 \Device\Harddisk1\DR1 - ok
15:41:23.0741 0484 Boot (0x1200) (98d111df26fbb4dc4a497776e6fe4243) \Device\Harddisk0\DR0\Partition0
15:41:23.0743 0484 \Device\Harddisk0\DR0\Partition0 - ok
15:41:23.0747 0484 Boot (0x1200) (7d04666a4010b04f5664bd6b07b5a662) \Device\Harddisk0\DR0\Partition1
15:41:23.0748 0484 \Device\Harddisk0\DR0\Partition1 - ok
15:41:24.0079 0484 Boot (0x1200) (ed377a69212a45fe68aabc16a6d043f1) \Device\Harddisk1\DR1\Partition0
15:41:24.0081 0484 \Device\Harddisk1\DR1\Partition0 - ok
15:41:24.0081 0484 ============================================================
15:41:24.0081 0484 Scan finished
15:41:24.0081 0484 ============================================================
15:41:24.0091 3724 Detected object count: 0
15:41:24.0091 3724 Actual detected object count: 0
15:43:12.0098 4092 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-22 15:44:12
-----------------------------
15:44:12.101 OS Version: Windows x64 6.0.6002 Service Pack 2
15:44:12.101 Number of processors: 4 586 0x203
15:44:12.101 ComputerName: ZACH-PC UserName: Zach
15:44:13.436 Initialize success
15:49:23.455 AVAST engine defs: 12042201
15:49:49.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:49:49.017 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
15:49:49.035 Disk 0 MBR read successfully
15:49:49.037 Disk 0 MBR scan
15:49:49.041 Disk 0 Windows VISTA default MBR code
15:49:49.043 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15868 MB offset 63
15:49:49.051 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 594608 MB offset 32499495
15:49:49.077 Disk 0 scanning C:\Windows\system32\drivers
15:49:56.588 Service scanning
15:50:13.398 Modules scanning
15:50:13.403 Disk 0 trace - called modules:
15:50:13.416 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS amdide64.sys PCIIDEX.SYS hal.dll atapi.sys
15:50:13.420 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071f2790]
15:50:13.424 3 CLASSPNP.SYS[fffffa6000dcac33] -> nt!IofCallDriver -> [0xfffffa8006544520]
15:50:13.428 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006540940]
15:50:15.691 AVAST engine scan C:\Windows
15:50:20.397 AVAST engine scan C:\Windows\system32
15:50:38.986 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
15:52:06.031 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
15:52:07.784 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
15:53:16.566 AVAST engine scan C:\Windows\system32\drivers
15:53:30.473 AVAST engine scan C:\Users\Zach
16:13:35.900 AVAST engine scan C:\ProgramData
16:18:59.760 Scan finished successfully
16:19:12.486 Disk 0 MBR has been saved successfully to "C:\Users\Zach\Desktop\MBR.dat"
16:19:12.490 The log file has been saved successfully to "C:\Users\Zach\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 22 April 2012 - 09:42 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
c:\windows\system32\dds_trash_log.cmd
C:\Windows\system32\consrv.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 aka-goldfish

aka-goldfish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 23 April 2012 - 06:26 PM

Hello again,

Sorry for the delay, I wasn't able to do the next step until I got home from work just now. Combofix ran without any problems that I could tell. The PC booted up fine and pretty quickly afterwards, didn't take long for Firefox to load. I tried to see if I could get to the Windows Firewall settings and I no longer get the error, yay! Here's the combofix log:

ComboFix 12-04-22.01 - Zach 04/23/2012 19:03:48.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.3436 [GMT -4:00]
Running from: c:\users\Zach\Desktop\ComboFix.exe
Command switches used :: c:\users\Zach\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\system32\consrv.dll"
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 23:11 . 2012-04-23 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 23:10 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{664E6356-E629-4E6A-9B4C-BBAB78A619DC}\mpengine.dll
2012-04-22 18:22 . 2012-04-22 18:23 -------- d-----w- C:\FRST
2012-04-22 14:00 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-22 14:00 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 14:00 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 14:00 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 14:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-22 14:00 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-22 14:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-22 14:00 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-21 00:10 . 2012-04-21 20:50 -------- d-----w- C:\d82f84b5694164d74c
2012-04-21 00:10 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-21 00:10 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-15 03:32 . 2012-04-21 20:50 -------- d-----w- c:\programdata\AVAST Software
2012-04-15 03:32 . 2012-04-21 20:50 -------- d-----w- c:\program files\AVAST Software
2012-04-15 02:35 . 2012-04-21 03:48 -------- d-----w- c:\program files\CCleaner
2012-04-15 01:42 . 2012-04-15 01:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware(29)
2012-04-07 17:29 . 2012-04-07 17:29 -------- d-----w- c:\users\Zach\AppData\Local\Amazon
2012-04-07 17:16 . 2012-04-07 17:17 -------- d-----w- c:\users\Zach\AppData\Roaming\calibre
2012-04-07 17:15 . 2012-04-15 08:18 -------- d-----w- c:\program files (x86)\Calibre2
2012-04-07 16:59 . 2012-04-07 17:09 -------- d-----w- c:\users\Zach\AppData\Roaming\Mobipocket
2012-04-07 16:59 . 2012-04-07 16:59 -------- d-----w- c:\program files (x86)\Mobipocket.com
2012-04-06 16:41 . 2012-04-06 16:43 -------- d-----w- C:\tmp
2012-04-04 14:42 . 2012-04-04 14:42 -------- d-----w- c:\program files\iPod(38)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 23:33 . 2009-09-10 20:32 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-04-04 19:56 . 2009-07-28 16:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 14:18 . 2009-10-02 19:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 16:49 . 2012-03-14 14:02 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 14:02 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 14:02 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 14:02 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 14:02 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 14:02 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 14:02 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 14:02 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 14:02 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 14:02 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-13 13:16 . 2012-02-06 23:55 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-02 15:34 . 2012-03-14 14:02 2765824 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-22_16.42.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-04-23 23:15 68328 c:\windows\system64\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-10 23:58 . 2012-04-23 23:15 17992 c:\windows\system64\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1911233463-590595397-3226711343-1000_UserData.bin
- 2008-07-10 23:44 . 2012-04-22 14:57 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-10 23:44 . 2012-04-23 22:58 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-10 23:44 . 2012-04-22 14:57 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-10 23:44 . 2012-04-23 22:58 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-10 23:44 . 2012-04-23 22:58 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-10 23:44 . 2012-04-22 14:57 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-04-23 23:15 68328 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-10 23:58 . 2012-04-23 23:15 17992 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1911233463-590595397-3226711343-1000_UserData.bin
+ 2008-07-10 23:44 . 2012-04-23 22:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-10 23:44 . 2012-04-22 14:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-10 23:44 . 2012-04-22 14:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-10 23:44 . 2012-04-23 22:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-10 23:44 . 2012-04-22 14:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-10 23:44 . 2012-04-23 22:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-28 04:41 . 2012-04-23 23:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-28 04:41 . 2012-04-22 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-28 04:41 . 2012-04-23 23:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-28 04:41 . 2012-04-22 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 04:33 . 2012-04-23 23:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 04:33 . 2012-04-22 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-27 04:33 . 2012-04-23 23:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-27 04:33 . 2012-04-22 16:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-23 23:13 . 2012-04-23 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-22 16:42 . 2012-04-22 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-22 16:42 . 2012-04-22 16:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-23 23:13 . 2012-04-23 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 15:45 . 2012-04-23 23:15 108420 c:\windows\system64\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-04-22 15:53 604502 c:\windows\system64\perfh009.dat
+ 2006-11-02 12:46 . 2012-04-22 16:48 604502 c:\windows\system64\perfh009.dat
+ 2006-11-02 12:46 . 2012-04-22 16:48 104202 c:\windows\system64\perfc009.dat
- 2006-11-02 12:46 . 2012-04-22 15:53 104202 c:\windows\system64\perfc009.dat
+ 2009-10-02 19:59 . 2012-02-23 14:18 279656 c:\windows\system64\MpSigStub.exe
- 2009-10-02 19:59 . 2012-01-27 05:52 279656 c:\windows\system64\MpSigStub.exe
+ 2006-11-02 15:45 . 2012-04-23 23:15 108420 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46 . 2012-04-22 15:53 604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-04-22 16:48 604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-04-22 15:53 104202 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-04-22 16:48 104202 c:\windows\system32\perfc009.dat
- 2009-11-28 04:41 . 2012-04-22 16:43 114688 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-28 04:41 . 2012-04-23 23:14 114688 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-08 16:54 . 2012-04-23 23:11 402252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-08 16:54 . 2012-04-22 16:40 402252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-04 03:34 . 2012-04-22 16:40 801084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1911233463-590595397-3226711343-1000-8192.dat
+ 2011-04-04 03:34 . 2012-04-23 23:11 801084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1911233463-590595397-3226711343-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-03-08 5174568]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\zach's stuff\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2008-11-28 3656]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-8-19 2068832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-16 5453824]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\mz0vbgo6.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - user.js: general.useragent.extra.brc - BRI/1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*3*b*0*1*#*5* ³äz\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*<õh\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*B*e*l*p˙j|\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACRAD46\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACRAD46\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2c9c7b&0&UID268435458\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2c9c7b&0&UID268435458\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A4\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A4\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A5\5&2c9c7b&0&UID268435458\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A5\5&2c9c7b&0&UID268435458\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A6\5&2c9c7b&0&UID268435458\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\GWY08A6\5&2c9c7b&0&UID268435458\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM0124\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM030E\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM030E\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM031F\5&2c9c7b&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM031F\5&2c9c7b&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2012-04-23 19:20:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-23 23:20
ComboFix2.txt 2012-04-22 16:51
.
Pre-Run: 205,753,044,992 bytes free
Post-Run: 208,630,980,608 bytes free
.
- - End Of File - - 2AA92AF93795A7C601EC780D8D7E18BD

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 23 April 2012 - 09:05 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 aka-goldfish

aka-goldfish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 24 April 2012 - 05:57 AM

Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acoustica MP3 Audio Mixer
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS5
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.2)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Adsen File Splitter
Advertising Center
AIO_Scan
Aleesoft Free MKV Converter 2.4.27
Alien Skin Exposure
Apple Application Support
Apple Software Update
Audiosurf
Avi to Mpeg 3.0
AviSynth 2.5
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Braid (Version 1.015)
BufferChm
C5200
C5200_doccd
c5200_Help
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Canon MP Navigator EX 1.0
Canon MP470 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CDisplay 1.8
Color Efex Pro 3.0 Complete
ComicBase FREE
Compatibility Pack for the 2007 Office system
Connect
Copy
Coupon Printer for Windows
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Dfine 2.0
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DocProc
DocProcQFolder
DolbyFiles
Easy Flash Recovery v2.3
EasyRecovery Professional Edition
Express Burn Disc Burning Software
Fast Flash Recovery v2.3
Fax
FedEx Office Printer
ffdshow v1.1.3452 [2010-05-24]
FileZilla Client 3.3.3
Freecorder
Gateway Games
Gateway Recovery Center Installer
GSplit 3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050A J611 series Help
HP Photo Creations
HP Smart Web Printing
HP Update
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java™ 6 Update 29
Java™ 6 Update 5
Java™ 6 Update 7
K-Lite Codec Pack 4.1.0 (Full)
kuler
MagicDisc 2.7.105
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Compact Framework 3.5
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MixPad
Move Media Player
Mozilla Firefox 6.0.1 (x86 en-US)
MP3 Cutter Joiner 1.17
MP3 Wav Editor 3.50
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Neat Image v5.9 Pro+
Nero ControlCenter
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Help
Noiseware Professional Plug-in
Norton Security Scan
NVIDIA PhysX
On the Rain-Slick Precipice of Darkness, Episode Two
PanoStandAlone
Pcsx2 0.9.6
PDF Settings CS4
PDF Settings CS5
Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode One
Philips Retractable PC Controller
Photodex Presenter
Photoshop Camera Raw
Pistonsoft MP3 Tags Editor
Pixel Bender Toolkit
PIXMA Extended Survey Program
PlayLinc
PokerStars.net
Portal
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PS3 Media Center X 0.92
PS3 Video 9 5.04
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Replay Music
SC Audio DJ Mixer 2.4.0.2
Scan
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Sharpener Pro 3.0
Silver Efex Pro
Skins
Smart Copy 3.0.5.8
Smart Flash Recovery v4.4
SoftOrbits Flash Drive Recovery 1.3
SpadeClub Poker
Status
Steam
Suite Shared Configuration CS4
The File Splitter 1.31
Toolbox
TradeManager 2010 Beta1
TrayApp
Trillian
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UploadExpress
VC80CRTRedist - 8.0.50727.6195
Viveza
VLC media player 2.0.1
Vodei Multimedia Processor 2.10
WavePad Sound Editor
WD Diagnostics
WebReg
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
winpcap-nmap 4.02
WinRAR archiver
WinUtilities 9.36 Professinal Edition
World of Warcraft FREE Trial
Xvid 1.2.2
Yahoo! Detect
Yahoo! Toolbar
Zero Assumption Recovery Version 9

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 AM

Posted 24 April 2012 - 07:15 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Freecorder
J2SE Runtime Environment 5.0 Update 1
Java™ 6 Update 29
Java™ 6 Update 5
Java™ 6 Update 7
PokerStars.net
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 aka-goldfish

aka-goldfish
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 24 April 2012 - 07:09 PM

Hello, Didn't have any trouble with these steps today. Only kinda weird thing was when re-starting after the MBAM scan, the Shutting Down screen was on for a good 3 minutes or so before it shut down, but everything booted up fine again. Here are the logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.24.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Zach :: ZACH-PC [administrator]

4/24/2012 7:33:28 PM
mbam-log-2012-04-24 (19-33-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223988
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Zach\Downloads\SoftonicDownloader_for_mixpad.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:05:36 PM, on 4/24/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Zach's Stuff\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Zach's Stuff\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19L4861Z05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-21-1911233463-590595397-3226711343-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-1911233463-590595397-3226711343-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NeroMediaHomeUser.4')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WmXlCore (Tb2RCAssist) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 12117 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users