Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Start Incredibar browser hijack/ redirect


  • This topic is locked This topic is locked
53 replies to this topic

#1 Whaler31

Whaler31

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 23 April 2012 - 03:55 PM

"My Start" "Incredibar" malware/virus has taken over my system and all browsers!

PC Tools tech support doesnt seem to jhvae a way to fix after two days. Any ideas?

Thanx!~

Combofixlog:



ComboFix 12-04-23.02 - Knight 04/23/2012 13:17:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6698 [GMT -7:00]
Running from: D:\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\SPL835B.tmp
c:\programdata\SPLC92A.tmp
c:\users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\weave\toFetch
c:\users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\weave\toFetch\clients.json
c:\users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\weave\toFetch\tabs.json
c:\windows\system32\drivers\etc\lmhosts
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 20:21 . 2012-04-23 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 19:38 . 2012-04-23 19:38 -------- d-----w- c:\programdata\CyberLink
2012-04-23 19:38 . 2012-04-23 19:38 -------- d-----w- C:\Lenovo
2012-04-23 03:02 . 2012-04-23 03:02 -------- d-----w- C:\6b7cfd5e2ba78cdcfc8e02a4
2012-04-22 23:31 . 2012-03-20 18:11 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-04-22 23:31 . 2012-03-20 18:11 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-04-22 23:31 . 2012-03-20 18:11 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-04-22 23:31 . 2012-03-20 20:43 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-04-22 23:31 . 2012-03-20 20:43 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-04-22 23:31 . 2012-03-20 20:49 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-04-22 23:31 . 2012-03-20 20:50 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-04-22 23:30 . 2012-02-28 18:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-04-22 23:30 . 2012-02-28 18:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-04-22 23:30 . 2012-03-16 19:15 426104 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-04-22 23:26 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D826B1D-4F87-45A3-A26E-04A846063266}\mpengine.dll
2012-04-22 08:07 . 2011-08-29 21:15 754480 ----a-w- c:\program files\Internet Explorer\iexplore - Copy.exe
2012-04-22 04:37 . 2012-04-22 04:37 -------- d-----w- c:\users\Knight\AppData\Roaming\PCTools
2012-04-22 03:18 . 2012-04-22 03:18 -------- d-----w- c:\users\Knight\AppData\Local\Deshaker
2012-04-22 03:15 . 2012-04-22 03:15 448 ----a-w- C:\user.js
2012-04-16 05:48 . 2012-04-16 05:49 -------- d-----w- c:\programdata\IBUpdaterService
2012-04-16 01:50 . 2012-04-16 01:50 -------- d-----w- c:\users\Knight\AppData\Local\DVDVideoSoft_Ltd
2012-04-12 10:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 10:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 10:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 10:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 08:30 . 2012-04-09 08:30 -------- d-----w- c:\users\Knight\AppData\Local\Windows Live Writer
2012-04-09 08:30 . 2012-04-09 08:30 -------- d-----w- c:\users\Knight\AppData\Roaming\Windows Live Writer
2012-04-07 03:41 . 2012-04-07 03:41 -------- d-----w- c:\windows\en
2012-04-07 03:39 . 2012-04-07 03:39 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-07 03:39 . 2012-03-09 01:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-07 03:38 . 2012-04-07 03:38 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e368bfc01cd146f0a\MeshBetaRemover.exe
2012-04-07 03:37 . 2012-04-07 03:37 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\DXSETUP.exe
2012-04-07 03:37 . 2012-04-07 03:37 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\DSETUP.dll
2012-04-07 03:37 . 2012-04-07 03:37 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\dsetup32.dll
2012-04-02 08:34 . 2012-04-02 08:34 -------- d-----w- c:\users\Knight\AppData\Roaming\NCH Swift Sound
2012-04-02 07:09 . 2012-04-02 07:10 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-02 07:09 . 2012-04-02 07:09 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-30 23:10 . 2012-04-14 02:10 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 22:22 . 2012-04-14 02:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 02:10 . 2011-08-01 21:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-07 03:39 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-20 20:50 . 2011-12-30 19:11 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-20 19:21 . 2012-01-10 00:56 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-03-20 19:21 . 2012-01-10 00:56 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-20 19:21 . 2012-01-10 00:56 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-03-20 19:21 . 2012-01-10 00:56 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-03-20 19:20 . 2012-01-10 00:56 767928 ----a-w- c:\windows\BDTSupport.dll
2012-03-20 18:39 . 2012-01-10 00:56 3488 ----a-w- c:\windows\UDB.zip
2012-03-20 18:39 . 2012-01-10 00:56 131 ----a-w- c:\windows\IDB.zip
2012-03-09 01:50 . 2012-03-09 01:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-09 01:37 . 2012-03-09 01:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 21:37 . 2011-12-17 20:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 20:02 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:02 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:02 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 04:35 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:43 . 2012-02-10 05:43 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 05:43 . 2012-02-10 05:43 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 05:43 . 2012-02-10 05:43 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 05:43 . 2012-02-10 05:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 05:43 . 2012-02-10 05:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 05:43 . 2012-02-10 05:43 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-02-10 05:43 . 2012-02-10 05:43 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 05:43 . 2012-02-10 05:43 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 05:43 . 2012-02-10 05:43 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 05:43 . 2012-02-10 05:43 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 05:43 . 2012-02-10 05:43 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 05:43 . 2012-02-10 05:43 25541952 ----a-w- c:\windows\system32\nvoglv64.dll
2012-02-10 05:43 . 2012-02-10 05:43 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 05:43 . 2012-02-10 05:43 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-02-10 05:43 . 2012-02-10 05:43 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 05:43 . 2012-02-10 05:43 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-10 05:43 . 2012-02-10 05:43 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 05:43 . 2012-02-10 05:43 19443520 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-02-10 05:43 . 2012-02-10 05:43 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 05:43 . 2012-02-10 05:43 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-10 05:43 . 2012-02-10 05:43 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 05:43 . 2012-02-10 05:43 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 05:43 . 2012-02-10 05:43 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 05:43 . 2012-02-10 05:43 13624128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 05:43 . 2011-12-18 07:39 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 05:43 . 2011-12-18 07:39 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 05:43 . 2011-12-18 07:38 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 05:38 . 2012-03-14 04:35 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 04:35 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-13 20:02 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 20:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 20:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-03-20 402336]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-03-20 571320]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-04-16 343448]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:10]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 02:19]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 02:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb133?a=6OyzBlVMrM&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to DVD Converter - c:\users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{61EFE29E-D40B-4C22-B3F9-5D9FDC44B62D}: NameServer = 4.2.2.2,4.2.2.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-23 13:22:44
ComboFix-quarantined-files.txt 2012-04-23 20:22
.
Pre-Run: 895,344,336,896 bytes free
Post-Run: 895,576,870,912 bytes free
.
- - End Of File - - 4C113BBD454DFBDA50B7C7959D00CBE5

Attached Files


Edited by Budapest, 23 April 2012 - 06:01 PM.
Moved from Win7 ~Budapest


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 24 April 2012 - 12:07 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Whaler31

Whaler31
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 25 April 2012 - 01:23 AM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
PC Tools Spyware Doctor with AntiVirus 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
PC Tools Spyware Doctor with AntiVirus 9.0
Java™ 6 Update 31
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Knight at 22:26:20 on 2012-04-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6889 [GMT -7:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\windows\system32\spool\DRIVERS\x64\3\lxecserv.exe
C:\windows\system32\lxeccoms.exe
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb133?a=6OyzBlVMrM&i=26
mStart Page = hxxp://lenovo.msn.com
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to DVD Converter - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to MP3 Converter - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{61EFE29E-D40B-4C22-B3F9-5D9FDC44B62D} : NameServer = 4.2.2.2,4.2.2.1
TCP: Interfaces\{DD13195E-03E8-4AEF-A7D7-807AC760C08D} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Guard BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\windows\system32\drivers\PCTCore64.sys --> C:\windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\windows\system32\drivers\pctDS64.sys --> C:\windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\windows\system32\drivers\pctEFA64.sys --> C:\windows\system32\drivers\pctEFA64.sys [?]
R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys --> C:\windows\system32\drivers\TfFsMon.sys [?]
R0 TFSysMon;TFSysMon;C:\windows\system32\drivers\TfSysMon.sys --> C:\windows\system32\drivers\TfSysMon.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\windows\system32\Drivers\PCTSD64.sys --> C:\windows\system32\Drivers\PCTSD64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-1-9 571320]
R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-4-15 343448]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 lxec_device;lxec_device;C:\windows\system32\lxeccoms.exe -service --> C:\windows\system32\lxeccoms.exe -service [?]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxecserv.exe [2011-8-29 45736]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-26 2655768]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]
R3 GeneStor;Genesys Logic Storage Driver;C:\windows\system32\DRIVERS\GeneStor.sys --> C:\windows\system32\DRIVERS\GeneStor.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 PCTBD;PC Tools Browser Defender Driver;C:\windows\system32\Drivers\PCTBD64.sys --> C:\windows\system32\Drivers\PCTBD64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-10 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-10 136176]
S3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-4-22 402336]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-4-22 1118648]
S3 TfNetMon;TfNetMon;\??\C:\windows\system32\drivers\TfNetMon.sys --> C:\windows\system32\drivers\TfNetMon.sys [?]
S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-24 21:46:10 -------- dc----w- C:\Users\Knight\AppData\Local\MigWiz
2012-04-24 21:39:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-24 20:23:19 -------- d-----w- C:\ComboFix
2012-04-24 02:16:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D826B1D-4F87-45A3-A26E-04A846063266}\offreg.dll
2012-04-23 20:17:10 98816 ----a-w- C:\windows\sed.exe
2012-04-23 20:17:10 518144 ----a-w- C:\windows\SWREG.exe
2012-04-23 20:17:10 256000 ----a-w- C:\windows\PEV.exe
2012-04-23 20:17:10 208896 ----a-w- C:\windows\MBR.exe
2012-04-23 19:38:34 -------- d-----w- C:\Lenovo
2012-04-23 03:02:34 -------- d-----w- C:\6b7cfd5e2ba78cdcfc8e02a4
2012-04-22 23:31:49 706776 --s---w- C:\windows\System32\drivers\TfSysMon.sys
2012-04-22 23:31:49 65664 --s---w- C:\windows\System32\drivers\TfFsMon.sys
2012-04-22 23:31:49 41968 --s---w- C:\windows\System32\drivers\TfNetMon.sys
2012-04-22 23:31:12 339608 ----a-w- C:\windows\System32\drivers\pctgntdi64.sys
2012-04-22 23:31:12 145432 ----a-w- C:\windows\System32\drivers\pctwfpfilter64.sys
2012-04-22 23:31:08 14776 ----a-w- C:\windows\System32\drivers\pctBTFix64.sys
2012-04-22 23:31:07 92896 ----a-w- C:\windows\System32\drivers\pctplsg64.sys
2012-04-22 23:30:27 453896 ----a-w- C:\windows\System32\drivers\pctDS64.sys
2012-04-22 23:30:27 1096176 ----a-w- C:\windows\System32\drivers\pctEFA64.sys
2012-04-22 23:30:26 426104 ----a-w- C:\windows\System32\drivers\PCTCore64.sys
2012-04-22 23:26:37 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D826B1D-4F87-45A3-A26E-04A846063266}\mpengine.dll
2012-04-22 08:07:58 754480 ----a-w- C:\Program Files\Internet Explorer\iexplore - Copy.exe
2012-04-22 04:37:10 -------- d-----w- C:\Users\Knight\AppData\Roaming\PCTools
2012-04-22 03:18:33 -------- d-----w- C:\Users\Knight\AppData\Local\Deshaker
2012-04-16 05:48:16 -------- d-----w- C:\ProgramData\IBUpdaterService
2012-04-16 01:50:22 -------- d-----w- C:\Users\Knight\AppData\Local\DVDVideoSoft_Ltd
2012-04-12 10:00:16 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 10:00:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 10:00:16 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 10:00:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 10:00:16 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 10:00:16 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-12 10:00:16 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-10 16:00:36 -------- d-----w- C:\Users\Knight\AppData\Local\{BC58289D-E97D-430C-AB8B-AB938DC5807A}
2012-04-10 16:00:25 -------- d-----w- C:\Users\Knight\AppData\Local\{C857CF4E-7209-4DF3-BA5C-CA1FFE38EF76}
2012-04-10 02:55:24 -------- d-----w- C:\Users\Knight\AppData\Local\{46B5B679-6345-483F-8FEE-9D8C94660370}
2012-04-10 02:55:13 -------- d-----w- C:\Users\Knight\AppData\Local\{59776778-40CA-4968-AE8F-E9574966DB1E}
2012-04-09 08:30:56 -------- d-----w- C:\Users\Knight\AppData\Roaming\Windows Live Writer
2012-04-09 08:30:56 -------- d-----w- C:\Users\Knight\AppData\Local\Windows Live Writer
2012-04-09 03:54:15 -------- d-----w- C:\Users\Knight\AppData\Local\{89DB1330-2B51-4F26-B39F-E8FFF2CCC3F2}
2012-04-09 03:54:04 -------- d-----w- C:\Users\Knight\AppData\Local\{4BE5250B-D9CD-4D41-9B5F-EBB5DB7DAC4C}
2012-04-08 04:30:25 -------- d-----w- C:\Users\Knight\AppData\Local\{EA4712F1-6101-48FB-AE1E-81F784E8B15B}
2012-04-08 04:30:14 -------- d-----w- C:\Users\Knight\AppData\Local\{61029C4F-5E2D-4DCD-8750-55B878C1F2C0}
2012-04-07 03:41:30 -------- d-----w- C:\windows\en
2012-04-07 03:39:29 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2012-04-07 03:38:25 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e368bfc01cd146f0a\MeshBetaRemover.exe
2012-04-07 03:37:39 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\DXSETUP.exe
2012-04-07 03:37:38 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\DSETUP.dll
2012-04-07 03:37:38 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\dsetup32.dll
2012-04-07 03:33:45 -------- d-----w- C:\Users\Knight\AppData\Local\{6945FBD6-09B9-4A14-A3E1-ACFBEC862107}
2012-04-02 07:09:59 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-02 07:09:59 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-30 23:10:06 8741536 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 22:22:02 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-14 02:10:09 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 20:50:18 251528 ----a-w- C:\windows\System32\drivers\PCTSD64.sys
2012-03-20 19:21:14 85192 ----a-w- C:\windows\System32\drivers\PCTBD64.sys
2012-03-20 19:21:10 149432 ----a-w- C:\windows\SGDetectionTool.dll
2012-03-20 19:21:08 2271160 ----a-w- C:\windows\PCTBDCore.dll
2012-03-20 19:21:08 1681336 ----a-w- C:\windows\PCTBDRes.dll
2012-03-20 19:20:46 767928 ----a-w- C:\windows\BDTSupport.dll
2012-03-09 01:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-03-09 01:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR
2012-03-06 21:37:52 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-03-06 06:53:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 22:26:40.71 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 25 April 2012 - 02:50 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Whaler31

Whaler31
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 25 April 2012 - 02:37 PM

ComboFix 12-04-23.02 - Knight 04/25/2012 12:16:19.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6696 [GMT -7:00]
Running from: D:\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 19:19 . 2012-04-25 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 19:38 . 2012-04-23 19:38 -------- d-----w- c:\programdata\CyberLink
2012-04-23 19:38 . 2012-04-23 19:38 -------- d-----w- C:\Lenovo
2012-04-23 03:02 . 2012-04-23 03:02 -------- d-----w- C:\6b7cfd5e2ba78cdcfc8e02a4
2012-04-22 23:31 . 2012-03-20 18:11 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-04-22 23:31 . 2012-03-20 18:11 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-04-22 23:31 . 2012-03-20 18:11 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-04-22 23:31 . 2012-03-20 20:43 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-04-22 23:31 . 2012-03-20 20:43 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-04-22 23:31 . 2012-03-20 20:49 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-04-22 23:31 . 2012-03-20 20:50 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-04-22 23:30 . 2012-02-28 18:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-04-22 23:30 . 2012-02-28 18:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-04-22 23:30 . 2012-03-16 19:15 426104 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-04-22 23:26 . 2012-04-18 10:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D826B1D-4F87-45A3-A26E-04A846063266}\mpengine.dll
2012-04-22 08:07 . 2011-08-29 21:15 754480 ----a-w- c:\program files\Internet Explorer\iexplore - Copy.exe
2012-04-22 04:37 . 2012-04-22 04:37 -------- d-----w- c:\users\Knight\AppData\Roaming\PCTools
2012-04-22 03:18 . 2012-04-22 03:18 -------- d-----w- c:\users\Knight\AppData\Local\Deshaker
2012-04-22 03:15 . 2012-04-22 03:15 448 ----a-w- C:\user.js
2012-04-16 05:48 . 2012-04-16 05:49 -------- d-----w- c:\programdata\IBUpdaterService
2012-04-16 01:50 . 2012-04-16 01:50 -------- d-----w- c:\users\Knight\AppData\Local\DVDVideoSoft_Ltd
2012-04-12 10:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 10:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 10:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 10:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 08:30 . 2012-04-09 08:30 -------- d-----w- c:\users\Knight\AppData\Local\Windows Live Writer
2012-04-09 08:30 . 2012-04-09 08:30 -------- d-----w- c:\users\Knight\AppData\Roaming\Windows Live Writer
2012-04-07 03:41 . 2012-04-07 03:41 -------- d-----w- c:\windows\en
2012-04-07 03:39 . 2012-04-07 03:39 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-07 03:39 . 2012-03-09 01:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-07 03:38 . 2012-04-07 03:38 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e368bfc01cd146f0a\MeshBetaRemover.exe
2012-04-07 03:37 . 2012-04-07 03:37 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\DXSETUP.exe
2012-04-07 03:37 . 2012-04-07 03:37 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\DSETUP.dll
2012-04-07 03:37 . 2012-04-07 03:37 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c6fb43801cd146f09\dsetup32.dll
2012-04-02 08:34 . 2012-04-02 08:34 -------- d-----w- c:\users\Knight\AppData\Roaming\NCH Swift Sound
2012-04-02 07:09 . 2012-04-02 07:10 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-02 07:09 . 2012-04-02 07:09 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-30 23:10 . 2012-04-14 02:10 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 22:22 . 2012-04-14 02:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 02:10 . 2011-08-01 21:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-07 03:39 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-20 20:50 . 2011-12-30 19:11 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-20 19:21 . 2012-01-10 00:56 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-03-20 19:21 . 2012-01-10 00:56 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-20 19:21 . 2012-01-10 00:56 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-03-20 19:21 . 2012-01-10 00:56 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-03-20 19:20 . 2012-01-10 00:56 767928 ----a-w- c:\windows\BDTSupport.dll
2012-03-20 18:39 . 2012-01-10 00:56 3488 ----a-w- c:\windows\UDB.zip
2012-03-20 18:39 . 2012-01-10 00:56 131 ----a-w- c:\windows\IDB.zip
2012-03-09 01:50 . 2012-03-09 01:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-09 01:37 . 2012-03-09 01:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 21:37 . 2011-12-17 20:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 17:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 20:02 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:02 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:02 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 04:35 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:43 . 2012-02-10 05:43 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 05:43 . 2012-02-10 05:43 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 05:43 . 2012-02-10 05:43 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 05:43 . 2012-02-10 05:43 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 05:43 . 2012-02-10 05:43 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 05:43 . 2012-02-10 05:43 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-02-10 05:43 . 2012-02-10 05:43 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 05:43 . 2012-02-10 05:43 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 05:43 . 2012-02-10 05:43 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 05:43 . 2012-02-10 05:43 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 05:43 . 2012-02-10 05:43 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 05:43 . 2012-02-10 05:43 25541952 ----a-w- c:\windows\system32\nvoglv64.dll
2012-02-10 05:43 . 2012-02-10 05:43 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 05:43 . 2012-02-10 05:43 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-02-10 05:43 . 2012-02-10 05:43 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 05:43 . 2012-02-10 05:43 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-10 05:43 . 2012-02-10 05:43 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 05:43 . 2012-02-10 05:43 19443520 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-02-10 05:43 . 2012-02-10 05:43 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 05:43 . 2012-02-10 05:43 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-10 05:43 . 2012-02-10 05:43 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 05:43 . 2012-02-10 05:43 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 05:43 . 2012-02-10 05:43 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 05:43 . 2012-02-10 05:43 13624128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 05:43 . 2011-12-18 07:39 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 05:43 . 2011-12-18 07:39 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 05:43 . 2011-12-18 07:38 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 05:38 . 2012-03-14 04:35 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 04:35 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-23_20.21.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-25 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-23 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-23 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-25 18:47 49774 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-25 18:47 44672 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-18 00:16 . 2012-04-25 18:47 12672 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1182291490-1180826050-772089516-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-04-23 20:28 95856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-25 18:45 . 2012-04-25 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-23 19:43 . 2012-04-23 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 18:45 . 2012-04-25 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-23 19:43 . 2012-04-23 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-18 03:48 . 2012-04-25 06:18 324816 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-04-25 18:49 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-23 19:47 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 18:49 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-23 19:47 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-23 19:39 350576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-25 07:23 350576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-25 18:45 1425408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 19:46 1425408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-18 00:14 . 2012-04-23 07:22 6704648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1182291490-1180826050-772089516-1001-8192.dat
+ 2011-07-18 00:14 . 2012-04-25 04:27 6704648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1182291490-1180826050-772089516-1001-8192.dat
+ 2011-08-30 04:56 . 2012-04-25 06:18 61542604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1182291490-1180826050-772089516-1001-4096.dat
- 2011-08-30 04:56 . 2012-04-23 19:39 61542604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1182291490-1180826050-772089516-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-03-20 402336]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-03-20 571320]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-04-16 343448]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:10]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 02:19]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 02:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-24 148280]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb133?a=6OyzBlVMrM&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to DVD Converter - c:\users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{61EFE29E-D40B-4C22-B3F9-5D9FDC44B62D}: NameServer = 4.2.2.2,4.2.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-25 12:20:23
ComboFix-quarantined-files.txt 2012-04-25 19:20
ComboFix2.txt 2012-04-25 19:02
ComboFix3.txt 2012-04-24 20:30
ComboFix4.txt 2012-04-24 04:07
ComboFix5.txt 2012-04-25 19:15
.
Pre-Run: 864,472,825,856 bytes free
Post-Run: 864,413,224,960 bytes free
.
- - End Of File - - 1B9DD6CDC83C136F6EC9FBDB4161229A

#6 Whaler31

Whaler31
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 25 April 2012 - 02:43 PM

Computer is still redirecting IE9 to My Start/incredibar addy.

Thanks,

Damon

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 25 April 2012 - 05:07 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Whaler31

Whaler31
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 25 April 2012 - 06:34 PM

Hey Gringo,

Here are the logs:

15:32:22.0392 3536 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:32:22.0408 3536 ============================================================
15:32:22.0408 3536 Current date / time: 2012/04/25 15:32:22.0408
15:32:22.0408 3536 SystemInfo:
15:32:22.0408 3536
15:32:22.0408 3536 OS Version: 6.1.7601 ServicePack: 1.0
15:32:22.0408 3536 Product type: Workstation
15:32:22.0408 3536 ComputerName: KNIGHT-PC
15:32:22.0408 3536 UserName: Knight
15:32:22.0408 3536 Windows directory: C:\windows
15:32:22.0408 3536 System windows directory: C:\windows
15:32:22.0408 3536 Running under WOW64
15:32:22.0408 3536 Processor architecture: Intel x64
15:32:22.0408 3536 Number of processors: 2
15:32:22.0408 3536 Page size: 0x1000
15:32:22.0408 3536 Boot type: Normal boot
15:32:22.0408 3536 ============================================================
15:32:23.0235 3536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:23.0235 3536 ============================================================
15:32:23.0235 3536 \Device\Harddisk0\DR0:
15:32:23.0235 3536 MBR partitions:
15:32:23.0235 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:32:23.0235 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800
15:32:23.0235 3536 ============================================================
15:32:23.0250 3536 C: <-> \Device\Harddisk0\DR0\Partition1
15:32:23.0250 3536 ============================================================
15:32:23.0250 3536 Initialize success
15:32:23.0250 3536 ============================================================
15:32:30.0083 3516 ============================================================
15:32:30.0083 3516 Scan started
15:32:30.0083 3516 Mode: Manual;
15:32:30.0083 3516 ============================================================
15:32:30.0536 3516 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
15:32:30.0536 3516 1394ohci - ok
15:32:30.0567 3516 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
15:32:30.0567 3516 ACPI - ok
15:32:30.0582 3516 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
15:32:30.0582 3516 AcpiPmi - ok
15:32:30.0660 3516 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:32:30.0660 3516 AdobeARMservice - ok
15:32:30.0723 3516 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:30.0723 3516 AdobeFlashPlayerUpdateSvc - ok
15:32:30.0754 3516 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
15:32:30.0770 3516 adp94xx - ok
15:32:30.0785 3516 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
15:32:30.0785 3516 adpahci - ok
15:32:30.0801 3516 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
15:32:30.0801 3516 adpu320 - ok
15:32:30.0848 3516 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
15:32:30.0848 3516 AeLookupSvc - ok
15:32:30.0894 3516 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
15:32:30.0894 3516 AFD - ok
15:32:30.0988 3516 AffinegyService (7f1130830b3ba85921519a5616e29803) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
15:32:31.0004 3516 AffinegyService - ok
15:32:31.0019 3516 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
15:32:31.0019 3516 agp440 - ok
15:32:31.0019 3516 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
15:32:31.0035 3516 ALG - ok
15:32:31.0050 3516 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
15:32:31.0050 3516 aliide - ok
15:32:31.0050 3516 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
15:32:31.0050 3516 amdide - ok
15:32:31.0066 3516 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
15:32:31.0066 3516 AmdK8 - ok
15:32:31.0082 3516 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
15:32:31.0082 3516 AmdPPM - ok
15:32:31.0113 3516 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
15:32:31.0113 3516 amdsata - ok
15:32:31.0144 3516 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
15:32:31.0144 3516 amdsbs - ok
15:32:31.0160 3516 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
15:32:31.0160 3516 amdxata - ok
15:32:31.0175 3516 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
15:32:31.0175 3516 AppID - ok
15:32:31.0191 3516 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
15:32:31.0191 3516 AppIDSvc - ok
15:32:31.0206 3516 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
15:32:31.0206 3516 Appinfo - ok
15:32:31.0238 3516 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
15:32:31.0238 3516 arc - ok
15:32:31.0253 3516 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
15:32:31.0253 3516 arcsas - ok
15:32:31.0269 3516 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:32:31.0269 3516 AsyncMac - ok
15:32:31.0269 3516 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
15:32:31.0269 3516 atapi - ok
15:32:31.0409 3516 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\windows\system32\DRIVERS\atikmdag.sys
15:32:31.0487 3516 atikmdag - ok
15:32:31.0628 3516 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:32:31.0628 3516 AudioEndpointBuilder - ok
15:32:31.0643 3516 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:32:31.0643 3516 AudioSrv - ok
15:32:31.0659 3516 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
15:32:31.0659 3516 AxInstSV - ok
15:32:31.0690 3516 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
15:32:31.0706 3516 b06bdrv - ok
15:32:31.0737 3516 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:32:31.0737 3516 b57nd60a - ok
15:32:31.0752 3516 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
15:32:31.0752 3516 BDESVC - ok
15:32:31.0768 3516 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:32:31.0768 3516 Beep - ok
15:32:31.0815 3516 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
15:32:31.0815 3516 BFE - ok
15:32:31.0862 3516 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
15:32:31.0862 3516 BITS - ok
15:32:31.0893 3516 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:32:31.0893 3516 blbdrive - ok
15:32:31.0924 3516 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
15:32:31.0924 3516 bowser - ok
15:32:31.0940 3516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
15:32:31.0940 3516 BrFiltLo - ok
15:32:31.0940 3516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
15:32:31.0940 3516 BrFiltUp - ok
15:32:31.0971 3516 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
15:32:31.0971 3516 BridgeMP - ok
15:32:32.0002 3516 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
15:32:32.0002 3516 Browser - ok
15:32:32.0111 3516 Browser Defender Update Service (9d5fd177db76a7f5d6b8678870820d3c) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
15:32:32.0127 3516 Browser Defender Update Service - ok
15:32:32.0158 3516 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:32:32.0158 3516 Brserid - ok
15:32:32.0174 3516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:32:32.0174 3516 BrSerWdm - ok
15:32:32.0174 3516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:32:32.0174 3516 BrUsbMdm - ok
15:32:32.0189 3516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:32:32.0189 3516 BrUsbSer - ok
15:32:32.0205 3516 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
15:32:32.0205 3516 BTHMODEM - ok
15:32:32.0220 3516 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
15:32:32.0220 3516 bthserv - ok
15:32:32.0252 3516 catchme - ok
15:32:32.0267 3516 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:32:32.0267 3516 cdfs - ok
15:32:32.0408 3516 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
15:32:32.0408 3516 cdrom - ok
15:32:32.0423 3516 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:32:32.0439 3516 CertPropSvc - ok
15:32:32.0454 3516 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
15:32:32.0470 3516 circlass - ok
15:32:32.0486 3516 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:32:32.0486 3516 CLFS - ok
15:32:32.0548 3516 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:32.0548 3516 clr_optimization_v2.0.50727_32 - ok
15:32:32.0579 3516 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:32:32.0579 3516 clr_optimization_v2.0.50727_64 - ok
15:32:32.0673 3516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:32:32.0673 3516 clr_optimization_v4.0.30319_32 - ok
15:32:32.0688 3516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:32:32.0704 3516 clr_optimization_v4.0.30319_64 - ok
15:32:32.0704 3516 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
15:32:32.0704 3516 CmBatt - ok
15:32:32.0720 3516 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
15:32:32.0720 3516 cmdide - ok
15:32:32.0751 3516 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
15:32:32.0751 3516 CNG - ok
15:32:32.0766 3516 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
15:32:32.0766 3516 Compbatt - ok
15:32:32.0798 3516 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
15:32:32.0798 3516 CompositeBus - ok
15:32:32.0813 3516 COMSysApp - ok
15:32:32.0829 3516 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
15:32:32.0829 3516 crcdisk - ok
15:32:32.0860 3516 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
15:32:32.0876 3516 CryptSvc - ok
15:32:32.0907 3516 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:32:32.0907 3516 DcomLaunch - ok
15:32:32.0938 3516 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
15:32:32.0938 3516 defragsvc - ok
15:32:32.0954 3516 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
15:32:32.0954 3516 DfsC - ok
15:32:32.0969 3516 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
15:32:32.0985 3516 Dhcp - ok
15:32:32.0985 3516 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:32:32.0985 3516 discache - ok
15:32:33.0000 3516 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
15:32:33.0000 3516 Disk - ok
15:32:33.0032 3516 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
15:32:33.0032 3516 Dnscache - ok
15:32:33.0063 3516 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
15:32:33.0063 3516 dot3svc - ok
15:32:33.0078 3516 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
15:32:33.0078 3516 DPS - ok
15:32:33.0094 3516 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:32:33.0094 3516 drmkaud - ok
15:32:33.0141 3516 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
15:32:33.0141 3516 DXGKrnl - ok
15:32:33.0172 3516 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\windows\system32\DRIVERS\e1c62x64.sys
15:32:33.0172 3516 e1cexpress - ok
15:32:33.0219 3516 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
15:32:33.0219 3516 EapHost - ok
15:32:33.0312 3516 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
15:32:33.0375 3516 ebdrv - ok
15:32:33.0484 3516 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
15:32:33.0484 3516 EFS - ok
15:32:33.0546 3516 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
15:32:33.0546 3516 ehRecvr - ok
15:32:33.0578 3516 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
15:32:33.0578 3516 ehSched - ok
15:32:33.0609 3516 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
15:32:33.0624 3516 elxstor - ok
15:32:33.0640 3516 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
15:32:33.0640 3516 ErrDev - ok
15:32:33.0656 3516 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
15:32:33.0671 3516 EventSystem - ok
15:32:33.0687 3516 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:32:33.0687 3516 exfat - ok
15:32:33.0702 3516 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:32:33.0718 3516 fastfat - ok
15:32:33.0749 3516 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
15:32:33.0749 3516 Fax - ok
15:32:33.0765 3516 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
15:32:33.0765 3516 fdc - ok
15:32:33.0780 3516 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
15:32:33.0780 3516 fdPHost - ok
15:32:33.0796 3516 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
15:32:33.0796 3516 FDResPub - ok
15:32:33.0812 3516 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:32:33.0812 3516 FileInfo - ok
15:32:33.0812 3516 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:32:33.0812 3516 Filetrace - ok
15:32:33.0827 3516 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
15:32:33.0827 3516 flpydisk - ok
15:32:33.0858 3516 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
15:32:33.0858 3516 FltMgr - ok
15:32:33.0921 3516 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
15:32:33.0936 3516 FontCache - ok
15:32:33.0983 3516 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:32:33.0983 3516 FontCache3.0.0.0 - ok
15:32:33.0999 3516 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:32:33.0999 3516 FsDepends - ok
15:32:34.0061 3516 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys
15:32:34.0061 3516 fssfltr - ok
15:32:34.0139 3516 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:32:34.0170 3516 fsssvc - ok
15:32:34.0248 3516 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
15:32:34.0248 3516 Fs_Rec - ok
15:32:34.0295 3516 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
15:32:34.0295 3516 fvevol - ok
15:32:34.0311 3516 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
15:32:34.0311 3516 gagp30kx - ok
15:32:34.0326 3516 GeneStor (33bf7e4e3e5ff9df8ca7a98f527b57cb) C:\windows\system32\DRIVERS\GeneStor.sys
15:32:34.0326 3516 GeneStor - ok
15:32:34.0373 3516 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
15:32:34.0373 3516 gpsvc - ok
15:32:34.0436 3516 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:32:34.0436 3516 gupdate - ok
15:32:34.0467 3516 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:32:34.0467 3516 gupdatem - ok
15:32:34.0467 3516 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:32:34.0482 3516 hcw85cir - ok
15:32:34.0514 3516 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
15:32:34.0514 3516 HdAudAddService - ok
15:32:34.0529 3516 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
15:32:34.0529 3516 HDAudBus - ok
15:32:34.0560 3516 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
15:32:34.0560 3516 HidBatt - ok
15:32:34.0576 3516 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
15:32:34.0576 3516 HidBth - ok
15:32:34.0592 3516 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
15:32:34.0592 3516 HidIr - ok
15:32:34.0607 3516 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
15:32:34.0607 3516 hidserv - ok
15:32:34.0654 3516 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
15:32:34.0654 3516 HidUsb - ok
15:32:34.0670 3516 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
15:32:34.0670 3516 hkmsvc - ok
15:32:34.0685 3516 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
15:32:34.0685 3516 HomeGroupListener - ok
15:32:34.0716 3516 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
15:32:34.0716 3516 HomeGroupProvider - ok
15:32:34.0732 3516 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
15:32:34.0732 3516 HpSAMD - ok
15:32:34.0763 3516 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
15:32:34.0779 3516 HTTP - ok
15:32:34.0779 3516 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
15:32:34.0779 3516 hwpolicy - ok
15:32:34.0810 3516 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
15:32:34.0810 3516 i8042prt - ok
15:32:34.0841 3516 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
15:32:34.0857 3516 iaStorV - ok
15:32:34.0919 3516 IBUpdaterService (48a1b170d179cf28f82aae0c16861612) C:\ProgramData\IBUpdaterService\ibsvc.exe
15:32:34.0919 3516 IBUpdaterService - ok
15:32:34.0997 3516 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:32:35.0013 3516 idsvc - ok
15:32:35.0356 3516 igfx (5a3d48de22390a270fe8786eca07d7ff) C:\windows\system32\DRIVERS\igdkmd64.sys
15:32:35.0559 3516 igfx - ok
15:32:35.0621 3516 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
15:32:35.0621 3516 iirsp - ok
15:32:35.0668 3516 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
15:32:35.0684 3516 IKEEXT - ok
15:32:35.0762 3516 IntcAzAudAddService (62c93abec0f8a9a235bf7a86b9fc3a0c) C:\windows\system32\drivers\RTKVHD64.sys
15:32:35.0777 3516 IntcAzAudAddService - ok
15:32:35.0840 3516 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
15:32:35.0840 3516 IntcDAud - ok
15:32:35.0855 3516 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
15:32:35.0855 3516 intelide - ok
15:32:35.0871 3516 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
15:32:35.0871 3516 intelppm - ok
15:32:36.0011 3516 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
15:32:36.0011 3516 IntuitUpdateService - ok
15:32:36.0089 3516 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:32:36.0089 3516 IntuitUpdateServiceV4 - ok
15:32:36.0120 3516 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
15:32:36.0120 3516 IPBusEnum - ok
15:32:36.0136 3516 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:32:36.0136 3516 IpFilterDriver - ok
15:32:36.0167 3516 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
15:32:36.0167 3516 iphlpsvc - ok
15:32:36.0183 3516 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
15:32:36.0198 3516 IPMIDRV - ok
15:32:36.0230 3516 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:32:36.0230 3516 IPNAT - ok
15:32:36.0245 3516 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:32:36.0245 3516 IRENUM - ok
15:32:36.0261 3516 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
15:32:36.0261 3516 isapnp - ok
15:32:36.0276 3516 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
15:32:36.0292 3516 iScsiPrt - ok
15:32:36.0292 3516 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
15:32:36.0292 3516 kbdclass - ok
15:32:36.0323 3516 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
15:32:36.0323 3516 kbdhid - ok
15:32:36.0339 3516 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:32:36.0339 3516 KeyIso - ok
15:32:36.0354 3516 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
15:32:36.0354 3516 KSecDD - ok
15:32:36.0370 3516 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
15:32:36.0386 3516 KSecPkg - ok
15:32:36.0386 3516 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:32:36.0401 3516 ksthunk - ok
15:32:36.0417 3516 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
15:32:36.0417 3516 KtmRm - ok
15:32:36.0479 3516 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
15:32:36.0479 3516 LanmanServer - ok
15:32:36.0495 3516 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
15:32:36.0510 3516 LanmanWorkstation - ok
15:32:36.0526 3516 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:32:36.0526 3516 lltdio - ok
15:32:36.0542 3516 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
15:32:36.0542 3516 lltdsvc - ok
15:32:36.0557 3516 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
15:32:36.0557 3516 lmhosts - ok
15:32:36.0635 3516 LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:32:36.0635 3516 LMS - ok
15:32:36.0666 3516 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
15:32:36.0666 3516 LSI_FC - ok
15:32:36.0682 3516 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
15:32:36.0698 3516 LSI_SAS - ok
15:32:36.0713 3516 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
15:32:36.0713 3516 LSI_SAS2 - ok
15:32:36.0729 3516 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
15:32:36.0729 3516 LSI_SCSI - ok
15:32:36.0760 3516 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:32:36.0760 3516 luafv - ok
15:32:36.0822 3516 lxecCATSCustConnectService (1f02b554ddc4086d786537a3bf6488f1) C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
15:32:36.0822 3516 lxecCATSCustConnectService - ok
15:32:36.0838 3516 lxec_device - ok
15:32:36.0854 3516 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
15:32:36.0854 3516 Mcx2Svc - ok
15:32:36.0869 3516 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
15:32:36.0869 3516 megasas - ok
15:32:36.0885 3516 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
15:32:36.0885 3516 MegaSR - ok
15:32:36.0916 3516 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
15:32:36.0916 3516 MEIx64 - ok
15:32:36.0932 3516 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:32:36.0932 3516 MMCSS - ok
15:32:36.0947 3516 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:32:36.0947 3516 Modem - ok
15:32:36.0978 3516 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:32:36.0978 3516 monitor - ok
15:32:36.0978 3516 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
15:32:36.0994 3516 mouclass - ok
15:32:36.0994 3516 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
15:32:36.0994 3516 mouhid - ok
15:32:37.0010 3516 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
15:32:37.0010 3516 mountmgr - ok
15:32:37.0025 3516 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
15:32:37.0025 3516 mpio - ok
15:32:37.0041 3516 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:32:37.0041 3516 mpsdrv - ok
15:32:37.0072 3516 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
15:32:37.0088 3516 MpsSvc - ok
15:32:37.0103 3516 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
15:32:37.0103 3516 MRxDAV - ok
15:32:37.0134 3516 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
15:32:37.0134 3516 mrxsmb - ok
15:32:37.0181 3516 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:32:37.0181 3516 mrxsmb10 - ok
15:32:37.0212 3516 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:32:37.0212 3516 mrxsmb20 - ok
15:32:37.0228 3516 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
15:32:37.0228 3516 msahci - ok
15:32:37.0244 3516 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
15:32:37.0244 3516 msdsm - ok
15:32:37.0259 3516 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
15:32:37.0275 3516 MSDTC - ok
15:32:37.0290 3516 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:32:37.0290 3516 Msfs - ok
15:32:37.0290 3516 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:32:37.0290 3516 mshidkmdf - ok
15:32:37.0306 3516 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
15:32:37.0306 3516 msisadrv - ok
15:32:37.0353 3516 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
15:32:37.0353 3516 MSiSCSI - ok
15:32:37.0353 3516 msiserver - ok
15:32:37.0368 3516 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:32:37.0384 3516 MSKSSRV - ok
15:32:37.0384 3516 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:32:37.0400 3516 MSPCLOCK - ok
15:32:37.0400 3516 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:32:37.0400 3516 MSPQM - ok
15:32:37.0462 3516 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
15:32:37.0462 3516 MsRPC - ok
15:32:37.0493 3516 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
15:32:37.0493 3516 mssmbios - ok
15:32:37.0493 3516 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:32:37.0493 3516 MSTEE - ok
15:32:37.0509 3516 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
15:32:37.0509 3516 MTConfig - ok
15:32:37.0524 3516 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:32:37.0524 3516 Mup - ok
15:32:37.0540 3516 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
15:32:37.0556 3516 napagent - ok
15:32:37.0587 3516 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:32:37.0587 3516 NativeWifiP - ok
15:32:37.0634 3516 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
15:32:37.0649 3516 NDIS - ok
15:32:37.0680 3516 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:32:37.0680 3516 NdisCap - ok
15:32:37.0696 3516 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:32:37.0696 3516 NdisTapi - ok
15:32:37.0712 3516 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
15:32:37.0727 3516 Ndisuio - ok
15:32:37.0743 3516 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
15:32:37.0743 3516 NdisWan - ok
15:32:37.0758 3516 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
15:32:37.0758 3516 NDProxy - ok
15:32:37.0774 3516 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:32:37.0774 3516 NetBIOS - ok
15:32:37.0790 3516 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
15:32:37.0790 3516 NetBT - ok
15:32:37.0805 3516 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:32:37.0821 3516 Netlogon - ok
15:32:37.0836 3516 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
15:32:37.0836 3516 Netman - ok
15:32:37.0868 3516 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
15:32:37.0868 3516 netprofm - ok
15:32:37.0914 3516 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:37.0914 3516 NetTcpPortSharing - ok
15:32:37.0930 3516 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
15:32:37.0930 3516 nfrd960 - ok
15:32:37.0961 3516 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
15:32:37.0961 3516 NlaSvc - ok
15:32:37.0977 3516 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:32:37.0977 3516 Npfs - ok
15:32:37.0992 3516 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
15:32:37.0992 3516 nsi - ok
15:32:38.0008 3516 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:32:38.0008 3516 nsiproxy - ok
15:32:38.0086 3516 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
15:32:38.0117 3516 Ntfs - ok
15:32:38.0180 3516 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:32:38.0180 3516 Null - ok
15:32:38.0242 3516 NVHDA (960e39a54e525df58cb29193147dffa1) C:\windows\system32\drivers\nvhda64v.sys
15:32:38.0242 3516 NVHDA - ok
15:32:38.0601 3516 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\windows\system32\DRIVERS\nvlddmkm.sys
15:32:38.0663 3516 nvlddmkm - ok
15:32:38.0741 3516 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
15:32:38.0757 3516 nvraid - ok
15:32:38.0772 3516 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
15:32:38.0772 3516 nvstor - ok
15:32:38.0819 3516 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\windows\system32\nvvsvc.exe
15:32:38.0835 3516 nvsvc - ok
15:32:38.0850 3516 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
15:32:38.0850 3516 nv_agp - ok
15:32:38.0866 3516 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
15:32:38.0866 3516 ohci1394 - ok
15:32:38.0960 3516 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:38.0960 3516 ose - ok
15:32:38.0991 3516 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:32:38.0991 3516 p2pimsvc - ok
15:32:39.0006 3516 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
15:32:39.0006 3516 p2psvc - ok
15:32:39.0038 3516 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
15:32:39.0038 3516 Parport - ok
15:32:39.0053 3516 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
15:32:39.0053 3516 partmgr - ok
15:32:39.0069 3516 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
15:32:39.0069 3516 PcaSvc - ok
15:32:39.0084 3516 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
15:32:39.0084 3516 pci - ok
15:32:39.0100 3516 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
15:32:39.0100 3516 pciide - ok
15:32:39.0131 3516 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
15:32:39.0131 3516 pcmcia - ok
15:32:39.0162 3516 PCTBD (99a3a277a99c437283324067970e1d37) C:\windows\system32\Drivers\PCTBD64.sys
15:32:39.0162 3516 PCTBD - ok
15:32:39.0225 3516 PCTCore (dbb55b4da79a6f59b63e233907ba6bae) C:\windows\system32\drivers\PCTCore64.sys
15:32:39.0225 3516 PCTCore - ok
15:32:39.0287 3516 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\windows\system32\drivers\pctDS64.sys
15:32:39.0287 3516 pctDS - ok
15:32:39.0365 3516 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\windows\system32\drivers\pctEFA64.sys
15:32:39.0396 3516 pctEFA - ok
15:32:39.0443 3516 pctgntdi (5b4b9d0e748aa06a8887fe79351c91f3) C:\Windows\System32\drivers\pctgntdi64.sys
15:32:39.0443 3516 pctgntdi - ok
15:32:39.0490 3516 pctplsg (db1f94051396af34fe521bfeececdb53) C:\Windows\System32\drivers\pctplsg64.sys
15:32:39.0490 3516 pctplsg - ok
15:32:39.0537 3516 PCTSD (afa19eff0197c474379ed904e25a995d) C:\windows\system32\Drivers\PCTSD64.sys
15:32:39.0537 3516 PCTSD - ok
15:32:39.0552 3516 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:32:39.0552 3516 pcw - ok
15:32:39.0584 3516 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:32:39.0599 3516 PEAUTH - ok
15:32:39.0646 3516 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
15:32:39.0646 3516 PerfHost - ok
15:32:39.0708 3516 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
15:32:39.0740 3516 pla - ok
15:32:39.0786 3516 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
15:32:39.0786 3516 PlugPlay - ok
15:32:39.0802 3516 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
15:32:39.0802 3516 PNRPAutoReg - ok
15:32:39.0833 3516 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:32:39.0833 3516 PNRPsvc - ok
15:32:39.0880 3516 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
15:32:39.0880 3516 PolicyAgent - ok
15:32:39.0896 3516 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
15:32:39.0896 3516 Power - ok
15:32:39.0942 3516 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
15:32:39.0942 3516 PptpMiniport - ok
15:32:39.0958 3516 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
15:32:39.0958 3516 Processor - ok
15:32:39.0974 3516 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
15:32:39.0974 3516 ProfSvc - ok
15:32:40.0005 3516 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:32:40.0005 3516 ProtectedStorage - ok
15:32:40.0020 3516 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
15:32:40.0020 3516 Psched - ok
15:32:40.0067 3516 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
15:32:40.0098 3516 ql2300 - ok
15:32:40.0192 3516 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
15:32:40.0192 3516 ql40xx - ok
15:32:40.0208 3516 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
15:32:40.0223 3516 QWAVE - ok
15:32:40.0223 3516 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:32:40.0239 3516 QWAVEdrv - ok
15:32:40.0239 3516 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:32:40.0254 3516 RasAcd - ok
15:32:40.0270 3516 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:32:40.0270 3516 RasAgileVpn - ok
15:32:40.0286 3516 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
15:32:40.0286 3516 RasAuto - ok
15:32:40.0301 3516 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
15:32:40.0301 3516 Rasl2tp - ok
15:32:40.0317 3516 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
15:32:40.0332 3516 RasMan - ok
15:32:40.0348 3516 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:32:40.0348 3516 RasPppoe - ok
15:32:40.0364 3516 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:32:40.0364 3516 RasSstp - ok
15:32:40.0379 3516 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
15:32:40.0379 3516 rdbss - ok
15:32:40.0395 3516 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
15:32:40.0395 3516 rdpbus - ok
15:32:40.0410 3516 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:32:40.0410 3516 RDPCDD - ok
15:32:40.0426 3516 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:32:40.0426 3516 RDPENCDD - ok
15:32:40.0442 3516 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:32:40.0442 3516 RDPREFMP - ok
15:32:40.0473 3516 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
15:32:40.0473 3516 RDPWD - ok
15:32:40.0504 3516 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
15:32:40.0504 3516 rdyboost - ok
15:32:40.0520 3516 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
15:32:40.0535 3516 RemoteAccess - ok
15:32:40.0551 3516 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
15:32:40.0551 3516 RemoteRegistry - ok
15:32:40.0566 3516 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
15:32:40.0566 3516 RpcEptMapper - ok
15:32:40.0566 3516 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
15:32:40.0582 3516 RpcLocator - ok
15:32:40.0598 3516 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:32:40.0598 3516 RpcSs - ok
15:32:40.0613 3516 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:32:40.0613 3516 rspndr - ok
15:32:40.0629 3516 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:32:40.0629 3516 SamSs - ok
15:32:40.0660 3516 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
15:32:40.0660 3516 sbp2port - ok
15:32:40.0676 3516 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
15:32:40.0676 3516 SCardSvr - ok
15:32:40.0691 3516 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
15:32:40.0691 3516 scfilter - ok
15:32:40.0722 3516 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
15:32:40.0738 3516 Schedule - ok
15:32:40.0769 3516 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:32:40.0769 3516 SCPolicySvc - ok
15:32:40.0863 3516 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
15:32:40.0863 3516 sdAuxService - ok
15:32:40.0910 3516 sdCoreService (697e0a2a300ee8719cafae55b4771053) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
15:32:40.0925 3516 sdCoreService - ok
15:32:41.0019 3516 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
15:32:41.0019 3516 SDRSVC - ok
15:32:41.0050 3516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:32:41.0050 3516 secdrv - ok
15:32:41.0066 3516 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
15:32:41.0066 3516 seclogon - ok
15:32:41.0081 3516 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
15:32:41.0081 3516 SENS - ok
15:32:41.0112 3516 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
15:32:41.0112 3516 SensrSvc - ok
15:32:41.0128 3516 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
15:32:41.0128 3516 Serenum - ok
15:32:41.0159 3516 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
15:32:41.0159 3516 Serial - ok
15:32:41.0190 3516 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
15:32:41.0190 3516 sermouse - ok
15:32:41.0206 3516 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
15:32:41.0206 3516 SessionEnv - ok
15:32:41.0222 3516 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
15:32:41.0222 3516 sffdisk - ok
15:32:41.0237 3516 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
15:32:41.0237 3516 sffp_mmc - ok
15:32:41.0253 3516 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
15:32:41.0253 3516 sffp_sd - ok
15:32:41.0253 3516 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
15:32:41.0268 3516 sfloppy - ok
15:32:41.0300 3516 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
15:32:41.0315 3516 SharedAccess - ok
15:32:41.0331 3516 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
15:32:41.0331 3516 ShellHWDetection - ok
15:32:41.0362 3516 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
15:32:41.0362 3516 SiSRaid2 - ok
15:32:41.0378 3516 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
15:32:41.0378 3516 SiSRaid4 - ok
15:32:41.0393 3516 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:32:41.0393 3516 Smb - ok
15:32:41.0424 3516 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
15:32:41.0424 3516 SNMPTRAP - ok
15:32:41.0440 3516 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:32:41.0440 3516 spldr - ok
15:32:41.0456 3516 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
15:32:41.0471 3516 Spooler - ok
15:32:41.0565 3516 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
15:32:41.0580 3516 sppsvc - ok
15:32:41.0674 3516 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
15:32:41.0690 3516 sppuinotify - ok
15:32:41.0783 3516 sptd (602884696850c86434530790b110e8eb) C:\windows\System32\Drivers\sptd.sys
15:32:41.0783 3516 sptd - ok
15:32:41.0846 3516 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
15:32:41.0846 3516 srv - ok
15:32:41.0861 3516 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
15:32:41.0861 3516 srv2 - ok
15:32:41.0877 3516 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
15:32:41.0877 3516 srvnet - ok
15:32:41.0908 3516 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
15:32:41.0908 3516 SSDPSRV - ok
15:32:41.0924 3516 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
15:32:41.0924 3516 SstpSvc - ok
15:32:41.0939 3516 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
15:32:41.0939 3516 stexstor - ok
15:32:41.0986 3516 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
15:32:41.0986 3516 stisvc - ok
15:32:42.0002 3516 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
15:32:42.0002 3516 swenum - ok
15:32:42.0033 3516 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
15:32:42.0033 3516 swprv - ok
15:32:42.0095 3516 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
15:32:42.0095 3516 SysMain - ok
15:32:42.0142 3516 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
15:32:42.0142 3516 TabletInputService - ok
15:32:42.0158 3516 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
15:32:42.0158 3516 TapiSrv - ok
15:32:42.0158 3516 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
15:32:42.0158 3516 TBS - ok
15:32:42.0251 3516 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
15:32:42.0282 3516 Tcpip - ok
15:32:42.0376 3516 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
15:32:42.0392 3516 TCPIP6 - ok
15:32:42.0423 3516 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
15:32:42.0423 3516 tcpipreg - ok
15:32:42.0438 3516 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:32:42.0438 3516 TDPIPE - ok
15:32:42.0470 3516 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
15:32:42.0485 3516 TDTCP - ok
15:32:42.0501 3516 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
15:32:42.0501 3516 tdx - ok
15:32:42.0501 3516 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
15:32:42.0516 3516 TermDD - ok
15:32:42.0548 3516 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
15:32:42.0548 3516 TermService - ok
15:32:42.0610 3516 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\windows\system32\drivers\TfFsMon.sys
15:32:42.0610 3516 TfFsMon - ok
15:32:42.0626 3516 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\windows\system32\drivers\TfNetMon.sys
15:32:42.0626 3516 TfNetMon - ok
15:32:42.0704 3516 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\windows\system32\drivers\TfSysMon.sys
15:32:42.0704 3516 TFSysMon - ok
15:32:42.0704 3516 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
15:32:42.0719 3516 Themes - ok
15:32:42.0750 3516 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:32:42.0750 3516 THREADORDER - ok
15:32:42.0828 3516 ThreatFire - ok
15:32:42.0828 3516 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
15:32:42.0828 3516 TrkWks - ok
15:32:42.0860 3516 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
15:32:42.0860 3516 TrustedInstaller - ok
15:32:42.0875 3516 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
15:32:42.0875 3516 tssecsrv - ok
15:32:42.0906 3516 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
15:32:42.0906 3516 TsUsbFlt - ok
15:32:42.0938 3516 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
15:32:42.0938 3516 TsUsbGD - ok
15:32:42.0953 3516 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
15:32:42.0953 3516 tunnel - ok
15:32:42.0969 3516 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
15:32:42.0969 3516 uagp35 - ok
15:32:43.0000 3516 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
15:32:43.0000 3516 udfs - ok
15:32:43.0016 3516 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
15:32:43.0016 3516 UI0Detect - ok
15:32:43.0062 3516 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
15:32:43.0062 3516 uliagpkx - ok
15:32:43.0078 3516 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
15:32:43.0078 3516 umbus - ok
15:32:43.0094 3516 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
15:32:43.0094 3516 UmPass - ok
15:32:43.0218 3516 UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:32:43.0234 3516 UNS - ok
15:32:43.0328 3516 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
15:32:43.0328 3516 upnphost - ok
15:32:43.0390 3516 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
15:32:43.0390 3516 usbaudio - ok
15:32:43.0437 3516 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
15:32:43.0437 3516 usbccgp - ok
15:32:43.0452 3516 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
15:32:43.0452 3516 usbcir - ok
15:32:43.0484 3516 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
15:32:43.0484 3516 usbehci - ok
15:32:43.0499 3516 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
15:32:43.0499 3516 usbhub - ok
15:32:43.0515 3516 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
15:32:43.0515 3516 usbohci - ok
15:32:43.0530 3516 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
15:32:43.0530 3516 usbprint - ok
15:32:43.0577 3516 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
15:32:43.0577 3516 usbscan - ok
15:32:43.0593 3516 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:32:43.0593 3516 USBSTOR - ok
15:32:43.0608 3516 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
15:32:43.0608 3516 usbuhci - ok
15:32:43.0624 3516 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
15:32:43.0624 3516 UxSms - ok
15:32:43.0655 3516 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:32:43.0655 3516 VaultSvc - ok
15:32:43.0655 3516 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
15:32:43.0671 3516 vdrvroot - ok
15:32:43.0686 3516 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
15:32:43.0702 3516 vds - ok
15:32:43.0718 3516 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:32:43.0718 3516 vga - ok
15:32:43.0733 3516 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:32:43.0733 3516 VgaSave - ok
15:32:43.0749 3516 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
15:32:43.0749 3516 vhdmp - ok
15:32:43.0780 3516 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
15:32:43.0780 3516 viaide - ok
15:32:43.0796 3516 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
15:32:43.0796 3516 volmgr - ok
15:32:43.0811 3516 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
15:32:43.0811 3516 volmgrx - ok
15:32:43.0842 3516 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
15:32:43.0842 3516 volsnap - ok
15:32:43.0858 3516 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
15:32:43.0858 3516 vsmraid - ok
15:32:43.0920 3516 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
15:32:43.0936 3516 VSS - ok
15:32:44.0030 3516 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys
15:32:44.0030 3516 vwifibus - ok
15:32:44.0061 3516 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
15:32:44.0076 3516 W32Time - ok
15:32:44.0092 3516 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
15:32:44.0092 3516 WacomPen - ok
15:32:44.0123 3516 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:32:44.0123 3516 WANARP - ok
15:32:44.0123 3516 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:32:44.0123 3516 Wanarpv6 - ok
15:32:44.0186 3516 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
15:32:44.0201 3516 WatAdminSvc - ok
15:32:44.0264 3516 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
15:32:44.0295 3516 wbengine - ok
15:32:44.0342 3516 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
15:32:44.0342 3516 WbioSrvc - ok
15:32:44.0357 3516 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
15:32:44.0373 3516 wcncsvc - ok
15:32:44.0388 3516 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
15:32:44.0388 3516 WcsPlugInService - ok
15:32:44.0404 3516 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
15:32:44.0404 3516 Wd - ok
15:32:44.0435 3516 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:32:44.0435 3516 Wdf01000 - ok
15:32:44.0451 3516 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:32:44.0451 3516 WdiServiceHost - ok
15:32:44.0466 3516 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:32:44.0466 3516 WdiSystemHost - ok
15:32:44.0482 3516 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
15:32:44.0482 3516 WebClient - ok
15:32:44.0513 3516 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
15:32:44.0513 3516 Wecsvc - ok
15:32:44.0529 3516 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
15:32:44.0529 3516 wercplsupport - ok
15:32:44.0560 3516 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
15:32:44.0560 3516 WerSvc - ok
15:32:44.0591 3516 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:32:44.0591 3516 WfpLwf - ok
15:32:44.0607 3516 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:32:44.0607 3516 WIMMount - ok
15:32:44.0638 3516 WinDefend - ok
15:32:44.0638 3516 WinHttpAutoProxySvc - ok
15:32:44.0685 3516 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
15:32:44.0700 3516 Winmgmt - ok
15:32:44.0763 3516 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
15:32:44.0810 3516 WinRM - ok
15:32:44.0919 3516 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
15:32:44.0919 3516 Wlansvc - ok
15:32:44.0981 3516 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:32:44.0981 3516 wlcrasvc - ok
15:32:45.0090 3516 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:32:45.0106 3516 wlidsvc - ok
15:32:45.0168 3516 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
15:32:45.0168 3516 WmiAcpi - ok
15:32:45.0184 3516 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
15:32:45.0200 3516 wmiApSrv - ok
15:32:45.0200 3516 WMPNetworkSvc - ok
15:32:45.0231 3516 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
15:32:45.0231 3516 WPCSvc - ok
15:32:45.0246 3516 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
15:32:45.0246 3516 WPDBusEnum - ok
15:32:45.0262 3516 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:32:45.0262 3516 ws2ifsl - ok
15:32:45.0262 3516 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
15:32:45.0278 3516 wscsvc - ok
15:32:45.0278 3516 WSearch - ok
15:32:45.0309 3516 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
15:32:45.0309 3516 wsvd - ok
15:32:45.0387 3516 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
15:32:45.0434 3516 wuauserv - ok
15:32:45.0480 3516 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
15:32:45.0480 3516 WudfPf - ok
15:32:45.0496 3516 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
15:32:45.0496 3516 WUDFRd - ok
15:32:45.0512 3516 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
15:32:45.0527 3516 wudfsvc - ok
15:32:45.0527 3516 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
15:32:45.0543 3516 WwanSvc - ok
15:32:45.0574 3516 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
15:32:45.0574 3516 yukonw7 - ok
15:32:45.0605 3516 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:32:45.0605 3516 \Device\Harddisk0\DR0 - ok
15:32:45.0621 3516 Boot (0x1200) (de36fcb10f84f2ecc248c4747cbc7942) \Device\Harddisk0\DR0\Partition0
15:32:45.0621 3516 \Device\Harddisk0\DR0\Partition0 - ok
15:32:45.0636 3516 Boot (0x1200) (7158fe82949ede2d92fbdd7ed09c6ffd) \Device\Harddisk0\DR0\Partition1
15:32:45.0636 3516 \Device\Harddisk0\DR0\Partition1 - ok
15:32:45.0636 3516 ============================================================
15:32:45.0636 3516 Scan finished
15:32:45.0636 3516 ============================================================
15:32:45.0636 3012 Detected object count: 0
15:32:45.0636 3012 Actual detected object count: 0





AND:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 15:36:46
-----------------------------
15:36:46.298 OS Version: Windows x64 6.1.7601 Service Pack 1
15:36:46.298 Number of processors: 2 586 0x2A07
15:36:46.298 ComputerName: KNIGHT-PC UserName: Knight
15:36:47.702 Initialize success
15:41:11.751 AVAST engine defs: 12042501
16:15:08.225 The log file has been saved successfully to "C:\Users\Knight\Desktop\aswMBR.txt"
16:15:24.905 The log file has been saved successfully to "D:\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 25 April 2012 - 09:50 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Whaler31

Whaler31
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 25 April 2012 - 10:17 PM

I just wanted to thank you for sticking with it on this horrible malware. I think this will be the 10th separate program I have d/loaded and run thus far, to no avail. Hopefully, this last one OTL will help.

I know that this malware/virus came from an add-on file for the program "VideoPad Video Editor". The add-on was called "DeShaker".

Here is the OTL log:

OTL logfile created on: 4/25/2012 8:09:09 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Knight\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.56 Gb Available Physical Memory | 82.14% Memory free
15.96 Gb Paging File | 14.44 Gb Available in Paging File | 90.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 803.23 Gb Free Space | 88.62% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.12 Gb Free Space | 94.09% Space Free | Partition Type: UDF

Computer Name: KNIGHT-PC | User Name: Knight | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Knight\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe ()
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\jmesoft\hotkey.exe (JME)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll ()
MOD - C:\Program Files (x86)\jmesoft\KeyHook.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccats.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll ()
MOD - C:\Windows\SysWOW64\LXECsmr.dll ()
MOD - C:\Windows\SysWOW64\LXECsm.dll ()
MOD - C:\Program Files (x86)\jmesoft\VistaVolume.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (lxec_device) -- C:\Windows\SysNative\lxeccoms.exe ( )
SRV:64bit: - (lxecCATSCustConnectService) -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (ThreatFire) -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (lxecCATSCustConnectService) -- C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV - (lxec_device) -- C:\Windows\SysWOW64\lxeccoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys (PC Tools)
DRV:64bit: - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools)
DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys (PC Tools)
DRV:64bit: - (PCTBD) -- C:\Windows\SysNative\drivers\PCTBD64.sys (PC Tools)
DRV:64bit: - (TFSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (GeneStor) -- C:\Windows\SysNative\drivers\GeneStor.sys (GenesysLogic)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb133?a=6OyzBlVMrM&i=26
IE - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb133/?search={searchTerms}&loc=IB_DS&a=6OyzBlVMrM&i=26
IE - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb133?a=6OyzBlVMrM&i=26"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/04/22 16:31:35 | 000,000,000 | ---D | M]

[2011/07/17 15:58:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Knight\AppData\Roaming\Mozilla\Extensions
[2012/04/21 20:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions
[2012/03/03 23:35:51 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/03/03 23:22:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/04/21 20:15:45 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\ffxtlbr@incredibar.com
[2012/04/21 20:15:39 | 000,002,203 | ---- | M] () -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\searchplugins\MyStart Search.xml
[2012/04/02 00:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/02 00:09:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/25 14:22:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Knight\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61EFE29E-D40B-4C22-B3F9-5D9FDC44B62D}: NameServer = 4.2.2.2,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD13195E-03E8-4AEF-A7D7-807AC760C08D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 20:01:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Knight\Desktop\OTL.exe
[2012/04/25 15:31:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Knight\Desktop\aswMBR.exe
[2012/04/25 15:31:29 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Knight\Desktop\tdsskiller.exe
[2012/04/25 14:35:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/25 14:33:56 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/04/24 22:01:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Knight\Desktop\dds.com
[2012/04/24 20:21:39 | 000,000,000 | ---D | C] -- C:\Users\Knight\Documents\VIDEO_TS
[2012/04/24 20:21:39 | 000,000,000 | ---D | C] -- C:\Users\Knight\Documents\AUDIO_TS
[2012/04/24 14:46:10 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\MigWiz
[2012/04/24 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\Knight\Desktop\AUDIO_TS
[2012/04/23 13:17:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/23 13:17:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/23 13:17:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/23 13:17:08 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/23 13:15:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/23 12:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/04/23 12:38:34 | 000,000,000 | ---D | C] -- C:\Lenovo
[2012/04/22 22:16:19 | 000,000,000 | ---D | C] -- C:\Users\Knight\Desktop\History PCTools
[2012/04/22 20:02:35 | 055,154,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2012/04/22 20:02:34 | 000,000,000 | ---D | C] -- C:\6b7cfd5e2ba78cdcfc8e02a4
[2012/04/22 16:31:49 | 000,706,776 | --S- | C] (PC Tools) -- C:\windows\SysNative\drivers\TfSysMon.sys
[2012/04/22 16:31:49 | 000,065,664 | --S- | C] (PC Tools) -- C:\windows\SysNative\drivers\TfFsMon.sys
[2012/04/22 16:31:49 | 000,041,968 | --S- | C] (PC Tools) -- C:\windows\SysNative\drivers\TfNetMon.sys
[2012/04/22 16:31:12 | 000,339,608 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[2012/04/22 16:31:12 | 000,145,432 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2012/04/22 16:31:08 | 000,014,776 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctBTFix64.sys
[2012/04/22 16:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/04/22 16:31:07 | 000,092,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2012/04/22 16:30:27 | 001,096,176 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys
[2012/04/22 16:30:27 | 000,453,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys
[2012/04/22 16:30:26 | 000,426,104 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2012/04/22 01:13:05 | 000,866,526 | ---- | C] (PC Tools) -- C:\Users\Knight\Desktop\pcSpec.exe
[2012/04/21 21:37:10 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\PCTools
[2012/04/21 20:18:33 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\Deshaker
[2012/04/17 15:45:05 | 000,000,000 | R--D | C] -- C:\Users\Knight\Documents\Scanned Documents
[2012/04/17 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\Knight\Documents\Fax
[2012/04/16 20:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
[2012/04/15 22:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012/04/15 18:50:22 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\DVDVideoSoft_Ltd
[2012/04/12 03:02:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/12 03:02:36 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/04/12 03:02:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/12 03:02:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/12 03:02:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/12 03:02:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/12 03:02:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/12 03:02:35 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/04/12 03:02:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/04/12 03:02:35 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/04/12 03:02:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/04/12 03:02:22 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/04/12 03:02:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/04/12 03:02:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/12 03:00:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/04/12 03:00:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/12 03:00:16 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/10 09:00:36 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{BC58289D-E97D-430C-AB8B-AB938DC5807A}
[2012/04/10 09:00:25 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{C857CF4E-7209-4DF3-BA5C-CA1FFE38EF76}
[2012/04/09 19:55:24 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{46B5B679-6345-483F-8FEE-9D8C94660370}
[2012/04/09 19:55:13 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{59776778-40CA-4968-AE8F-E9574966DB1E}
[2012/04/09 01:30:56 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\Windows Live Writer
[2012/04/09 01:30:56 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\Windows Live Writer
[2012/04/09 01:30:56 | 000,000,000 | ---D | C] -- C:\Users\Knight\Documents\My Weblog Posts
[2012/04/08 20:54:15 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{89DB1330-2B51-4F26-B39F-E8FFF2CCC3F2}
[2012/04/08 20:54:04 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{4BE5250B-D9CD-4D41-9B5F-EBB5DB7DAC4C}
[2012/04/07 21:30:25 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{EA4712F1-6101-48FB-AE1E-81F784E8B15B}
[2012/04/07 21:30:14 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{61029C4F-5E2D-4DCD-8750-55B878C1F2C0}
[2012/04/06 20:41:30 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/04/06 20:39:29 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fssfltr.sys
[2012/04/06 20:39:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2012/04/06 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Local\{6945FBD6-09B9-4A14-A3E1-ACFBEC862107}
[2012/04/02 18:03:12 | 000,000,000 | ---D | C] -- C:\Users\Knight\Desktop\BKDamonKnight
[2012/04/02 02:02:24 | 000,000,000 | ---D | C] -- C:\Users\Knight\Documents\VideoPad Video Editor Pro 2.40 (FULL + Keygen)
[2012/04/02 01:34:28 | 000,000,000 | ---D | C] -- C:\Users\Knight\AppData\Roaming\NCH Swift Sound
[2012/03/30 16:10:06 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/30 15:22:02 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/04/25 20:10:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/25 19:57:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Knight\Desktop\OTL.exe
[2012/04/25 19:56:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/25 15:25:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Knight\Desktop\aswMBR.exe
[2012/04/25 15:22:27 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Knight\Desktop\tdsskiller.exe
[2012/04/25 14:43:11 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 14:43:11 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 14:39:54 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/25 14:39:54 | 000,624,162 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/25 14:39:54 | 000,106,538 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/25 14:35:53 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 14:35:42 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012/04/25 14:35:37 | 2133,684,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 14:22:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/04/25 12:41:04 | 000,000,643 | ---- | M] () -- C:\Users\Knight\Desktop\ComboFix - Shortcut (3).lnk
[2012/04/25 12:13:28 | 000,000,643 | ---- | M] () -- C:\Users\Knight\Desktop\ComboFix - Shortcut (2).lnk
[2012/04/24 21:27:01 | 000,000,020 | ---- | M] () -- C:\Users\Knight\defogger_reenable
[2012/04/24 17:00:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Knight\Desktop\dds.com
[2012/04/24 16:59:02 | 000,879,714 | ---- | M] () -- C:\Users\Knight\Desktop\SecurityCheck.exe
[2012/04/24 16:56:30 | 000,050,477 | ---- | M] () -- C:\Users\Knight\Desktop\Defogger.exe
[2012/04/24 15:20:07 | 001,626,520 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2012/04/24 15:20:06 | 000,002,284 | ---- | M] () -- C:\Users\Knight\Desktop\Lenovo Rescue System.lnk
[2012/04/24 15:07:28 | 173,411,928 | ---- | M] () -- C:\Users\Knight\Desktop\Windows Easy Transfer - Items from old computer.MIG
[2012/04/23 21:02:08 | 000,000,643 | ---- | M] () -- C:\Users\Knight\Desktop\ComboFix - Shortcut.lnk
[2012/04/23 19:07:41 | 003,765,218 | ---- | M] () -- C:\Users\Knight\Desktop\My Start malware Capture.PNG
[2012/04/23 15:09:18 | 000,494,895 | ---- | M] () -- C:\Users\Knight\Desktop\PCTools Malware Detective md_report.xml
[2012/04/22 21:45:06 | 000,006,650 | ---- | M] () -- C:\Users\Knight\Desktop\DEER 022 - Shortcut.lnk
[2012/04/22 16:31:08 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/04/22 01:13:05 | 000,866,526 | ---- | M] (PC Tools) -- C:\Users\Knight\Desktop\pcSpec.exe
[2012/04/21 20:15:46 | 000,000,448 | ---- | M] () -- C:\user.js
[2012/04/21 18:37:40 | 000,001,312 | ---- | M] () -- C:\Users\Knight\Desktop\Free YouTube Uploader.lnk
[2012/04/19 21:14:32 | 653,703,998 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/04/17 22:11:48 | 000,760,528 | ---- | M] () -- C:\Users\Knight\Desktop\2011 Knight D Form 1040 Individual Tax Return.tax2011
[2012/04/17 16:03:03 | 000,095,437 | ---- | M] () -- C:\Users\Knight\Desktop\OR2011TAXEXT 40EXT-signed.pdf
[2012/04/17 15:49:19 | 000,132,392 | ---- | M] () -- C:\Users\Knight\Desktop\OR2011TAXEXT 40EXT.pdf
[2012/04/17 13:17:32 | 000,000,469 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/04/16 23:34:21 | 000,001,239 | ---- | M] () -- C:\Users\Knight\Desktop\DVDVideoSoft Free Studio.lnk
[2012/04/16 20:01:02 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/04/15 18:51:37 | 000,001,367 | ---- | M] () -- C:\Users\Knight\Desktop\Free Screen Video Recorder.lnk
[2012/04/14 19:23:06 | 000,042,401 | ---- | M] () -- C:\Users\Knight\Desktop\Bushama.jpg
[2012/04/13 19:10:09 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 19:10:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/13 19:10:06 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 18:19:18 | 000,034,455 | ---- | M] () -- C:\Users\Knight\Desktop\FacebookZuckerSpy.jpg
[2012/04/13 17:58:09 | 000,003,189 | ---- | M] () -- C:\Users\Knight\Desktop\PUPPY - Shortcut.lnk
[2012/04/13 17:57:59 | 000,003,238 | ---- | M] () -- C:\Users\Knight\Desktop\DEER 087 - Shortcut.lnk
[2012/04/13 17:57:48 | 000,003,238 | ---- | M] () -- C:\Users\Knight\Desktop\DEER 055 - Shortcut.lnk
[2012/04/13 17:57:42 | 000,003,238 | ---- | M] () -- C:\Users\Knight\Desktop\DEER 054 - Shortcut.lnk
[2012/04/13 17:57:31 | 000,003,238 | ---- | M] () -- C:\Users\Knight\Desktop\DEER 017 - Shortcut.lnk
[2012/04/13 17:57:24 | 000,003,238 | ---- | M] () -- C:\Users\Knight\Desktop\DEER 024 - Shortcut.lnk
[2012/04/13 17:57:11 | 000,003,273 | ---- | M] () -- C:\Users\Knight\Desktop\DEER 023 - Shortcut.lnk
[2012/04/12 21:25:08 | 000,697,433 | ---- | M] () -- C:\Users\Knight\Desktop\100_0021.MP4
[2012/04/11 20:47:22 | 000,000,017 | ---- | M] () -- C:\Users\Knight\AppData\Local\resmon.resmoncfg
[2012/04/03 19:31:25 | 002,008,195 | ---- | M] () -- C:\Users\Knight\Documents\04-03-2012 07;31;25PM.PDF
[2012/04/03 19:29:40 | 009,820,199 | ---- | M] () -- C:\Users\Knight\Documents\04-03-2012 07;29;38PM.PDF
[2012/04/03 19:27:01 | 008,577,878 | ---- | M] () -- C:\Users\Knight\Documents\04-03-2012 07;27;00PM.PDF
[2012/04/03 19:24:21 | 012,372,849 | ---- | M] () -- C:\Users\Knight\Documents\04-03-2012 07;24;20PM.PDF
[2012/04/03 19:18:40 | 000,976,791 | ---- | M] () -- C:\Users\Knight\Documents\04-03-2012 07;18;40PM.PDF
[2012/04/03 19:15:47 | 018,687,605 | ---- | M] () -- C:\Users\Knight\Documents\04-03-2012 07;15;45PM.PDF
[2012/04/03 19:08:11 | 018,709,547 | ---- | M] () -- C:\Users\Knight\Documents\04-03-2012 07;08;08PM.PDF
[2012/04/03 18:31:47 | 018,676,285 | ---- | M] () -- C:\Users\Knight\Documents\04-03-2012 06;31;45PM.PDF
[2012/04/03 18:20:06 | 000,054,854 | ---- | M] () -- C:\Users\Knight\Desktop\CricketBKCounselCertKnight.pdf
[2012/04/03 17:33:56 | 000,000,104 | ---- | M] () -- C:\Users\Knight\Desktop\Control Panel - Shortcut.lnk
[2012/04/02 19:31:23 | 004,916,628 | ---- | M] () -- C:\Users\Knight\Documents\04-02-2012 07;31;22PM.PDF
[2012/04/02 19:21:58 | 000,005,828 | ---- | M] () -- C:\Users\Knight\Documents\04-02-2012 07;21;54PM.RTF
[2012/04/02 19:17:45 | 004,157,802 | ---- | M] () -- C:\Users\Knight\Documents\04-02-2012 07;17;44PM.PDF
[2012/04/02 18:18:24 | 017,383,795 | ---- | M] () -- C:\Users\Knight\Documents\04-02-2012 06;18;22PM.PDF
[2012/04/02 18:14:30 | 000,490,060 | ---- | M] () -- C:\Users\Knight\Documents\CounselingCompletionCertificateKNIGHT.pdf
[2012/04/02 18:13:43 | 000,485,493 | ---- | M] () -- C:\Users\Knight\Documents\04-02-2012 06;13;43PM.PDF
[2012/04/02 18:02:55 | 013,635,936 | ---- | M] () -- C:\Users\Knight\Documents\WellFargoStatementsKNIGHT.pdf
[2012/04/02 17:51:03 | 013,633,013 | ---- | M] () -- C:\Users\Knight\Documents\04-02-2012 05;51;01PM.PDF
[2012/04/02 16:12:46 | 000,851,060 | ---- | M] () -- C:\Users\Knight\Documents\04-02-2012 04;12;14PM.RTF
[2012/04/02 16:00:24 | 000,926,727 | ---- | M] () -- C:\Users\Knight\Documents\04-02-2012 03;59;54PM.RTF
[2012/04/02 01:53:36 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\MixPad Audio Mixer.lnk
[2012/04/02 01:53:32 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2012/03/31 23:47:31 | 000,005,839 | ---- | M] () -- C:\Users\Knight\Documents\03-31-2012 11;47;26PM.RTF
[2012/03/29 03:02:04 | 055,154,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2012/03/28 21:50:31 | 000,145,408 | ---- | M] () -- C:\Users\Knight\Desktop\NDAA-OR-RES DOC.dot
[2012/03/28 21:45:39 | 000,550,344 | ---- | M] () -- C:\Users\Knight\Desktop\NDAA-OR-RES PDF.pdf
[2012/03/28 21:41:09 | 000,508,319 | ---- | M] () -- C:\Users\Knight\Desktop\NDAA Senate Yes Vote Rebuttal.pdf

========== Files Created - No Company Name ==========

[2012/04/25 12:41:04 | 000,000,643 | ---- | C] () -- C:\Users\Knight\Desktop\ComboFix - Shortcut (3).lnk
[2012/04/25 12:13:28 | 000,000,643 | ---- | C] () -- C:\Users\Knight\Desktop\ComboFix - Shortcut (2).lnk
[2012/04/24 22:01:17 | 000,879,714 | ---- | C] () -- C:\Users\Knight\Desktop\SecurityCheck.exe
[2012/04/24 21:27:00 | 000,000,020 | ---- | C] () -- C:\Users\Knight\defogger_reenable
[2012/04/24 21:25:57 | 000,050,477 | ---- | C] () -- C:\Users\Knight\Desktop\Defogger.exe
[2012/04/24 14:48:24 | 173,411,928 | ---- | C] () -- C:\Users\Knight\Desktop\Windows Easy Transfer - Items from old computer.MIG
[2012/04/23 21:02:08 | 000,000,643 | ---- | C] () -- C:\Users\Knight\Desktop\ComboFix - Shortcut.lnk
[2012/04/23 19:07:41 | 003,765,218 | ---- | C] () -- C:\Users\Knight\Desktop\My Start malware Capture.PNG
[2012/04/23 15:16:12 | 000,494,895 | ---- | C] () -- C:\Users\Knight\Desktop\PCTools Malware Detective md_report.xml
[2012/04/23 13:17:10 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/23 13:17:10 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/23 13:17:10 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/23 13:17:10 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/23 13:17:10 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/22 16:31:08 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/04/21 20:15:45 | 000,000,448 | ---- | C] () -- C:\user.js
[2012/04/21 18:37:40 | 000,001,312 | ---- | C] () -- C:\Users\Knight\Desktop\Free YouTube Uploader.lnk
[2012/04/17 15:52:27 | 000,095,437 | ---- | C] () -- C:\Users\Knight\Desktop\OR2011TAXEXT 40EXT-signed.pdf
[2012/04/17 15:49:19 | 000,132,392 | ---- | C] () -- C:\Users\Knight\Desktop\OR2011TAXEXT 40EXT.pdf
[2012/04/16 20:16:22 | 000,760,528 | ---- | C] () -- C:\Users\Knight\Desktop\2011 Knight D Form 1040 Individual Tax Return.tax2011
[2012/04/16 20:01:07 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/04/16 20:01:02 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2011.lnk
[2012/04/15 18:51:37 | 000,001,367 | ---- | C] () -- C:\Users\Knight\Desktop\Free Screen Video Recorder.lnk
[2012/04/14 19:24:48 | 000,042,401 | ---- | C] () -- C:\Users\Knight\Desktop\Bushama.jpg
[2012/04/13 18:19:51 | 000,034,455 | ---- | C] () -- C:\Users\Knight\Desktop\FacebookZuckerSpy.jpg
[2012/04/13 17:58:09 | 000,003,189 | ---- | C] () -- C:\Users\Knight\Desktop\PUPPY - Shortcut.lnk
[2012/04/13 17:57:59 | 000,003,238 | ---- | C] () -- C:\Users\Knight\Desktop\DEER 087 - Shortcut.lnk
[2012/04/13 17:57:48 | 000,003,238 | ---- | C] () -- C:\Users\Knight\Desktop\DEER 055 - Shortcut.lnk
[2012/04/13 17:57:42 | 000,003,238 | ---- | C] () -- C:\Users\Knight\Desktop\DEER 054 - Shortcut.lnk
[2012/04/13 17:57:31 | 000,003,238 | ---- | C] () -- C:\Users\Knight\Desktop\DEER 017 - Shortcut.lnk
[2012/04/13 17:57:24 | 000,003,238 | ---- | C] () -- C:\Users\Knight\Desktop\DEER 024 - Shortcut.lnk
[2012/04/13 17:57:11 | 000,003,273 | ---- | C] () -- C:\Users\Knight\Desktop\DEER 023 - Shortcut.lnk
[2012/04/13 17:55:45 | 000,006,650 | ---- | C] () -- C:\Users\Knight\Desktop\DEER 022 - Shortcut.lnk
[2012/04/12 21:25:08 | 000,697,433 | ---- | C] () -- C:\Users\Knight\Desktop\100_0021.MP4
[2012/04/11 20:47:22 | 000,000,017 | ---- | C] () -- C:\Users\Knight\AppData\Local\resmon.resmoncfg
[2012/04/03 19:31:25 | 002,008,195 | ---- | C] () -- C:\Users\Knight\Documents\04-03-2012 07;31;25PM.PDF
[2012/04/03 19:29:38 | 009,820,199 | ---- | C] () -- C:\Users\Knight\Documents\04-03-2012 07;29;38PM.PDF
[2012/04/03 19:27:00 | 008,577,878 | ---- | C] () -- C:\Users\Knight\Documents\04-03-2012 07;27;00PM.PDF
[2012/04/03 19:24:20 | 012,372,849 | ---- | C] () -- C:\Users\Knight\Documents\04-03-2012 07;24;20PM.PDF
[2012/04/03 19:18:40 | 000,976,791 | ---- | C] () -- C:\Users\Knight\Documents\04-03-2012 07;18;40PM.PDF
[2012/04/03 19:15:45 | 018,687,605 | ---- | C] () -- C:\Users\Knight\Documents\04-03-2012 07;15;45PM.PDF
[2012/04/03 19:08:08 | 018,709,547 | ---- | C] () -- C:\Users\Knight\Documents\04-03-2012 07;08;08PM.PDF
[2012/04/03 18:31:45 | 018,676,285 | ---- | C] () -- C:\Users\Knight\Documents\04-03-2012 06;31;45PM.PDF
[2012/04/03 18:20:06 | 000,054,854 | ---- | C] () -- C:\Users\Knight\Desktop\CricketBKCounselCertKnight.pdf
[2012/04/03 17:33:56 | 000,000,104 | ---- | C] () -- C:\Users\Knight\Desktop\Control Panel - Shortcut.lnk
[2012/04/02 19:31:22 | 004,916,628 | ---- | C] () -- C:\Users\Knight\Documents\04-02-2012 07;31;22PM.PDF
[2012/04/02 19:21:58 | 000,005,828 | ---- | C] () -- C:\Users\Knight\Documents\04-02-2012 07;21;54PM.RTF
[2012/04/02 19:17:44 | 004,157,802 | ---- | C] () -- C:\Users\Knight\Documents\04-02-2012 07;17;44PM.PDF
[2012/04/02 18:18:22 | 017,383,795 | ---- | C] () -- C:\Users\Knight\Documents\04-02-2012 06;18;22PM.PDF
[2012/04/02 18:14:30 | 000,490,060 | ---- | C] () -- C:\Users\Knight\Documents\CounselingCompletionCertificateKNIGHT.pdf
[2012/04/02 18:13:43 | 000,485,493 | ---- | C] () -- C:\Users\Knight\Documents\04-02-2012 06;13;43PM.PDF
[2012/04/02 18:02:55 | 013,635,936 | ---- | C] () -- C:\Users\Knight\Documents\WellFargoStatementsKNIGHT.pdf
[2012/04/02 17:51:01 | 013,633,013 | ---- | C] () -- C:\Users\Knight\Documents\04-02-2012 05;51;01PM.PDF
[2012/04/02 16:12:44 | 000,851,060 | ---- | C] () -- C:\Users\Knight\Documents\04-02-2012 04;12;14PM.RTF
[2012/04/02 16:00:23 | 000,926,727 | ---- | C] () -- C:\Users\Knight\Documents\04-02-2012 03;59;54PM.RTF
[2012/04/02 01:53:36 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audio Mixer.lnk
[2012/04/02 01:53:36 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\MixPad Audio Mixer.lnk
[2012/04/02 01:53:32 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2012/04/02 01:53:32 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2012/03/31 23:47:31 | 000,005,839 | ---- | C] () -- C:\Users\Knight\Documents\03-31-2012 11;47;26PM.RTF
[2012/03/30 15:22:17 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/28 21:50:30 | 000,145,408 | ---- | C] () -- C:\Users\Knight\Desktop\NDAA-OR-RES DOC.dot
[2012/03/28 21:45:39 | 000,550,344 | ---- | C] () -- C:\Users\Knight\Desktop\NDAA-OR-RES PDF.pdf
[2012/03/28 21:41:09 | 000,508,319 | ---- | C] () -- C:\Users\Knight\Desktop\NDAA Senate Yes Vote Rebuttal.pdf
[2012/01/09 17:56:44 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll0434.old
[2012/01/09 17:56:44 | 000,767,928 | ---- | C] () -- C:\windows\BDTSupport.dll
[2011/09/15 23:23:27 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/08/29 19:46:09 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxecinpa.dll
[2011/08/29 19:46:09 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxeccomx.dll
[2011/08/29 19:46:09 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\LXECinst.dll
[2011/08/29 19:46:08 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxecpmui.dll
[2011/08/29 19:46:08 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxeciesc.dll
[2011/08/29 19:46:08 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxecins.dll
[2011/08/29 19:46:08 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxecinsb.dll
[2011/08/29 19:46:08 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxecinsr.dll
[2011/08/29 19:46:08 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxecjswr.dll
[2011/08/29 19:46:08 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxeccur.dll
[2011/08/29 19:46:07 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxecserv.dll
[2011/08/29 19:46:07 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxecusb1.dll
[2011/08/29 19:46:07 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxeclmpm.dll
[2011/08/29 19:46:07 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxeccu.dll
[2011/08/29 19:46:07 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxeccub.dll
[2011/08/29 19:46:06 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxeccomc.dll
[2011/08/29 19:46:06 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxechbn3.dll
[2011/08/29 19:46:06 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxeccoms.exe
[2011/08/29 19:46:06 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxeccomm.dll
[2011/08/29 19:46:06 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxecih.exe
[2011/08/29 19:46:05 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxeccfg.exe
[2011/08/29 19:35:37 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXECsm.dll
[2011/08/29 19:35:37 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXECsmr.dll
[2011/08/05 13:22:33 | 000,743,066 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/20 23:35:28 | 000,304,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2011/04/27 18:00:14 | 000,000,023 | ---- | C] () -- C:\windows\SysWow64\drivers\psn.dat
[2011/04/26 20:53:09 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2011/04/26 20:53:09 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2011/04/26 20:02:20 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll
[2011/04/26 20:02:20 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\UMonit.exe
[2011/04/26 20:02:17 | 000,172,097 | ---- | C] () -- C:\windows\SysWow64\NoMSGuninstall.exe
[2011/04/26 20:02:17 | 000,000,767 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini
[2011/04/26 20:02:17 | 000,000,187 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini
[2011/04/26 19:59:33 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/02/12 12:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/11/19 03:22:36 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2010/11/19 03:22:33 | 000,206,952 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2010/11/19 03:22:29 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 26 April 2012 - 06:19 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84  
    IE - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb133?a=6OyzBlVMrM&i=26
    IE - HKU\S-1-5-21-1182291490-1180826050-772089516-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb133/?search={searchTerms}&loc=IB_DS&a=6OyzBlVMrM&i=26
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
    FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb133?a=6OyzBlVMrM&i=26"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
    [2012/03/03 23:35:51 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    [2012/03/03 23:22:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/04/21 20:15:45 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\ffxtlbr@incredibar.com
    [2012/04/21 20:15:39 | 000,002,203 | ---- | M] () -- C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\searchplugins\MyStart Search.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Whaler31

Whaler31
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 26 April 2012 - 06:50 PM

This is the OT log:

I just re-started computer. How do I check to see if that virus is gone?

Thanks!

Damon

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
HKU\S-1-5-21-1182291490-1180826050-772089516-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1182291490-1180826050-772089516-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: "http://mystart.incredibar.com/mb133?a=6OyzBlVMrM&i=26" removed from browser.startup.homepage
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\ffxtlbr@incredibar.com\content\imgs folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\ffxtlbr@incredibar.com\content folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\extensions\ffxtlbr@incredibar.com folder moved successfully.
C:\Users\Knight\AppData\Roaming\Mozilla\Firefox\Profiles\2pazja3q.default\searchplugins\MyStart Search.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Knight\Desktop\cmd.bat deleted successfully.
C:\Users\Knight\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Knight
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Knight
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.42.1 log created on 04262012_163916

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 26 April 2012 - 08:42 PM

Is it still redirecting?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Whaler31

Whaler31
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 26 April 2012 - 11:55 PM

Gringo,

No re-directing (yet!)

I had earlier changed the redirect page address from all the browsers, so I was worried it could come out from some hidden file or something.

I updated, and ran PC Tools antivirus and it found 283 infections and a total of like 300 in all (it rates them by danger level)

So far so good, I have had the infected computer online for about 5-6 hours now, and have up-dated all browser and windows update security patches.

So, I guess the answer is, that it's fixed, but you know what I meant right? (it could re-surface), I would imagine if it will do that, it would do it within a week or less.

What do you think??

Thanks

-Damon

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 PM

Posted 26 April 2012 - 11:58 PM

Greetings

If it is still on the computer it will show itself pretty quick

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users