Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef-HO, DNSChanger-VJ, and Trojan.Agent


  • This topic is locked This topic is locked
39 replies to this topic

#1 Mikey83

Mikey83

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 27 April 2012 - 08:37 PM

Having trouble with trojans/viruses. The main symptoms I am encountering at the moment is Google links redirecting and a random IE pop up window once in a while.

I believe the infections to be Win32.Sirefef-HO and Win32.DNSChanger-VJ. Malwarebytes also found Trojan.Agent.

Info noted in the Preparation Guide is pasted in below. Thanks for your help!

DDS log below. DDS txt and GMER files attached.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mikey at 20:05:05 on 2012-04-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.4588 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files (x86)\AlienRespawn\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://AlienwareArena.com
uDefault_Page_URL = hxxp://AlienwareArena.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [DT Soft] rundll32.exe "C:\Users\Mikey\AppData\Local\DT Soft\dxswezpk.dll",CreateTzanShell
uRun: [velnm] rundll32.exe "C:\Users\Mikey\AppData\Local\Temp\velnm.dll",CreateVolumeTextureFromFileExA
uRun: [usheds] rundll32.exe "C:\Users\Mikey\AppData\Local\Temp\usheds.dll",D3D11GetDevice
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup]
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{01876FEA-DF62-4B7D-AD11-2D47643971CC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6066AEF8-CF40-4D11-9430-7881E09B8BD7} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{6066AEF8-CF40-4D11-9430-7881E09B8BD7}\3586F66756C686561646D2537484A7 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{6066AEF8-CF40-4D11-9430-7881E09B8BD7}\35D616074696 : DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{6066AEF8-CF40-4D11-9430-7881E09B8BD7}\4646D2772747 : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{6066AEF8-CF40-4D11-9430-7881E09B8BD7}\84F6D656 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6066AEF8-CF40-4D11-9430-7881E09B8BD7}\C496E6B6379737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6066AEF8-CF40-4D11-9430-7881E09B8BD7}\C496E6B637973723 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E03EB1D6-1CFF-439E-8816-75E1D29ECDBA} : DhcpNameServer = 172.26.38.1 172.26.38.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\dhgcgorv.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdfltn.sys --> C:\Windows\system32\DRIVERS\stdfltn.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-14 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-14 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2011-9-14 60928]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-27 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-14 1612392]
R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-9-14 1692480]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-4-27 667208]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\drivers\johci.sys --> C:\Windows\system32\drivers\johci.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-28 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-28 136176]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-28 00:24:16 -------- d-----w- C:\Program Files\Carbonite
2012-04-28 00:23:47 -------- d-----w- C:\ProgramData\Carbonite
2012-04-28 00:23:47 -------- d-----w- C:\Program Files (x86)\Carbonite
2012-04-27 22:31:13 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-27 22:21:21 148112 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-04-27 22:21:21 112616 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-04-27 22:21:20 -------- d-----w- C:\Program Files\Webroot
2012-04-27 21:20:05 -------- d-----w- C:\Program Files (x86)\Webroot
2012-04-27 21:20:04 -------- d-----w- C:\ProgramData\WRData
2012-04-27 20:01:39 -------- d-----w- C:\Users\Mikey\AppData\Roaming\Malwarebytes
2012-04-27 20:01:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-27 20:01:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-27 19:53:46 -------- d-----we C:\Windows\system64
2012-04-23 03:03:13 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-04-22 16:50:33 -------- d-----w- C:\Users\Mikey\My Backup Files
2012-04-22 07:53:57 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-22 07:53:07 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-22 07:53:07 -------- d-----w- C:\Program Files\AVAST Software
2012-04-22 04:18:28 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-22 04:17:30 -------- d-----w- C:\Users\Mikey\AppData\Local\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-22 02:27:23 -------- d-----w- C:\Users\Mikey\AppData\Local\DT Soft
2012-04-21 01:53:40 -------- d-----w- C:\Program Files\iPod
2012-04-21 01:53:39 -------- d-----w- C:\Program Files\iTunes
2012-04-21 01:53:39 -------- d-----w- C:\Program Files (x86)\iTunes
2012-04-21 01:49:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-21 01:49:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-21 01:49:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-21 01:49:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-21 01:49:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-21 01:49:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-21 01:49:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-19 01:12:17 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{47C7F3F6-85CF-4FB2-8A1C-67D21053B722}\mpengine.dll
2012-04-17 01:13:56 -------- d-----w- C:\Users\Mikey\AppData\Roaming\MPEG Streamclip
2012-04-15 13:02:05 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-15 12:49:12 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-13 23:54:53 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-13 23:54:52 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-04 03:20:45 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
.
==================== Find3M ====================
.
2012-04-15 13:02:09 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:05:57.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 AM

Posted 27 April 2012 - 11:23 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mikey83

Mikey83
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 28 April 2012 - 07:42 AM

Hi Gringo, thanks for the quick response and your help.

I ran Security Check and Combofix and pasted the logs below. I was receiving illegal operation errors after ComboFix, so I restarted as directed. Windows would not load normally after the restart, and I was forced to load an earlier system restore point (from last night).

I am still not able to enable Windows Firewall and receive the error: "Windows Firewall with Advanced Security snap-in failed to load." It's error code 0x6D9.

I also received 3 RunDLL errors after post system restore restart:
1) C:\Users\...\AppData\Local\DT Soft\dxwezpk.dll is not a valid Win32 application.
2) C:\Users\...\AppData\Local\Temp\usheds.dll - specified module could not be found.
3) C:\Users\...\AppData\Local\Temp\velnm.dll - specified module could not be found.

On the plus side, my Google links are not redirecting like they had previously.

Thanks again,
Mike

------------------------

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 27
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

------------------------

ComboFix 12-04-28.01 - Mikey 04/28/2012 6:56.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.5565 [GMT -5:00]
Running from: c:\users\Mikey\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mikey\AppData\Local\DT Soft\dxswezpk.dll
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\ac3file.ax
c:\windows\SysWow64\ac3filter.ax
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cdxareader.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\DCBassSource.ax
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\ffdshow.ax
c:\windows\SysWow64\FLVSplitter.ax
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\Ivinav.ax
c:\windows\SysWow64\IVIVIDEO.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\RealMediaSplitter.ax
c:\windows\SysWow64\splitter.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 02:38 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-28 02:34 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-28 02:34 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-28 02:34 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 02:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-28 02:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-28 02:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-28 02:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-28 02:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-28 02:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-28 02:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-28 02:03 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-28 02:01 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-28 02:01 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-28 00:24 . 2012-04-28 00:24 -------- d-----w- c:\program files\Carbonite
2012-04-28 00:23 . 2012-04-28 00:23 -------- d-----w- c:\programdata\Carbonite
2012-04-28 00:23 . 2012-04-28 00:23 -------- d-----w- c:\program files (x86)\Carbonite
2012-04-27 22:31 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 22:21 . 2012-04-28 12:06 148112 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-04-27 22:21 . 2012-04-27 22:21 112616 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-04-27 22:21 . 2012-04-27 22:21 -------- d-----w- c:\program files\Webroot
2012-04-27 21:20 . 2012-04-27 22:08 -------- d-----w- c:\program files (x86)\Webroot
2012-04-27 21:20 . 2012-04-28 12:06 -------- d-----w- c:\programdata\WRData
2012-04-27 20:01 . 2012-04-27 20:01 -------- d-----w- c:\users\Mikey\AppData\Roaming\Malwarebytes
2012-04-27 20:01 . 2012-04-27 20:01 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 20:01 . 2012-04-27 22:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 03:04 . 2012-04-27 22:15 -------- d-----w- c:\users\Mikey\AppData\Roaming\Yahoo!
2012-04-23 03:04 . 2012-04-27 22:15 -------- d-----w- c:\programdata\Yahoo! Companion
2012-04-23 03:04 . 2012-04-23 03:04 -------- d-----w- c:\programdata\Yahoo!
2012-04-23 03:03 . 2012-04-27 22:10 -------- d-----w- c:\program files (x86)\Yahoo!
2012-04-22 16:50 . 2012-04-22 16:50 -------- d-----w- c:\users\Mikey\My Backup Files
2012-04-22 07:53 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-22 07:53 . 2012-04-27 22:15 -------- d-----w- c:\programdata\AVAST Software
2012-04-22 07:53 . 2012-04-27 22:10 -------- d-----w- c:\program files\AVAST Software
2012-04-22 04:18 . 2012-04-28 12:06 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-22 04:17 . 2012-04-22 04:17 -------- d-----w- c:\users\Mikey\AppData\Local\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-22 02:27 . 2012-04-28 12:03 -------- d-----w- c:\users\Mikey\AppData\Local\DT Soft
2012-04-21 01:53 . 2012-04-21 01:53 -------- d-----w- c:\program files\iPod
2012-04-21 01:53 . 2012-04-21 01:54 -------- d-----w- c:\program files\iTunes
2012-04-21 01:53 . 2012-04-21 01:54 -------- d-----w- c:\program files (x86)\iTunes
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-21 01:49 . 2012-04-21 01:49 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-19 01:12 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47C7F3F6-85CF-4FB2-8A1C-67D21053B722}\mpengine.dll
2012-04-17 01:13 . 2012-04-17 01:13 -------- d-----w- c:\users\Mikey\AppData\Roaming\MPEG Streamclip
2012-04-15 13:02 . 2012-04-15 13:02 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-15 12:49 . 2012-04-15 13:02 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 12:49 . 2012-04-15 12:49 -------- d-----w- c:\windows\system32\Macromed
2012-04-13 23:54 . 2012-04-13 23:54 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-13 23:54 . 2012-04-13 23:54 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-04 03:20 . 2012-04-04 03:20 -------- d-----w- c:\program files (x86)\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 13:02 . 2011-09-15 02:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"DT Soft"="c:\users\Mikey\AppData\Local\DT Soft\dxswezpk.dll" [BU]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"FAStartup"="" [BU]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-13 1362544]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-04-13 503942]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-04-27 667208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-9-21 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-26 60928]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-26 1612392]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-04-27 667208]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 13:02]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 01:38]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 01:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-26 276584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"(Default)"="" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-04-13 5016112]
"combofix"="c:\combofix\CF1721.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AEADIFilters
s116nd5
incdrm
SABSVC
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{01876FEA-DF62-4B7D-AD11-2D47643971CC}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\dhgcgorv.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\AlienRespawn\TOASTER.EXE
c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files\Alienware\Command Center\AlienFusionController.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-04-28 07:12:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-28 12:12
ComboFix2.txt 2012-04-27 19:43
.
Pre-Run: 196,023,406,592 bytes free
Post-Run: 196,405,579,776 bytes free
.
- - End Of File - - 2880A60477987BF9419CF38AA0A93F44

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 AM

Posted 28 April 2012 - 10:58 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Mikey83

Mikey83
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 28 April 2012 - 07:27 PM

Hi Gringo,

As requested, please find the FRST log below.

Thanks!

Scan result of Farbar Recovery Scan Tool Version: 27-04-2012
Ran by SYSTEM at 28-04-2012 19:21:12
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [276584 2010-05-26] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-23] (Intel Corporation)
HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [5016112 2010-04-13] ()
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1362544 2010-08-13] ()
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [667208 2012-04-27] (Webroot)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1059984 2012-03-16] (Carbonite, Inc.)
HKU\Mikey\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\Mikey\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mikey\...\Run: [DT Soft] rundll32.exe "C:\Users\Mikey\AppData\Local\DT Soft\dxswezpk.dll",CreateTzanShell [472360 2011-09-01] ()
HKU\Mikey\...\Run: [velnm] rundll32.exe "C:\Users\Mikey\AppData\Local\Temp\velnm.dll",CreateVolumeTextureFromFileExA [x]
HKU\Mikey\...\Run: [usheds] rundll32.exe "C:\Users\Mikey\AppData\Local\Temp\usheds.dll",D3D11GetDevice [x]
HKU\Mikey\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 97.64.183.164 97.64.209.37
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Lsa: [Notification Packages] scecli
FAPassSync
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-15] (Adobe Systems Incorporated)
2 AlienFusionService; "C:\Program Files\Alienware\Command Center\AlienFusionService.exe" [14648 2010-05-21] (Alienware)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-31] (Apple Inc.)
2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6684304 2012-03-16] (Carbonite, Inc. (www.carbonite.com))
2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-03-03] (Intel Corporation)
2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-26] ()
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 SABSVC; C:\Windows\System32\ql1280.dll [6656 2009-07-13] (Oak Technology Inc.)
2 ScrybeUpdater; "C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe" [1300264 2011-05-27] (Synaptics, Inc.)
2 SftService; "C:\Program Files (x86)\AlienRespawn\sftservice.EXE" [1692480 2011-08-18] (SoftThinks SAS)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [667208 2012-04-27] (Webroot)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]

========================== Drivers (Whitelisted) =============

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-11-27] (DT Soft Ltd)
0 EMSC; C:\Windows\System32\Drivers\EMSC.sys [16752 2009-06-26] (Windows ® Win 7 DDK provider)
0 EMSC; C:\Windows\SysWow64\Drivers\EMSC.sys [13680 2009-06-26] (Windows ® Win 7 DDK provider)
0 johci; C:\Windows\System32\Drivers\johci.sys [24176 2010-04-16] (JMicron Technology Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.)
0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [21040 2010-01-26] (ST Microelectronics)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [112616 2012-04-27] (Webroot)

========================== NetSvcs (Whitelisted) ===========
NETSVC: AEADIFilters
NETSVC: s116nd5
NETSVC: incdrm
NETSVC: SABSVC

============ One Month Created Files and Folders ==============

2012-04-28 19:20 - 2009-07-14 00:08 - 0000000 ____D C:\FRST
2012-04-28 18:46 - 2012-03-12 00:17 - 1388969 ____A C:\Users\Mikey\Downloads\FRST64.exe
2012-04-28 07:26 - 2012-04-28 18:48 - 0000000 ____D C:\Windows\system64
2012-04-28 07:13 - 2012-04-17 03:05 - 0025145 ____A C:\Users\Mikey\Desktop\ComboFix Log.txt
2012-04-28 07:12 - 2011-09-14 21:53 - 0025145 ____A C:\ComboFix.txt
2012-04-28 06:52 - 2012-04-16 19:54 - 0000876 ____A C:\Users\Mikey\Desktop\security check.txt
2012-04-27 22:46 - 2010-11-21 02:06 - 0002052 ____A C:\Windows\epplauncher.mif
2012-04-27 21:38 - 2012-02-28 02:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-27 21:38 - 2012-02-28 01:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-27 21:38 - 2012-02-28 01:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-27 21:38 - 2012-02-28 01:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-27 21:38 - 2012-02-28 01:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-27 21:38 - 2012-02-27 20:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-27 21:38 - 2012-02-27 20:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-27 21:38 - 2012-02-27 20:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-27 21:38 - 2012-02-27 20:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-27 21:38 - 2012-02-27 20:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-27 21:38 - 2011-09-14 22:40 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-27 21:38 - 2011-09-14 22:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-27 21:38 - 2011-09-14 22:19 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-27 21:38 - 2011-09-14 22:19 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-27 21:38 - 2011-09-14 22:19 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-27 21:38 - 2011-09-14 22:19 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-27 21:38 - 2011-09-14 22:19 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-27 21:38 - 2011-09-14 22:19 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-27 21:38 - 2011-09-14 22:19 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-27 21:38 - 2011-09-14 22:19 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-27 21:38 - 2010-11-20 22:24 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-27 21:38 - 2010-11-20 22:23 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-27 21:38 - 2009-07-13 20:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-27 21:38 - 2009-07-13 20:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-27 21:38 - 2009-07-13 20:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-27 21:38 - 2009-07-13 20:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-27 21:34 - 2009-07-13 20:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-27 21:34 - 2009-07-13 20:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-27 21:34 - 2009-07-13 20:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 21:29 - 2009-07-13 20:39 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-27 21:28 - 2009-07-13 20:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-27 21:28 - 2009-07-13 20:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-27 21:28 - 2009-07-13 20:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-27 21:28 - 2009-07-13 20:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-27 21:28 - 2009-07-13 20:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-27 21:28 - 2009-07-13 20:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-27 21:28 - 2009-07-13 20:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-27 21:04 - 2011-11-17 01:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-04-27 21:04 - 2011-11-17 01:35 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-04-27 21:04 - 2011-11-17 01:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-04-27 21:04 - 2010-11-20 22:24 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-04-27 21:04 - 2010-11-20 22:24 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-04-27 21:04 - 2010-11-20 22:24 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-27 21:04 - 2010-11-20 22:24 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-04-27 21:04 - 2010-11-20 22:24 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-04-27 21:04 - 2010-11-20 22:24 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-04-27 21:04 - 2010-11-20 22:24 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-04-27 21:04 - 2010-11-20 22:24 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-04-27 21:04 - 2010-11-20 22:23 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-04-27 21:04 - 2010-11-20 22:23 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-04-27 21:04 - 2010-11-20 22:23 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-27 21:04 - 2010-11-20 22:23 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-04-27 21:04 - 2010-03-18 17:27 - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-04-27 21:04 - 2009-07-13 20:52 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-04-27 21:04 - 2009-07-13 20:41 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-04-27 21:04 - 2009-07-13 20:41 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-04-27 21:04 - 2009-07-13 20:39 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-04-27 21:04 - 2009-07-13 20:39 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-04-27 21:04 - 2009-07-13 20:39 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-04-27 21:04 - 2009-07-13 20:16 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-04-27 21:04 - 2009-07-13 20:14 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-04-27 21:04 - 2009-07-13 20:14 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-04-27 21:04 - 2009-07-13 18:55 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-04-27 21:04 - 2006-07-11 20:35 - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-04-27 21:03 - 2012-02-17 01:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-27 21:03 - 2010-11-20 22:24 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-04-27 21:03 - 2010-11-20 22:24 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-04-27 21:03 - 2010-11-20 22:24 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-04-27 21:03 - 2010-11-20 22:24 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-04-27 21:03 - 2010-11-20 22:24 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-04-27 21:03 - 2010-11-20 22:24 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-04-27 21:03 - 2010-11-20 22:24 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-27 21:03 - 2009-07-13 20:52 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-04-27 21:03 - 2009-07-13 20:40 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-04-27 21:03 - 2009-07-13 20:39 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-27 21:03 - 2009-07-13 20:39 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-27 21:03 - 2009-07-13 20:15 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-04-27 21:03 - 2009-07-13 19:16 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 21:03 - 2009-07-13 19:16 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-04-27 21:03 - 2009-06-10 16:15 - 0478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-04-27 21:03 - 2009-06-10 15:31 - 0515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-04-27 21:01 - 2009-07-13 20:41 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-04-27 21:01 - 2009-07-13 20:16 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-04-27 20:47 - - 4731392 ____A (AVAST Software) C:\Users\Mikey\Downloads\aswMBR.exe
2012-04-27 20:35 - - 0013713 ____A C:\Users\Mikey\Desktop\ark.txt
2012-04-27 20:17 - 2012-04-27 20:13 - 0003780 ____A C:\Users\Mikey\Desktop\Attach.zip
2012-04-27 20:13 - 2012-04-28 07:13 - 0024400 ____A C:\Users\Mikey\Desktop\DDS.txt
2012-04-27 20:13 - 2012-04-27 20:35 - 0012997 ____A C:\Users\Mikey\Desktop\Attach.txt
2012-04-27 19:24 - 2011-11-13 18:44 - 0000000 ____D C:\Program Files\Carbonite
2012-04-27 19:24 - 2011-09-14 21:31 - 0002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-04-27 19:24 - 2011-09-14 21:31 - 0002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk
2012-04-27 19:23 - 2011-12-28 17:53 - 0000000 ____D C:\Program Files (x86)\Carbonite
2012-04-27 19:23 - 2011-11-13 18:36 - 0000000 ____D C:\Users\All Users\Carbonite
2012-04-27 19:23 - 2011-11-13 18:36 - 0000000 ____D C:\Users\All Users\Application Data\Carbonite
2012-04-27 19:23 - 2011-11-13 18:36 - 0000000 ____D C:\ProgramData\Carbonite
2012-04-27 19:13 - 2011-10-08 00:08 - 0607260 ____R (Swearware) C:\Users\Mikey\Downloads\dds.scr
2012-04-27 19:11 - 2012-03-13 21:28 - 0302592 ____A C:\Users\Mikey\Downloads\zzldsimv.exe
2012-04-27 17:40 - 2012-04-27 21:48 - 0000159 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-04-27 17:40 - 2012-04-27 21:48 - 0000159 ____A C:\Users\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2012-04-27 17:40 - 2012-04-27 21:48 - 0000159 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-04-27 17:39 - 2012-04-17 00:41 - 0000000 ____A C:\Users\Mikey\Desktop\New Text Document.txt
2012-04-27 17:31 - 2012-04-20 20:54 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-27 17:31 - 2012-04-20 20:54 - 0001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-27 17:31 - 2009-07-13 18:26 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-27 17:30 - 2011-10-07 22:42 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Mikey\Downloads\mbam-setup-1.61.0.1400(1).exe
2012-04-27 17:21 - 2009-07-14 00:09 - 0000000 ____D C:\Program Files\Webroot
2012-04-27 17:21 - 2009-07-13 20:45 - 0112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-27 17:21 - 2009-07-13 20:14 - 0148112 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-04-27 17:20 - 2012-03-16 13:50 - 0849056 ____A (Amazon Services LLC) C:\Users\Mikey\Downloads\Webroot_SecureAnywhere_Essentials_2012_3PC_Downloader.exe
2012-04-27 16:20 - 2012-03-13 21:31 - 0000000 ____D C:\Users\All Users\WRData
2012-04-27 16:20 - 2012-03-13 21:31 - 0000000 ____D C:\Users\All Users\Application Data\WRData
2012-04-27 16:20 - 2012-03-13 21:31 - 0000000 ____D C:\ProgramData\WRData
2012-04-27 16:20 - 2011-11-09 17:23 - 0000000 ____D C:\Program Files (x86)\Webroot
2012-04-27 16:19 - 2012-03-12 00:15 - 0000000 ____D C:\Users\Mikey\Desktop\Webroot SecureAnywhere Essentials 2012 3PC
2012-04-27 15:01 - 2012-01-28 12:06 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-27 15:01 - 2012-01-28 12:06 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-04-27 15:01 - 2012-01-28 12:06 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-27 15:01 - 2011-09-20 17:01 - 0000000 ____D C:\Users\Mikey\Application Data\Malwarebytes
2012-04-27 15:01 - 2011-09-20 17:01 - 0000000 ____D C:\Users\Mikey\AppData\Roaming\Malwarebytes
2012-04-27 15:01 - 2011-09-14 21:18 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-27 15:00 - 2012-04-27 17:30 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Mikey\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-27 14:35 - 2009-07-13 21:34 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-27 14:35 - 2009-07-13 21:34 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-27 14:35 - 2009-07-13 21:34 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-27 14:35 - 2009-07-13 21:34 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-27 14:35 - 2009-07-13 21:34 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-27 14:25 - 2012-04-28 07:23 - 0000000 ____D C:\Qoobox
2012-04-27 14:25 - 2012-04-27 22:46 - 0000000 ____D C:\Windows\ERDNT
2012-04-27 14:17 - 2012-04-13 18:53 - 0051276 ____A C:\Users\Mikey\Desktop\how-to-use-combofix.htm
2012-04-22 22:04 - 2012-04-22 22:04 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-04-22 22:04 - 2012-04-22 22:04 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
2012-04-22 22:04 - 2012-04-22 22:04 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-04-22 22:04 - 2011-11-09 17:25 - 0000000 ____D C:\Users\Mikey\Application Data\Yahoo!
2012-04-22 22:04 - 2011-11-09 17:25 - 0000000 ____D C:\Users\Mikey\AppData\Roaming\Yahoo!
2012-04-22 22:04 - 2011-11-09 17:23 - 0001139 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2012-04-22 22:04 - 2011-11-09 17:23 - 0001139 ____A C:\Users\All Users\Desktop\Yahoo! Messenger.lnk
2012-04-22 22:04 - 2011-09-14 21:39 - 0000000 ____D C:\Users\All Users\Yahoo!
2012-04-22 22:04 - 2011-09-14 21:39 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo!
2012-04-22 22:04 - 2011-09-14 21:39 - 0000000 ____D C:\ProgramData\Yahoo!
2012-04-22 22:03 - 2010-11-21 02:06 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-04-22 22:02 - 2012-04-16 20:13 - 0424072 ____A (Yahoo! Inc.) C:\Users\Mikey\Downloads\msgr11us.exe
2012-04-22 12:00 - - 0002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-22 12:00 - - 0002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-04-22 11:50 - 2012-04-27 22:12 - 0000000 ____D C:\Users\Mikey\My Backup Files
2012-04-22 11:46 - 2009-07-13 20:39 - 0526598 ____A C:\Windows\ntbtlog.txt
2012-04-22 02:53 - 2011-09-14 21:24 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-22 02:53 - 2009-07-14 00:08 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-22 02:53 - 2009-07-14 00:08 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-04-22 02:53 - 2009-07-14 00:08 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-22 02:53 - 2009-07-13 20:52 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-04-22 02:50 - 2012-02-02 23:04 - 74761776 ____A C:\Users\Mikey\Downloads\avast_free_antivirus_setup.exe
2012-04-21 23:18 - 2009-07-13 20:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-21 23:17 - 2012-04-16 19:49 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-21 23:17 - 2012-04-16 19:49 - 0000000 ____D C:\Users\Mikey\Local Settings\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-21 23:17 - 2012-04-16 19:49 - 0000000 ____D C:\Users\Mikey\AppData\Local\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-21 23:16 - 2011-11-10 17:21 - 0000000 ____A C:\Users\Mikey\Application Data\domRK.txt
2012-04-21 23:16 - 2011-11-10 17:21 - 0000000 ____A C:\Users\Mikey\AppData\Roaming\domRK.txt
2012-04-21 21:27 - 2012-04-22 04:59 - 0000000 ____D C:\Users\Mikey\Local Settings\DT Soft
2012-04-21 21:27 - 2012-04-22 04:59 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\DT Soft
2012-04-21 21:27 - 2012-04-22 04:59 - 0000000 ____D C:\Users\Mikey\AppData\Local\DT Soft
2012-04-20 20:54 - 2011-09-28 20:26 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-20 20:54 - 2011-09-28 20:26 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-04-20 20:53 - 2012-04-27 22:09 - 0000000 ____D C:\Program Files\iPod
2012-04-20 20:53 - 2012-04-27 22:09 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-20 20:53 - 2012-04-20 20:53 - 0000000 ____D C:\Program Files\iTunes
2012-04-20 20:49 - 2011-11-27 15:58 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-20 20:49 - 2011-09-20 17:04 - 0001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-04-20 20:49 - 2011-09-20 17:04 - 0001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-04-17 03:05 - 2012-04-27 20:17 - 0010073 ____A C:\Users\Mikey\Desktop\Basic Rider Course (BRC).xlsx
2012-04-17 00:41 - 2012-04-16 23:53 - 0000000 ____A C:\Users\Mikey\Desktop\New Microsoft Word Document.docx
2012-04-16 20:15 - 2012-04-27 14:17 - 5214732 ___RA C:\Users\Mikey\Desktop\IMG_0256-1.MOV
2012-04-16 20:13 - 2011-09-20 17:04 - 0000000 ____D C:\Users\Mikey\Application Data\MPEG Streamclip
2012-04-16 20:13 - 2011-09-20 17:04 - 0000000 ____D C:\Users\Mikey\AppData\Roaming\MPEG Streamclip
2012-04-16 20:12 - 2011-11-09 17:30 - 0554844 ____A C:\Users\Mikey\Downloads\MPEG_Streamclip_1.2.zip
2012-04-16 19:54 - 2012-04-16 20:19 - 9608807 ____A C:\Users\Mikey\Desktop\Sasha.zip
2012-04-16 19:54 - 2011-12-28 17:31 - 0000000 ____D C:\Users\Mikey\Desktop\Sasha
2012-04-16 19:48 - 2012-04-28 18:46 - 9608941 ____A C:\Users\Mikey\Downloads\fwdboxersurrendero.zip
2012-04-16 19:25 - 2012-04-16 20:09 - 5214732 ___RA C:\Users\Mikey\Desktop\IMG_0256.MOV
2012-04-15 13:50 - 2011-11-13 18:44 - 1907404 ____A C:\Users\Mikey\Downloads\photo.JPG
2012-04-15 08:02 - 2012-04-15 08:02 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-15 07:50 - - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-15 07:49 - 2009-07-13 20:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-15 07:49 - 2009-06-10 16:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-15 07:49 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-13 18:53 - 2012-04-27 22:12 - 0133265 ____A C:\Users\Mikey\Desktop\FLH73 application.pdf
2012-04-12 20:27 - 2012-03-13 21:16 - 0000000 ____D C:\Users\Mikey\Desktop\match
2012-04-11 20:43 - 2012-04-27 17:39 - 0826156 ____A C:\Users\Mikey\Desktop\profile.jpg
2012-04-08 11:24 - 2012-04-28 06:45 - 0126976 ____A C:\Users\Mikey\My Documents\Owner Surrender Form - Copy.doc
2012-04-08 11:24 - 2012-04-28 06:45 - 0126976 ____A C:\Users\Mikey\Documents\Owner Surrender Form - Copy.doc
2012-04-08 11:24 - 2012-01-24 18:08 - 0126464 ____A C:\Users\Mikey\My Documents\Sasha Owner Surrender Form - Copy.doc
2012-04-08 11:24 - 2012-01-24 18:08 - 0126464 ____A C:\Users\Mikey\Documents\Sasha Owner Surrender Form - Copy.doc
2012-04-08 11:24 - 2011-09-28 21:05 - 0029600 ____A C:\Users\Mikey\My Documents\Iowa Residential Lease Agreement - Copy.docx
2012-04-08 11:24 - 2011-09-28 21:05 - 0029600 ____A C:\Users\Mikey\Documents\Iowa Residential Lease Agreement - Copy.docx
2012-04-03 22:20 - 2012-04-03 22:20 - 0287806 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-04-03 22:20 - 2011-09-20 17:00 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-03 22:20 - 2009-06-10 15:36 - 0291588 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-04-03 19:54 - 2012-03-31 23:58 - 3612266 ____A C:\Users\Mikey\My Documents\Mike's Place.pdf
2012-04-03 19:54 - 2012-03-31 23:58 - 3612266 ____A C:\Users\Mikey\Documents\Mike's Place.pdf
2012-04-01 09:14 - 2012-03-14 22:13 - 0068232 ____A C:\Users\Mikey\My Documents\Crainme's Story.pdf
2012-04-01 09:14 - 2012-03-14 22:13 - 0068232 ____A C:\Users\Mikey\Documents\Crainme's Story.pdf
2012-03-31 23:58 - 2012-01-03 23:56 - 0325003 ____A C:\Users\Mikey\My Documents\mackenzie.png
2012-03-31 23:58 - 2012-01-03 23:56 - 0325003 ____A C:\Users\Mikey\Documents\mackenzie.png

============ 3 Months Modified Files and Folders =============

2012-04-28 19:21 - 2012-04-28 19:20 - 0000000 ____D C:\FRST
2012-04-28 19:18 - 2011-09-14 22:51 - 1317111 ____A C:\Windows\WindowsUpdate.log
2012-04-28 19:17 - 2009-07-13 23:51 - 0047286 ____A C:\Windows\setupact.log
2012-04-28 19:02 - 2012-04-15 07:49 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-28 18:51 - 2009-07-13 23:45 - 0021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-28 18:51 - 2009-07-13 23:45 - 0021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-28 18:48 - 2009-07-14 00:13 - 0779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-28 18:46 - 2012-04-28 18:46 - 1388969 ____A C:\Users\Mikey\Downloads\FRST64.exe
2012-04-28 18:44 - 2012-04-27 17:21 - 0148112 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-04-28 18:44 - 2011-09-14 21:53 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-04-28 18:44 - 2011-09-14 21:53 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-04-28 18:44 - 2011-09-14 21:53 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-04-28 18:44 - 2011-09-14 21:53 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-04-28 18:44 - 2011-09-14 21:53 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-04-28 18:44 - 2011-09-14 21:53 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-04-28 18:44 - 2011-09-14 21:48 - 0000000 ____D C:\Program Files (x86)\AlienRespawn
2012-04-28 18:43 - 2011-09-28 20:28 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-28 18:43 - 2011-09-14 22:48 - 1988513792 __ASH C:\hiberfil.sys
2012-04-28 18:43 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-28 08:31 - 2011-09-28 20:29 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-28 07:27 - 2011-09-20 16:45 - 0000000 ____D C:\users\Mikey
2012-04-28 07:27 - 2011-09-14 21:00 - 0000000 ____D C:\users\UpdatusUser
2012-04-28 07:26 - 2012-04-28 07:26 - 0000000 ____D C:\Windows\system64
2012-04-28 07:26 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-28 07:25 - 2012-04-27 17:21 - 0000000 ____D C:\Program Files\Webroot
2012-04-28 07:25 - 2012-04-27 14:25 - 0000000 ____D C:\Windows\ERDNT
2012-04-28 07:25 - 2012-04-21 21:27 - 0000000 ____D C:\Users\Mikey\Local Settings\DT Soft
2012-04-28 07:25 - 2012-04-21 21:27 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\DT Soft
2012-04-28 07:25 - 2012-04-21 21:27 - 0000000 ____D C:\Users\Mikey\AppData\Local\DT Soft
2012-04-28 07:25 - 2011-09-20 17:04 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-28 07:25 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2012-04-28 07:25 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2012-04-28 07:25 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-28 07:25 - 2009-07-13 22:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-28 07:23 - 2011-09-14 22:50 - 0000000 ____D C:\Intel
2012-04-28 07:13 - 2012-04-28 07:13 - 0025145 ____A C:\Users\Mikey\Desktop\ComboFix Log.txt
2012-04-28 07:12 - 2012-04-28 07:12 - 0025145 ____A C:\ComboFix.txt
2012-04-28 07:12 - 2012-04-27 14:25 - 0000000 ____D C:\Qoobox
2012-04-28 07:05 - 2009-07-13 21:34 - 70516736 ____A C:\Windows\System32\config\software.bak
2012-04-28 07:05 - 2009-07-13 21:34 - 16777216 ____A C:\Windows\System32\config\system.bak
2012-04-28 07:05 - 2009-07-13 21:34 - 0524288 ____A C:\Windows\System32\config\default.bak
2012-04-28 07:05 - 2009-07-13 21:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-04-28 07:05 - 2009-07-13 21:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-04-28 06:52 - 2012-04-28 06:52 - 0000876 ____A C:\Users\Mikey\Desktop\security check.txt
2012-04-28 06:45 - 2011-09-28 20:15 - 0000000 ____D C:\Users\Mikey\My Documents\Outlook Files
2012-04-28 06:45 - 2011-09-28 20:15 - 0000000 ____D C:\Users\Mikey\Documents\Outlook Files
2012-04-27 22:46 - 2012-04-27 22:46 - 0002052 ____A C:\Windows\epplauncher.mif
2012-04-27 22:12 - 2011-09-20 16:48 - 0000402 __ASH C:\Users\Mikey\My Documents\desktop.ini
2012-04-27 22:12 - 2011-09-20 16:48 - 0000174 ___SH C:\Users\Mikey\Start Menu\Programs\Startup\desktop.ini
2012-04-27 22:12 - 2011-09-20 16:48 - 0000174 ___SH C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-04-27 22:11 - 2010-11-20 22:47 - 0053136 ____A C:\Windows\PFRO.log
2012-04-27 22:11 - 2009-07-13 23:45 - 0427016 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-27 21:48 - 2011-09-20 16:56 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-27 21:48 - 2011-09-20 16:56 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-04-27 21:48 - 2011-09-20 16:56 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-27 21:44 - 2011-09-20 17:14 - 0000039 ____A C:\Windows\vbaddin.ini
2012-04-27 21:43 - 2009-07-13 21:34 - 0000478 ____A C:\Windows\win.ini
2012-04-27 21:37 - 2011-02-10 11:10 - 0773482 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-27 21:11 - 2009-07-14 00:08 - 0015662 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-27 20:47 - 2012-04-27 20:47 - 4731392 ____A (AVAST Software) C:\Users\Mikey\Downloads\aswMBR.exe
2012-04-27 20:35 - 2012-04-27 20:35 - 0013713 ____A C:\Users\Mikey\Desktop\ark.txt
2012-04-27 20:17 - 2012-04-27 20:17 - 0003780 ____A C:\Users\Mikey\Desktop\Attach.zip
2012-04-27 20:13 - 2012-04-27 20:13 - 0024400 ____A C:\Users\Mikey\Desktop\DDS.txt
2012-04-27 20:13 - 2012-04-27 20:13 - 0012997 ____A C:\Users\Mikey\Desktop\Attach.txt
2012-04-27 19:24 - 2012-04-27 19:24 - 0002134 ____A C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2012-04-27 19:24 - 2012-04-27 19:24 - 0002134 ____A C:\Users\All Users\Desktop\Carbonite InfoCenter.lnk
2012-04-27 19:24 - 2012-04-27 19:24 - 0000000 ____D C:\Program Files\Carbonite
2012-04-27 19:23 - 2012-04-27 19:23 - 0000000 ____D C:\Users\All Users\Carbonite
2012-04-27 19:23 - 2012-04-27 19:23 - 0000000 ____D C:\Users\All Users\Application Data\Carbonite
2012-04-27 19:23 - 2012-04-27 19:23 - 0000000 ____D C:\ProgramData\Carbonite
2012-04-27 19:23 - 2012-04-27 19:23 - 0000000 ____D C:\Program Files (x86)\Carbonite
2012-04-27 19:13 - 2012-04-27 19:13 - 0607260 ____R (Swearware) C:\Users\Mikey\Downloads\dds.scr
2012-04-27 19:11 - 2012-04-27 19:11 - 0302592 ____A C:\Users\Mikey\Downloads\zzldsimv.exe
2012-04-27 17:43 - 2012-04-27 16:20 - 0000000 ____D C:\Users\All Users\WRData
2012-04-27 17:43 - 2012-04-27 16:20 - 0000000 ____D C:\Users\All Users\Application Data\WRData
2012-04-27 17:43 - 2012-04-27 16:20 - 0000000 ____D C:\ProgramData\WRData
2012-04-27 17:40 - 2012-04-27 17:40 - 0000159 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-04-27 17:40 - 2012-04-27 17:40 - 0000159 ____A C:\Users\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2012-04-27 17:40 - 2012-04-27 17:40 - 0000159 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-04-27 17:39 - 2012-04-27 17:39 - 0000000 ____A C:\Users\Mikey\Desktop\New Text Document.txt
2012-04-27 17:38 - 2012-04-21 23:18 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-27 17:31 - 2012-04-27 17:31 - 0001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-27 17:31 - 2012-04-27 17:31 - 0001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-27 17:31 - 2012-04-27 15:01 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-27 17:30 - 2012-04-27 17:30 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Mikey\Downloads\mbam-setup-1.61.0.1400(1).exe
2012-04-27 17:21 - 2012-04-27 17:21 - 0112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-04-27 17:21 - 2012-04-22 11:46 - 0526598 ____A C:\Windows\ntbtlog.txt
2012-04-27 17:20 - 2012-04-27 17:20 - 0849056 ____A (Amazon Services LLC) C:\Users\Mikey\Downloads\Webroot_SecureAnywhere_Essentials_2012_3PC_Downloader.exe
2012-04-27 17:20 - 2012-04-27 16:19 - 0000000 ____D C:\Users\Mikey\Desktop\Webroot SecureAnywhere Essentials 2012 3PC
2012-04-27 17:15 - 2012-04-22 22:04 - 0000000 ____D C:\Users\Mikey\Application Data\Yahoo!
2012-04-27 17:15 - 2012-04-22 22:04 - 0000000 ____D C:\Users\Mikey\AppData\Roaming\Yahoo!
2012-04-27 17:15 - 2012-04-22 22:04 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-04-27 17:15 - 2012-04-22 22:04 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
2012-04-27 17:15 - 2012-04-22 22:04 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-04-27 17:15 - 2012-04-22 02:53 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-04-27 17:15 - 2012-04-22 02:53 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-04-27 17:15 - 2012-04-22 02:53 - 0000000 ____D C:\ProgramData\AVAST Software
2012-04-27 17:12 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
2012-04-27 17:11 - 2011-09-20 16:45 - 0000000 ____D C:\Users\Mikey\AppData\LocalLow
2012-04-27 17:10 - 2012-04-22 22:03 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-04-27 17:10 - 2012-04-22 02:53 - 0000000 ____D C:\Program Files\AVAST Software
2012-04-27 17:10 - 2011-09-28 20:26 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-27 17:08 - 2012-04-27 16:20 - 0000000 ____D C:\Program Files (x86)\Webroot
2012-04-27 16:00 - 2011-09-28 20:26 - 0000000 ____D C:\Users\Mikey\Local Settings\Google
2012-04-27 16:00 - 2011-09-28 20:26 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\Google
2012-04-27 16:00 - 2011-09-28 20:26 - 0000000 ____D C:\Users\Mikey\AppData\Local\Google
2012-04-27 15:01 - 2012-04-27 15:01 - 0000000 ____D C:\Users\Mikey\Application Data\Malwarebytes
2012-04-27 15:01 - 2012-04-27 15:01 - 0000000 ____D C:\Users\Mikey\AppData\Roaming\Malwarebytes
2012-04-27 15:01 - 2012-04-27 15:01 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-27 15:01 - 2012-04-27 15:01 - 0000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-04-27 15:01 - 2012-04-27 15:01 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-27 15:00 - 2012-04-27 15:00 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Mikey\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-04-27 14:35 - 2012-04-27 14:35 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-04-27 14:17 - 2012-04-27 14:17 - 0051276 ____A C:\Users\Mikey\Desktop\how-to-use-combofix.htm
2012-04-22 22:04 - 2012-04-22 22:04 - 0001139 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2012-04-22 22:04 - 2012-04-22 22:04 - 0001139 ____A C:\Users\All Users\Desktop\Yahoo! Messenger.lnk
2012-04-22 22:04 - 2012-04-22 22:04 - 0000000 ____D C:\Users\All Users\Yahoo!
2012-04-22 22:04 - 2012-04-22 22:04 - 0000000 ____D C:\Users\All Users\Application Data\Yahoo!
2012-04-22 22:04 - 2012-04-22 22:04 - 0000000 ____D C:\ProgramData\Yahoo!
2012-04-22 22:04 - 2011-09-20 16:48 - 0000000 ____D C:\Users\Mikey\Local Settings\VirtualStore
2012-04-22 22:04 - 2011-09-20 16:48 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\VirtualStore
2012-04-22 22:04 - 2011-09-20 16:48 - 0000000 ____D C:\Users\Mikey\AppData\Local\VirtualStore
2012-04-22 22:02 - 2012-04-22 22:02 - 0424072 ____A (Yahoo! Inc.) C:\Users\Mikey\Downloads\msgr11us.exe
2012-04-22 12:01 - 2012-04-22 12:00 - 0002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-22 12:01 - 2012-04-22 12:00 - 0002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-04-22 12:00 - 2011-09-21 20:22 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\Adobe
2012-04-22 12:00 - 2011-09-21 20:22 - 0000000 ____D C:\Users\Mikey\Local Settings\Adobe
2012-04-22 12:00 - 2011-09-21 20:22 - 0000000 ____D C:\Users\Mikey\AppData\Local\Adobe
2012-04-22 12:00 - 2011-09-14 21:46 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2012-04-22 12:00 - 2011-09-14 21:46 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-22 12:00 - 2011-09-14 21:46 - 0000000 ____D C:\ProgramData\Adobe
2012-04-22 11:54 - 2011-09-20 18:19 - 0000000 ____D C:\Users\Mikey\Application Data\Apple Computer
2012-04-22 11:54 - 2011-09-20 18:19 - 0000000 ____D C:\Users\Mikey\AppData\Roaming\Apple Computer
2012-04-22 11:50 - 2012-04-22 11:50 - 0000000 ____D C:\Users\Mikey\My Backup Files
2012-04-22 11:50 - 2011-09-20 16:45 - 0000000 ____D C:\Users\Mikey\Local Settings\SoftThinks
2012-04-22 11:50 - 2011-09-20 16:45 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\SoftThinks
2012-04-22 11:50 - 2011-09-20 16:45 - 0000000 ____D C:\Users\Mikey\AppData\Local\SoftThinks
2012-04-22 04:59 - 2011-11-13 18:41 - 0000000 ____D C:\Users\Mikey\Local Settings\ElevatedDiagnostics
2012-04-22 04:59 - 2011-11-13 18:41 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\ElevatedDiagnostics
2012-04-22 04:59 - 2011-11-13 18:41 - 0000000 ____D C:\Users\Mikey\AppData\Local\ElevatedDiagnostics
2012-04-22 02:51 - 2012-04-22 02:50 - 74761776 ____A C:\Users\Mikey\Downloads\avast_free_antivirus_setup.exe
2012-04-21 23:17 - 2012-04-21 23:17 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-21 23:17 - 2012-04-21 23:17 - 0000000 ____D C:\Users\Mikey\Local Settings\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-21 23:17 - 2012-04-21 23:17 - 0000000 ____D C:\Users\Mikey\AppData\Local\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-21 23:16 - 2012-04-21 23:16 - 0000000 ____A C:\Users\Mikey\Application Data\domRK.txt
2012-04-21 23:16 - 2012-04-21 23:16 - 0000000 ____A C:\Users\Mikey\AppData\Roaming\domRK.txt
2012-04-20 20:54 - 2012-04-20 20:54 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-20 20:54 - 2012-04-20 20:54 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-04-20 20:54 - 2012-04-20 20:53 - 0000000 ____D C:\Program Files\iTunes
2012-04-20 20:54 - 2012-04-20 20:53 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-20 20:53 - 2012-04-20 20:53 - 0000000 ____D C:\Program Files\iPod
2012-04-20 20:49 - 2012-04-20 20:49 - 0001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-04-20 20:49 - 2012-04-20 20:49 - 0001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-04-20 20:49 - 2012-04-20 20:49 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-17 03:05 - 2012-04-17 03:05 - 0010073 ____A C:\Users\Mikey\Desktop\Basic Rider Course (BRC).xlsx
2012-04-17 00:41 - 2012-04-17 00:41 - 0000000 ____A C:\Users\Mikey\Desktop\New Microsoft Word Document.docx
2012-04-16 23:53 - 2012-04-12 20:27 - 0000000 ____D C:\Users\Mikey\Desktop\match
2012-04-16 20:19 - 2012-04-16 19:54 - 0000000 ____D C:\Users\Mikey\Desktop\Sasha
2012-04-16 20:13 - 2012-04-16 20:13 - 0000000 ____D C:\Users\Mikey\Application Data\MPEG Streamclip
2012-04-16 20:13 - 2012-04-16 20:13 - 0000000 ____D C:\Users\Mikey\AppData\Roaming\MPEG Streamclip
2012-04-16 20:13 - 2012-04-16 20:12 - 0554844 ____A C:\Users\Mikey\Downloads\MPEG_Streamclip_1.2.zip
2012-04-16 20:09 - 2012-04-16 20:15 - 5214732 ___RA C:\Users\Mikey\Desktop\IMG_0256-1.MOV
2012-04-16 19:54 - 2012-04-16 19:54 - 9608807 ____A C:\Users\Mikey\Desktop\Sasha.zip
2012-04-16 19:53 - 2012-04-16 19:48 - 9608941 ____A C:\Users\Mikey\Downloads\fwdboxersurrendero.zip
2012-04-16 19:49 - 2012-03-13 21:31 - 0000000 ____D C:\Users\Mikey\Local Settings\WinZip
2012-04-16 19:49 - 2012-03-13 21:31 - 0000000 ____D C:\Users\Mikey\Local Settings\Application Data\WinZip
2012-04-16 19:49 - 2012-03-13 21:31 - 0000000 ____D C:\Users\Mikey\AppData\Local\WinZip
2012-04-16 19:25 - 2012-04-16 19:25 - 5214732 ___RA C:\Users\Mikey\Desktop\IMG_0256.MOV
2012-04-15 13:50 - 2012-04-15 13:50 - 1907404 ____A C:\Users\Mikey\Downloads\photo.JPG
2012-04-15 08:02 - 2012-04-15 08:02 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-15 08:02 - 2012-04-15 07:49 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-15 08:02 - 2011-09-14 21:04 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-15 07:50 - 2012-04-15 07:50 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-15 07:49 - 2012-04-15 07:49 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-13 18:53 - 2012-04-13 18:53 - 0133265 ____A C:\Users\Mikey\Desktop\FLH73 application.pdf
2012-04-11 20:43 - 2012-04-11 20:43 - 0826156 ____A C:\Users\Mikey\Desktop\profile.jpg
2012-04-04 15:56 - 2012-04-27 17:31 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 22:20 - 2012-04-03 22:20 - 0291588 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-04-03 22:20 - 2012-04-03 22:20 - 0287806 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-04-03 22:20 - 2012-04-03 22:20 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-03 19:56 - 2012-04-03 19:54 - 3612266 ____A C:\Users\Mikey\My Documents\Mike's Place.pdf
2012-04-03 19:56 - 2012-04-03 19:54 - 3612266 ____A C:\Users\Mikey\Documents\Mike's Place.pdf
2012-04-01 09:14 - 2012-04-01 09:14 - 0068232 ____A C:\Users\Mikey\My Documents\Crainme's Story.pdf
2012-04-01 09:14 - 2012-04-01 09:14 - 0068232 ____A C:\Users\Mikey\Documents\Crainme's Story.pdf
2012-03-31 23:58 - 2012-03-31 23:58 - 0325003 ____A C:\Users\Mikey\My Documents\mackenzie.png
2012-03-31 23:58 - 2012-03-31 23:58 - 0325003 ____A C:\Users\Mikey\Documents\mackenzie.png
2012-03-29 03:00 - 2012-04-27 21:29 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-28 19:11 - 2012-03-28 19:11 - 2275998 ____A C:\Users\Mikey\Downloads\IMG_5595e.jpg
2012-03-28 19:11 - 2012-03-28 19:11 - 2089819 ____A C:\Users\Mikey\Downloads\IMG_0529e.jpg
2012-03-28 19:11 - 2012-03-28 19:11 - 1945240 ____A C:\Users\Mikey\Downloads\IMG_0031e(1).jpg
2012-03-27 08:29 - 2012-03-27 08:29 - 0015686 ____A C:\Users\Mikey\My Documents\Time Warner Cable Receipt.pdf
2012-03-27 08:29 - 2012-03-27 08:29 - 0015686 ____A C:\Users\Mikey\Documents\Time Warner Cable Receipt.pdf
2012-03-16 14:15 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-16 13:50 - 2012-03-16 13:50 - 0573440 ____A C:\Users\Mikey\Downloads\vxworksrevert-GSv7-v3.bin
2012-03-16 13:37 - 2012-03-16 13:36 - 1769384 ____A C:\Users\Mikey\Downloads\FW_WRT54GSv7_7.50.8.001_US_20091005.bin
2012-03-15 00:11 - 2012-03-14 23:29 - 0014355 ____A C:\Users\Mikey\My Documents\profile.docx
2012-03-15 00:11 - 2012-03-14 23:29 - 0014355 ____A C:\Users\Mikey\Documents\profile.docx
2012-03-14 22:13 - 2012-03-11 23:51 - 0414208 ____A C:\Users\Mikey\My Documents\business card.pub
2012-03-14 22:13 - 2012-03-11 23:51 - 0414208 ____A C:\Users\Mikey\Documents\business card.pub
2012-03-14 22:12 - 2012-03-14 22:12 - 0080381 ____A C:\Users\Mikey\My Documents\Mikey Contact Card.pdf
2012-03-14 22:12 - 2012-03-14 22:12 - 0080381 ____A C:\Users\Mikey\Documents\Mikey Contact Card.pdf
2012-03-13 21:31 - 2012-03-13 21:30 - 0000000 ____D C:\Users\All Users\WinZip
2012-03-13 21:31 - 2012-03-13 21:30 - 0000000 ____D C:\Users\All Users\Application Data\WinZip
2012-03-13 21:31 - 2012-03-13 21:30 - 0000000 ____D C:\ProgramData\WinZip
2012-03-13 21:30 - 2012-03-13 21:30 - 0000000 ____D C:\Program Files\WinZip
2012-03-13 21:28 - 2012-03-13 21:26 - 32937288 ____A C:\Users\Mikey\Downloads\winzip16-64.exe
2012-03-13 21:16 - 2012-03-13 21:16 - 0000531 ____A C:\Users\Mikey\Desktop\Karstens_Tim.vcf
2012-03-12 21:45 - 2011-09-20 16:48 - 0112464 ____A C:\Users\Mikey\Local Settings\GDIPFONTCACHEV1.DAT
2012-03-12 21:45 - 2011-09-20 16:48 - 0112464 ____A C:\Users\Mikey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-03-12 21:45 - 2011-09-20 16:48 - 0112464 ____A C:\Users\Mikey\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-12 00:28 - 2012-03-12 00:28 - 0001642 ____A C:\Users\Mikey\Downloads\Skype-32.png
2012-03-12 00:27 - 2012-03-12 00:27 - 0001039 ____A C:\Users\Mikey\Downloads\Facebook-32.png
2012-03-12 00:21 - 2012-03-12 00:21 - 0001636 ____A C:\Users\Mikey\Downloads\Pretty-Skype-32.png
2012-03-12 00:18 - 2012-03-12 00:18 - 0001699 ____A C:\Users\Mikey\Downloads\FaceBook_32x32.png
2012-03-12 00:17 - 2012-03-12 00:17 - 0006976 ____A C:\Users\Mikey\Downloads\FaceBook_64x64.png
2012-03-12 00:16 - 2012-03-12 00:16 - 0002991 ____A C:\Users\Mikey\Downloads\Pretty-Skype-48.png
2012-03-12 00:15 - 2012-03-12 00:15 - 0004030 ____A C:\Users\Mikey\Desktop\skype.jpg
2012-03-12 00:09 - 2012-03-12 00:09 - 0038316 ____A C:\Users\Mikey\Downloads\Humanist 521 Bold BT.ttf
2012-03-12 00:09 - 2012-03-12 00:09 - 0037248 ____A C:\Users\Mikey\Downloads\Humanist 521 Bold Italic BT.ttf
2012-03-12 00:08 - 2012-03-12 00:08 - 0038124 ____A C:\Users\Mikey\Downloads\Humanist 521 BT.ttf
2012-03-12 00:08 - 2012-03-12 00:08 - 0036740 ____A C:\Users\Mikey\Downloads\Humanist 521 Italic BT.ttf
2012-03-11 23:09 - 2012-03-11 23:09 - 0311862 ____A C:\Users\Mikey\Downloads\biz card.jpg
2012-03-11 22:59 - 2012-03-11 22:59 - 1945240 ____A C:\Users\Mikey\Downloads\IMG_0031e.jpg
2012-03-11 22:56 - 2012-03-11 22:56 - 0053166 ____A C:\Users\Mikey\My Documents\PO Box.pdf
2012-03-11 22:56 - 2012-03-11 22:56 - 0053166 ____A C:\Users\Mikey\Documents\PO Box.pdf
2012-03-06 18:01 - 2012-04-22 02:53 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-03-06 01:53 - 2012-04-27 21:34 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-06 00:59 - 2012-04-27 21:34 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-06 00:59 - 2012-04-27 21:34 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 22:32 - 2012-03-05 22:32 - 0014126 ____A C:\Users\Mikey\My Documents\We Energies Start Service Order.pdf
2012-03-05 22:32 - 2012-03-05 22:32 - 0014126 ____A C:\Users\Mikey\Documents\We Energies Start Service Order.pdf
2012-03-05 21:33 - 2012-04-08 11:24 - 0126464 ____A C:\Users\Mikey\My Documents\Sasha Owner Surrender Form - Copy.doc
2012-03-05 21:33 - 2012-04-08 11:24 - 0126464 ____A C:\Users\Mikey\Documents\Sasha Owner Surrender Form - Copy.doc
2012-03-05 21:33 - 2012-03-05 21:33 - 0126464 ____A C:\Users\Mikey\My Documents\Sasha Owner Surrender Form.doc
2012-03-05 21:33 - 2012-03-05 21:33 - 0126464 ____A C:\Users\Mikey\Documents\Sasha Owner Surrender Form.doc
2012-03-03 10:49 - 2012-03-03 08:55 - 0020274 ____A C:\Users\Mikey\My Documents\SASHA.docx
2012-03-03 10:49 - 2012-03-03 08:55 - 0020274 ____A C:\Users\Mikey\Documents\SASHA.docx
2012-03-01 22:32 - 2012-04-08 11:24 - 0029600 ____A C:\Users\Mikey\My Documents\Iowa Residential Lease Agreement - Copy.docx
2012-03-01 22:32 - 2012-04-08 11:24 - 0029600 ____A C:\Users\Mikey\Documents\Iowa Residential Lease Agreement - Copy.docx
2012-03-01 22:32 - 2012-02-29 19:34 - 0029600 ____A C:\Users\Mikey\My Documents\Iowa Residential Lease Agreement.docx
2012-03-01 22:32 - 2012-02-29 19:34 - 0029600 ____A C:\Users\Mikey\Documents\Iowa Residential Lease Agreement.docx
2012-03-01 01:46 - 2012-04-27 21:28 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 01:38 - 2012-04-27 21:28 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 01:33 - 2012-04-27 21:28 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 01:28 - 2012-04-27 21:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 00:37 - 2012-04-27 21:28 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 00:33 - 2012-04-27 21:28 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 00:29 - 2012-04-27 21:28 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 02:34 - 2012-04-27 21:38 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 02:02 - 2012-04-27 21:38 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 01:56 - 2012-04-27 21:38 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 01:50 - 2012-04-27 21:38 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 01:49 - 2012-04-27 21:38 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 01:48 - 2012-04-27 21:38 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 01:48 - 2012-04-27 21:38 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 01:47 - 2012-04-27 21:38 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 01:45 - 2012-04-27 21:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 01:43 - 2012-04-27 21:38 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 01:43 - 2012-04-27 21:38 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 01:42 - 2012-04-27 21:38 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 01:39 - 2012-04-27 21:38 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 20:52 - 2012-04-27 21:38 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 20:27 - 2012-04-27 21:38 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 20:18 - 2012-04-27 21:38 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 20:12 - 2012-04-27 21:38 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 20:11 - 2012-04-27 21:38 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 20:11 - 2012-04-27 21:38 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 20:09 - 2012-04-27 21:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 20:08 - 2012-04-27 21:38 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 20:06 - 2012-04-27 21:38 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 20:04 - 2012-04-27 21:38 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 20:03 - 2012-04-27 21:38 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 20:03 - 2012-04-27 21:38 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 19:59 - 2012-04-27 21:38 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-25 18:03 - 2012-04-08 11:24 - 0126976 ____A C:\Users\Mikey\My Documents\Owner Surrender Form - Copy.doc
2012-02-25 18:03 - 2012-04-08 11:24 - 0126976 ____A C:\Users\Mikey\Documents\Owner Surrender Form - Copy.doc
2012-02-25 18:03 - 2012-02-25 17:42 - 0126976 ____A C:\Users\Mikey\My Documents\Owner Surrender Form.doc
2012-02-25 18:03 - 2012-02-25 17:42 - 0126976 ____A C:\Users\Mikey\Documents\Owner Surrender Form.doc
2012-02-25 09:11 - 2012-02-25 09:11 - 0244008 ____A C:\Users\Mikey\My Documents\Layout.pptx
2012-02-25 09:11 - 2012-02-25 09:11 - 0244008 ____A C:\Users\Mikey\Documents\Layout.pptx
2012-02-23 10:18 - 2010-11-20 22:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 22:20 - 2012-02-22 22:20 - 0124370 ____A C:\Users\Mikey\My Documents\Flash.pdf
2012-02-22 22:20 - 2012-02-22 22:20 - 0124370 ____A C:\Users\Mikey\Documents\Flash.pdf
2012-02-20 13:36 - 2011-11-09 16:51 - 0000000 ____D C:\Users\Mikey\Application Data\DAEMON Tools Lite
2012-02-20 13:36 - 2011-11-09 16:51 - 0000000 ____D C:\Users\Mikey\AppData\Roaming\DAEMON Tools Lite
2012-02-17 18:00 - 2012-02-17 18:00 - 0000000 ____D C:\Users\Mikey\Downloads\attachments
2012-02-17 18:00 - 2012-02-17 17:59 - 11815563 ____A C:\Users\Mikey\Downloads\attachments.zip
2012-02-17 01:38 - 2012-04-27 21:03 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 00:34 - 2012-04-27 21:03 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 23:58 - 2012-04-27 21:03 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 23:57 - 2012-04-27 21:03 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 20:55 - 2012-01-28 12:08 - 0000000 ____D C:\Users\Mikey\My Documents\TurboTax
2012-02-14 20:55 - 2012-01-28 12:08 - 0000000 ____D C:\Users\Mikey\Documents\TurboTax
2012-02-14 20:03 - 2012-02-14 19:33 - 0009415 ____A C:\Users\Mikey\My Documents\first aid bom.xlsx
2012-02-14 20:03 - 2012-02-14 19:33 - 0009415 ____A C:\Users\Mikey\Documents\first aid bom.xlsx
2012-02-14 12:09 - 2012-02-14 12:09 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-10 01:36 - 2012-04-27 21:03 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 00:38 - 2012-04-27 21:03 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-06 21:37 - 2012-01-28 12:14 - 0000000 ____D C:\Users\Mikey\My Documents\Taxes 2011
2012-02-06 21:37 - 2012-01-28 12:14 - 0000000 ____D C:\Users\Mikey\Documents\Taxes 2011
2012-02-02 23:34 - 2012-04-27 21:03 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 23:04 - 2012-02-02 22:59 - 2628968 ____A C:\Users\Mikey\Downloads\Auskings_COV.pdf

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 7989.86 MB
Available physical RAM: 7229.8 MB
Total Pagefile: 7988.06 MB
Available Pagefile: 7217.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:279.32 GB) (Free:184 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:18.73 GB) (Free:13.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (IPHONE USB) (Removable) (Total:1 GB) (Free:1 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1024 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 18 GB 40 MB
Partition 3 Primary 279 GB 18 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 D RECOVERY NTFS Partition 18 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 279 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1024 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-04-21 12:21

======================= End Of Log ==========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 AM

Posted 28 April 2012 - 07:59 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 SABSVC; C:\Windows\System32\ql1280.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\ql1280.dll
NETSVC: SABSVC

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Mikey83

Mikey83
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 28 April 2012 - 08:22 PM

Fixlist run. Log below. =)

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-04-2012
Ran by SYSTEM at 2012-04-28 20:12:07 R:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
SABSVC service deleted successfully.
C:\Windows\System32\ql1280.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs SABSVC Deleted successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 AM

Posted 28 April 2012 - 08:31 PM

hELLO


RERUN COMBOFIX FOR ME NOW AND LET ME KNOW HOW IT GOES AFTER IT IS DONE



GRINGO
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Mikey83

Mikey83
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 28 April 2012 - 08:58 PM

I re-ran ComboFix and it found (and successfully restored) an infected regedit.exe file. It automatically restarted Windows, which loaded normally and did not require me to load a system restore point as it had before. For some reason, ComboFix did not continue running after the restart, and no log file was created. Seems like we're getting closer :)

I am, however, still getting those same three RunDLL errors mentioned in an earlier post.

Thanks for all your help so far!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 AM

Posted 28 April 2012 - 09:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Mikey83

Mikey83
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 29 April 2012 - 11:43 AM

Good day, Gringo. Here are the next two logs, as requested. :)


11:19:46.0067 2700 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
11:19:46.0582 2700 ============================================================
11:19:46.0582 2700 Current date / time: 2012/04/29 11:19:46.0582
11:19:46.0582 2700 SystemInfo:
11:19:46.0582 2700
11:19:46.0582 2700 OS Version: 6.1.7601 ServicePack: 1.0
11:19:46.0582 2700 Product type: Workstation
11:19:46.0582 2700 ComputerName: CAPTAIN-BIPTO
11:19:46.0582 2700 UserName: Mikey
11:19:46.0582 2700 Windows directory: C:\Windows
11:19:46.0582 2700 System windows directory: C:\Windows
11:19:46.0582 2700 Running under WOW64
11:19:46.0582 2700 Processor architecture: Intel x64
11:19:46.0582 2700 Number of processors: 4
11:19:46.0582 2700 Page size: 0x1000
11:19:46.0582 2700 Boot type: Normal boot
11:19:46.0582 2700 ============================================================
11:19:47.0674 2700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:19:47.0690 2700 ============================================================
11:19:47.0690 2700 \Device\Harddisk0\DR0:
11:19:47.0690 2700 MBR partitions:
11:19:47.0690 2700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2578000
11:19:47.0690 2700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258C000, BlocksNum 0x22EA2000
11:19:47.0690 2700 ============================================================
11:19:47.0752 2700 C: <-> \Device\Harddisk0\DR0\Partition1
11:19:47.0752 2700 ============================================================
11:19:47.0752 2700 Initialize success
11:19:47.0752 2700 ============================================================
11:19:51.0839 7696 ============================================================
11:19:51.0839 7696 Scan started
11:19:51.0839 7696 Mode: Manual;
11:19:51.0839 7696 ============================================================
11:19:53.0181 7696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
11:19:53.0197 7696 1394ohci - ok
11:19:53.0399 7696 Acceler (627371b2d48f64cecc4d019114fb140d) C:\Windows\system32\DRIVERS\Accelern.sys
11:19:53.0415 7696 Acceler - ok
11:19:53.0805 7696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:19:53.0821 7696 ACPI - ok
11:19:53.0930 7696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:19:53.0930 7696 AcpiPmi - ok
11:19:54.0694 7696 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:19:54.0710 7696 AdobeFlashPlayerUpdateSvc - ok
11:19:54.0835 7696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:19:54.0850 7696 adp94xx - ok
11:19:54.0975 7696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:19:54.0975 7696 adpahci - ok
11:19:55.0365 7696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:19:55.0381 7696 adpu320 - ok
11:19:55.0615 7696 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:19:55.0630 7696 AeLookupSvc - ok
11:19:55.0973 7696 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:19:55.0989 7696 AERTFilters - ok
11:19:56.0114 7696 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:19:56.0114 7696 AFD - ok
11:19:56.0239 7696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:19:56.0270 7696 agp440 - ok
11:19:56.0332 7696 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:19:56.0348 7696 ALG - ok
11:19:56.0519 7696 AlienFusionService (a99e57669390f265d25288c8ba042d78) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
11:19:56.0519 7696 AlienFusionService - ok
11:19:56.0551 7696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:19:56.0551 7696 aliide - ok
11:19:56.0582 7696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:19:56.0582 7696 amdide - ok
11:19:56.0613 7696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:19:56.0613 7696 AmdK8 - ok
11:19:56.0707 7696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:19:56.0722 7696 AmdPPM - ok
11:19:56.0941 7696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:19:56.0956 7696 amdsata - ok
11:19:57.0034 7696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:19:57.0050 7696 amdsbs - ok
11:19:57.0190 7696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:19:57.0206 7696 amdxata - ok
11:19:57.0393 7696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:19:57.0393 7696 AppID - ok
11:19:57.0565 7696 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:19:57.0580 7696 AppIDSvc - ok
11:19:57.0892 7696 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:19:57.0908 7696 Appinfo - ok
11:19:58.0360 7696 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:19:58.0407 7696 Apple Mobile Device - ok
11:19:58.0657 7696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:19:58.0672 7696 arc - ok
11:19:58.0953 7696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:19:58.0953 7696 arcsas - ok
11:19:59.0405 7696 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:19:59.0452 7696 aspnet_state - ok
11:19:59.0483 7696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:19:59.0483 7696 AsyncMac - ok
11:19:59.0530 7696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:19:59.0530 7696 atapi - ok
11:19:59.0624 7696 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:19:59.0733 7696 AudioEndpointBuilder - ok
11:19:59.0749 7696 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:19:59.0764 7696 AudioSrv - ok
11:20:00.0310 7696 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:20:00.0341 7696 AxInstSV - ok
11:20:00.0466 7696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:20:00.0497 7696 b06bdrv - ok
11:20:00.0622 7696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:20:00.0622 7696 b57nd60a - ok
11:20:00.0763 7696 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
11:20:00.0778 7696 BCM42RLY - ok
11:20:01.0168 7696 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:20:01.0246 7696 BCM43XX - ok
11:20:01.0792 7696 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:20:01.0808 7696 BDESVC - ok
11:20:01.0901 7696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:20:01.0901 7696 Beep - ok
11:20:02.0167 7696 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:20:02.0182 7696 BFE - ok
11:20:02.0276 7696 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:20:02.0291 7696 BITS - ok
11:20:02.0697 7696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:20:02.0713 7696 blbdrive - ok
11:20:02.0853 7696 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:20:02.0900 7696 Bonjour Service - ok
11:20:03.0259 7696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:20:03.0274 7696 bowser - ok
11:20:03.0352 7696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:20:03.0368 7696 BrFiltLo - ok
11:20:03.0415 7696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:20:03.0415 7696 BrFiltUp - ok
11:20:03.0820 7696 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:20:03.0836 7696 BridgeMP - ok
11:20:04.0429 7696 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:20:04.0444 7696 Browser - ok
11:20:05.0349 7696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:20:05.0365 7696 Brserid - ok
11:20:05.0583 7696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:20:05.0599 7696 BrSerWdm - ok
11:20:05.0692 7696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:20:05.0708 7696 BrUsbMdm - ok
11:20:05.0755 7696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:20:05.0770 7696 BrUsbSer - ok
11:20:06.0035 7696 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
11:20:06.0051 7696 BthEnum - ok
11:20:06.0332 7696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:20:06.0363 7696 BTHMODEM - ok
11:20:06.0800 7696 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:20:06.0815 7696 BthPan - ok
11:20:07.0159 7696 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
11:20:07.0174 7696 BTHPORT - ok
11:20:07.0237 7696 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:20:07.0237 7696 bthserv - ok
11:20:07.0299 7696 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
11:20:07.0299 7696 BTHUSB - ok
11:20:07.0377 7696 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
11:20:07.0393 7696 btwaudio - ok
11:20:07.0892 7696 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
11:20:07.0892 7696 btwavdt - ok
11:20:08.0095 7696 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:20:08.0126 7696 btwdins - ok
11:20:08.0204 7696 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:20:08.0204 7696 btwl2cap - ok
11:20:08.0235 7696 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
11:20:08.0235 7696 btwrchid - ok
11:20:08.0953 7696 CarboniteService (9da7d983b4e9ea2d065edf566ca64fc8) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
11:20:09.0093 7696 CarboniteService - ok
11:20:09.0421 7696 catchme - ok
11:20:09.0811 7696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:20:09.0826 7696 cdfs - ok
11:20:10.0403 7696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:20:10.0419 7696 cdrom - ok
11:20:10.0715 7696 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:20:10.0731 7696 CertPropSvc - ok
11:20:10.0747 7696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:20:10.0762 7696 circlass - ok
11:20:11.0480 7696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:20:11.0495 7696 CLFS - ok
11:20:11.0620 7696 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:11.0636 7696 clr_optimization_v2.0.50727_32 - ok
11:20:11.0698 7696 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:20:11.0714 7696 clr_optimization_v2.0.50727_64 - ok
11:20:12.0119 7696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:20:12.0260 7696 clr_optimization_v4.0.30319_32 - ok
11:20:12.0369 7696 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:20:12.0400 7696 clr_optimization_v4.0.30319_64 - ok
11:20:12.0431 7696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:20:12.0431 7696 CmBatt - ok
11:20:12.0447 7696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:20:12.0447 7696 cmdide - ok
11:20:12.0619 7696 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:20:12.0619 7696 CNG - ok
11:20:12.0712 7696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:20:12.0728 7696 Compbatt - ok
11:20:12.0790 7696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:20:12.0790 7696 CompositeBus - ok
11:20:12.0806 7696 COMSysApp - ok
11:20:12.0899 7696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:20:12.0931 7696 crcdisk - ok
11:20:13.0243 7696 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:20:13.0274 7696 CryptSvc - ok
11:20:13.0383 7696 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:20:13.0399 7696 CtClsFlt - ok
11:20:13.0508 7696 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:20:13.0523 7696 DcomLaunch - ok
11:20:13.0695 7696 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:20:13.0726 7696 defragsvc - ok
11:20:14.0023 7696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:20:14.0038 7696 DfsC - ok
11:20:14.0303 7696 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:20:14.0319 7696 Dhcp - ok
11:20:14.0491 7696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:20:14.0491 7696 discache - ok
11:20:14.0756 7696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:20:14.0771 7696 Disk - ok
11:20:15.0130 7696 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:20:15.0146 7696 Dnscache - ok
11:20:15.0208 7696 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:20:15.0208 7696 dot3svc - ok
11:20:15.0239 7696 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:20:15.0239 7696 DPS - ok
11:20:15.0317 7696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:20:15.0317 7696 drmkaud - ok
11:20:15.0583 7696 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:20:15.0598 7696 dtsoftbus01 - ok
11:20:15.0817 7696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:20:15.0848 7696 DXGKrnl - ok
11:20:15.0941 7696 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:20:15.0957 7696 EapHost - ok
11:20:16.0253 7696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:20:16.0331 7696 ebdrv - ok
11:20:16.0690 7696 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:20:16.0706 7696 EFS - ok
11:20:16.0815 7696 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:20:16.0831 7696 ehRecvr - ok
11:20:17.0127 7696 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:20:17.0143 7696 ehSched - ok
11:20:17.0330 7696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:20:17.0361 7696 elxstor - ok
11:20:17.0470 7696 EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS
11:20:17.0486 7696 EMSC - ok
11:20:17.0548 7696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:20:17.0548 7696 ErrDev - ok
11:20:17.0657 7696 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:20:17.0673 7696 EventSystem - ok
11:20:17.0813 7696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:20:17.0829 7696 exfat - ok
11:20:17.0985 7696 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
11:20:18.0001 7696 FACAP - ok
11:20:18.0609 7696 FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
11:20:18.0671 7696 FAService - ok
11:20:19.0030 7696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:20:19.0046 7696 fastfat - ok
11:20:19.0139 7696 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:20:19.0155 7696 Fax - ok
11:20:19.0171 7696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:20:19.0186 7696 fdc - ok
11:20:19.0280 7696 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:20:19.0280 7696 fdPHost - ok
11:20:19.0389 7696 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:20:19.0405 7696 FDResPub - ok
11:20:19.0436 7696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:20:19.0436 7696 FileInfo - ok
11:20:19.0467 7696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:20:19.0483 7696 Filetrace - ok
11:20:19.0498 7696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:20:19.0498 7696 flpydisk - ok
11:20:19.0545 7696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:20:19.0561 7696 FltMgr - ok
11:20:19.0748 7696 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:20:19.0795 7696 FontCache - ok
11:20:19.0888 7696 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:20:19.0888 7696 FontCache3.0.0.0 - ok
11:20:20.0013 7696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:20:20.0029 7696 FsDepends - ok
11:20:20.0122 7696 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:20:20.0138 7696 Fs_Rec - ok
11:20:20.0403 7696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:20:20.0419 7696 fvevol - ok
11:20:20.0465 7696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:20:20.0465 7696 gagp30kx - ok
11:20:20.0575 7696 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:20:20.0590 7696 GEARAspiWDM - ok
11:20:21.0199 7696 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:20:21.0230 7696 gpsvc - ok
11:20:21.0620 7696 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:20:21.0635 7696 gupdate - ok
11:20:21.0698 7696 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:20:21.0698 7696 gupdatem - ok
11:20:21.0823 7696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:20:21.0838 7696 hcw85cir - ok
11:20:22.0369 7696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:20:22.0384 7696 HDAudBus - ok
11:20:22.0509 7696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:20:22.0540 7696 HidBatt - ok
11:20:22.0556 7696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:20:22.0571 7696 HidBth - ok
11:20:22.0618 7696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:20:22.0634 7696 HidIr - ok
11:20:22.0712 7696 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:20:22.0727 7696 hidserv - ok
11:20:22.0868 7696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:20:22.0899 7696 HidUsb - ok
11:20:23.0289 7696 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:20:23.0320 7696 hkmsvc - ok
11:20:23.0726 7696 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:20:23.0741 7696 HomeGroupListener - ok
11:20:24.0334 7696 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:20:24.0365 7696 HomeGroupProvider - ok
11:20:24.0646 7696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:20:24.0662 7696 HpSAMD - ok
11:20:25.0067 7696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:20:25.0099 7696 HTTP - ok
11:20:25.0145 7696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:20:25.0145 7696 hwpolicy - ok
11:20:25.0504 7696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:20:25.0535 7696 i8042prt - ok
11:20:25.0816 7696 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
11:20:25.0832 7696 iaStor - ok
11:20:26.0019 7696 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:20:26.0019 7696 IAStorDataMgrSvc - ok
11:20:26.0144 7696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:20:26.0159 7696 iaStorV - ok
11:20:26.0315 7696 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:20:26.0315 7696 IDriverT - ok
11:20:26.0503 7696 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:20:26.0549 7696 idsvc - ok
11:20:27.0875 7696 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:20:28.0109 7696 igfx - ok
11:20:28.0421 7696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:20:28.0437 7696 iirsp - ok
11:20:28.0515 7696 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:20:28.0562 7696 IKEEXT - ok
11:20:28.0687 7696 InstallFilterService (a4a87c2f228dd2ac93dae94e103792d3) C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
11:20:28.0702 7696 InstallFilterService - ok
11:20:28.0952 7696 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
11:20:29.0014 7696 IntcAzAudAddService - ok
11:20:29.0357 7696 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:20:29.0389 7696 IntcDAud - ok
11:20:29.0420 7696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:20:29.0420 7696 intelide - ok
11:20:29.0451 7696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:20:29.0451 7696 intelppm - ok
11:20:29.0669 7696 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
11:20:29.0669 7696 IntuitUpdateServiceV4 - ok
11:20:29.0747 7696 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:20:29.0747 7696 IPBusEnum - ok
11:20:29.0810 7696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:20:29.0810 7696 IpFilterDriver - ok
11:20:29.0903 7696 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:20:29.0950 7696 iphlpsvc - ok
11:20:29.0997 7696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:20:29.0997 7696 IPMIDRV - ok
11:20:30.0044 7696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:20:30.0044 7696 IPNAT - ok
11:20:30.0683 7696 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:20:30.0715 7696 iPod Service - ok
11:20:30.0824 7696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:20:30.0855 7696 IRENUM - ok
11:20:30.0933 7696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:20:30.0933 7696 isapnp - ok
11:20:31.0011 7696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:20:31.0027 7696 iScsiPrt - ok
11:20:31.0120 7696 JMCR (1ea84fc4df200ff77a823078532123bf) C:\Windows\system32\DRIVERS\jmcr.sys
11:20:31.0136 7696 JMCR - ok
11:20:31.0261 7696 johci (0b585d18c93379227fa2a645181a6da2) C:\Windows\system32\drivers\johci.sys
11:20:31.0276 7696 johci - ok
11:20:31.0479 7696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:20:31.0495 7696 kbdclass - ok
11:20:31.0588 7696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:20:31.0604 7696 kbdhid - ok
11:20:31.0775 7696 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:31.0775 7696 KeyIso - ok
11:20:31.0916 7696 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:20:31.0931 7696 KSecDD - ok
11:20:32.0306 7696 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:20:32.0321 7696 KSecPkg - ok
11:20:32.0431 7696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:20:32.0446 7696 ksthunk - ok
11:20:32.0524 7696 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:20:32.0540 7696 KtmRm - ok
11:20:32.0649 7696 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
11:20:32.0649 7696 L1C - ok
11:20:32.0774 7696 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:20:32.0805 7696 LanmanServer - ok
11:20:32.0883 7696 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:20:32.0883 7696 LanmanWorkstation - ok
11:20:32.0992 7696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:20:32.0992 7696 lltdio - ok
11:20:33.0335 7696 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:20:33.0351 7696 lltdsvc - ok
11:20:33.0413 7696 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:20:33.0413 7696 lmhosts - ok
11:20:33.0491 7696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:20:33.0491 7696 LSI_FC - ok
11:20:33.0538 7696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:20:33.0538 7696 LSI_SAS - ok
11:20:33.0554 7696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:20:33.0554 7696 LSI_SAS2 - ok
11:20:33.0569 7696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:20:33.0569 7696 LSI_SCSI - ok
11:20:33.0663 7696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:20:33.0663 7696 luafv - ok
11:20:33.0835 7696 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:20:33.0850 7696 MBAMProtector - ok
11:20:35.0691 7696 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:20:35.0722 7696 MBAMService - ok
11:20:35.0753 7696 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:20:35.0769 7696 Mcx2Svc - ok
11:20:35.0816 7696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:20:35.0816 7696 megasas - ok
11:20:35.0878 7696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:20:35.0894 7696 MegaSR - ok
11:20:36.0050 7696 Microsoft SharePoint Workspace Audit Service - ok
11:20:36.0143 7696 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:20:36.0159 7696 MMCSS - ok
11:20:36.0206 7696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:20:36.0206 7696 Modem - ok
11:20:36.0315 7696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:20:36.0315 7696 monitor - ok
11:20:36.0362 7696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:20:36.0362 7696 mouclass - ok
11:20:36.0518 7696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:20:36.0533 7696 mouhid - ok
11:20:36.0611 7696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:20:36.0611 7696 mountmgr - ok
11:20:36.0627 7696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:20:36.0627 7696 mpio - ok
11:20:36.0658 7696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:20:36.0674 7696 mpsdrv - ok
11:20:36.0845 7696 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:20:36.0877 7696 MpsSvc - ok
11:20:36.0908 7696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:20:36.0908 7696 MRxDAV - ok
11:20:37.0017 7696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:20:37.0033 7696 mrxsmb - ok
11:20:37.0079 7696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:20:37.0095 7696 mrxsmb10 - ok
11:20:37.0142 7696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:20:37.0142 7696 mrxsmb20 - ok
11:20:37.0220 7696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:20:37.0220 7696 msahci - ok
11:20:37.0267 7696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:20:37.0282 7696 msdsm - ok
11:20:37.0376 7696 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:20:37.0407 7696 MSDTC - ok
11:20:37.0516 7696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:20:37.0532 7696 Msfs - ok
11:20:37.0594 7696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:20:37.0594 7696 mshidkmdf - ok
11:20:37.0625 7696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:20:37.0625 7696 msisadrv - ok
11:20:37.0688 7696 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:20:37.0719 7696 MSiSCSI - ok
11:20:37.0719 7696 msiserver - ok
11:20:37.0781 7696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:20:37.0781 7696 MSKSSRV - ok
11:20:37.0844 7696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:20:37.0844 7696 MSPCLOCK - ok
11:20:37.0875 7696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:20:37.0875 7696 MSPQM - ok
11:20:38.0078 7696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:20:38.0093 7696 MsRPC - ok
11:20:38.0249 7696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:20:38.0265 7696 mssmbios - ok
11:20:38.0374 7696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:20:38.0374 7696 MSTEE - ok
11:20:38.0390 7696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:20:38.0390 7696 MTConfig - ok
11:20:38.0608 7696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:20:38.0624 7696 Mup - ok
11:20:38.0733 7696 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:20:38.0749 7696 napagent - ok
11:20:38.0827 7696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:20:38.0858 7696 NativeWifiP - ok
11:20:38.0998 7696 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:20:39.0029 7696 NDIS - ok
11:20:39.0092 7696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:20:39.0092 7696 NdisCap - ok
11:20:39.0170 7696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:20:39.0201 7696 NdisTapi - ok
11:20:39.0419 7696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:20:39.0451 7696 Ndisuio - ok
11:20:40.0012 7696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:20:40.0043 7696 NdisWan - ok
11:20:40.0075 7696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:20:40.0090 7696 NDProxy - ok
11:20:40.0277 7696 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
11:20:40.0309 7696 Netaapl - ok
11:20:40.0355 7696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:20:40.0355 7696 NetBIOS - ok
11:20:40.0402 7696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:20:40.0418 7696 NetBT - ok
11:20:40.0543 7696 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:40.0543 7696 Netlogon - ok
11:20:40.0621 7696 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:20:40.0667 7696 Netman - ok
11:20:40.0886 7696 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:40.0886 7696 NetMsmqActivator - ok
11:20:40.0886 7696 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:40.0901 7696 NetPipeActivator - ok
11:20:40.0964 7696 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:20:40.0979 7696 netprofm - ok
11:20:40.0979 7696 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:40.0979 7696 NetTcpActivator - ok
11:20:40.0995 7696 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:20:40.0995 7696 NetTcpPortSharing - ok
11:20:41.0104 7696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:20:41.0104 7696 nfrd960 - ok
11:20:41.0291 7696 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:20:41.0338 7696 NlaSvc - ok
11:20:41.0416 7696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:20:41.0416 7696 Npfs - ok
11:20:41.0432 7696 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:20:41.0432 7696 nsi - ok
11:20:41.0447 7696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:20:41.0447 7696 nsiproxy - ok
11:20:41.0681 7696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:20:41.0744 7696 Ntfs - ok
11:20:42.0290 7696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:20:42.0290 7696 Null - ok
11:20:43.0663 7696 nvlddmkm (aa1c3bd716d9bd1cee4524f028a783d7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:20:43.0928 7696 nvlddmkm - ok
11:20:44.0318 7696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:20:44.0333 7696 nvraid - ok
11:20:44.0411 7696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:20:44.0443 7696 nvstor - ok
11:20:44.0895 7696 nvsvc (f073c28f99f6f24a590ad2b7d3ade6b7) C:\Windows\system32\nvvsvc.exe
11:20:44.0911 7696 nvsvc - ok
11:20:46.0221 7696 nvUpdatusService (3808b92f391c1154df0c8aaa79f76ecb) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:20:46.0268 7696 nvUpdatusService - ok
11:20:46.0829 7696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:20:46.0845 7696 nv_agp - ok
11:20:47.0141 7696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:20:47.0157 7696 ohci1394 - ok
11:20:47.0329 7696 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:20:47.0344 7696 ose - ok
11:20:48.0748 7696 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:20:48.0842 7696 osppsvc - ok
11:20:50.0230 7696 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:20:50.0246 7696 p2pimsvc - ok
11:20:50.0308 7696 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:20:50.0324 7696 p2psvc - ok
11:20:50.0636 7696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:20:50.0636 7696 Parport - ok
11:20:50.0823 7696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:20:50.0839 7696 partmgr - ok
11:20:50.0901 7696 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:20:50.0901 7696 PcaSvc - ok
11:20:51.0338 7696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:20:51.0369 7696 pci - ok
11:20:51.0400 7696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:20:51.0400 7696 pciide - ok
11:20:51.0977 7696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:20:52.0009 7696 pcmcia - ok
11:20:52.0071 7696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:20:52.0071 7696 pcw - ok
11:20:52.0570 7696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:20:52.0601 7696 PEAUTH - ok
11:20:52.0789 7696 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:20:52.0804 7696 PerfHost - ok
11:20:52.0976 7696 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:20:53.0007 7696 pla - ok
11:20:53.0491 7696 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:20:53.0506 7696 PlugPlay - ok
11:20:53.0600 7696 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:20:53.0631 7696 PNRPAutoReg - ok
11:20:54.0193 7696 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:20:54.0208 7696 PNRPsvc - ok
11:20:54.0286 7696 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:20:54.0317 7696 PolicyAgent - ok
11:20:54.0957 7696 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:20:54.0973 7696 Power - ok
11:20:55.0628 7696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:20:55.0659 7696 PptpMiniport - ok
11:20:55.0690 7696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:20:55.0690 7696 Processor - ok
11:20:55.0862 7696 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:20:55.0877 7696 ProfSvc - ok
11:20:55.0924 7696 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:20:55.0924 7696 ProtectedStorage - ok
11:20:56.0018 7696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:20:56.0018 7696 Psched - ok
11:20:56.0205 7696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:20:56.0236 7696 ql2300 - ok
11:20:56.0517 7696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:20:56.0517 7696 ql40xx - ok
11:20:56.0579 7696 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:20:56.0595 7696 QWAVE - ok
11:20:56.0611 7696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:20:56.0626 7696 QWAVEdrv - ok
11:20:56.0626 7696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:20:56.0626 7696 RasAcd - ok
11:20:56.0876 7696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:20:56.0907 7696 RasAgileVpn - ok
11:20:57.0235 7696 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:20:57.0250 7696 RasAuto - ok
11:20:57.0391 7696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:20:57.0391 7696 Rasl2tp - ok
11:20:57.0453 7696 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:20:57.0484 7696 RasMan - ok
11:20:57.0547 7696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:20:57.0547 7696 RasPppoe - ok
11:20:57.0952 7696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:20:57.0983 7696 RasSstp - ok
11:20:58.0217 7696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:20:58.0264 7696 rdbss - ok
11:20:58.0451 7696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:20:58.0467 7696 rdpbus - ok
11:20:58.0498 7696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:20:58.0498 7696 RDPCDD - ok
11:20:58.0514 7696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:20:58.0514 7696 RDPENCDD - ok
11:20:58.0545 7696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:20:58.0545 7696 RDPREFMP - ok
11:20:59.0387 7696 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:20:59.0419 7696 RDPWD - ok
11:20:59.0637 7696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:20:59.0653 7696 rdyboost - ok
11:21:00.0105 7696 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:21:00.0136 7696 RemoteAccess - ok
11:21:00.0760 7696 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:21:00.0791 7696 RemoteRegistry - ok
11:21:01.0493 7696 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:21:01.0509 7696 RFCOMM - ok
11:21:01.0571 7696 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:21:01.0587 7696 RpcEptMapper - ok
11:21:01.0649 7696 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:21:01.0649 7696 RpcLocator - ok
11:21:01.0915 7696 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:21:01.0930 7696 RpcSs - ok
11:21:02.0242 7696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:21:02.0258 7696 rspndr - ok
11:21:02.0445 7696 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:02.0445 7696 SamSs - ok
11:21:02.0492 7696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:21:02.0492 7696 sbp2port - ok
11:21:02.0539 7696 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:21:02.0554 7696 SCardSvr - ok
11:21:02.0663 7696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:21:02.0679 7696 scfilter - ok
11:21:03.0085 7696 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:21:03.0131 7696 Schedule - ok
11:21:03.0287 7696 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:21:03.0287 7696 SCPolicySvc - ok
11:21:03.0599 7696 ScrybeUpdater (b60e9769655ddee8368e3abb6668e076) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
11:21:03.0646 7696 ScrybeUpdater - ok
11:21:04.0582 7696 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:21:04.0598 7696 SDRSVC - ok
11:21:04.0754 7696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:21:04.0785 7696 secdrv - ok
11:21:04.0910 7696 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:21:04.0941 7696 seclogon - ok
11:21:05.0144 7696 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:21:05.0159 7696 SENS - ok
11:21:05.0300 7696 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:21:05.0347 7696 SensrSvc - ok
11:21:05.0440 7696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:21:05.0456 7696 Serenum - ok
11:21:05.0924 7696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:21:05.0955 7696 Serial - ok
11:21:06.0080 7696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:21:06.0111 7696 sermouse - ok
11:21:06.0189 7696 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:21:06.0220 7696 SessionEnv - ok
11:21:06.0251 7696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:21:06.0314 7696 sffdisk - ok
11:21:06.0314 7696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:21:06.0314 7696 sffp_mmc - ok
11:21:06.0329 7696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:21:06.0329 7696 sffp_sd - ok
11:21:06.0345 7696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:21:06.0345 7696 sfloppy - ok
11:21:06.0735 7696 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
11:21:06.0797 7696 SftService - ok
11:21:07.0328 7696 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:21:07.0343 7696 SharedAccess - ok
11:21:07.0437 7696 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:21:07.0437 7696 ShellHWDetection - ok
11:21:07.0515 7696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:21:07.0515 7696 SiSRaid2 - ok
11:21:07.0515 7696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:21:07.0531 7696 SiSRaid4 - ok
11:21:07.0609 7696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:21:07.0624 7696 Smb - ok
11:21:07.0780 7696 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:21:07.0811 7696 SNMPTRAP - ok
11:21:07.0874 7696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:21:07.0889 7696 spldr - ok
11:21:08.0092 7696 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:21:08.0108 7696 Spooler - ok
11:21:09.0543 7696 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:21:09.0652 7696 sppsvc - ok
11:21:10.0370 7696 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:21:10.0370 7696 sppuinotify - ok
11:21:10.0526 7696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:21:10.0541 7696 srv - ok
11:21:11.0415 7696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:21:11.0431 7696 srv2 - ok
11:21:11.0462 7696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:21:11.0477 7696 srvnet - ok
11:21:12.0257 7696 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:21:12.0289 7696 SSDPSRV - ok
11:21:12.0523 7696 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:21:12.0554 7696 SstpSvc - ok
11:21:12.0710 7696 stdflt (c568fdb21ce77a44fd166f28f104ac46) C:\Windows\system32\DRIVERS\stdfltn.sys
11:21:12.0725 7696 stdflt - ok
11:21:12.0866 7696 Steam Client Service - ok
11:21:13.0006 7696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:21:13.0037 7696 stexstor - ok
11:21:13.0568 7696 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:21:13.0615 7696 stisvc - ok
11:21:13.0677 7696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:21:13.0677 7696 swenum - ok
11:21:13.0817 7696 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:21:13.0849 7696 swprv - ok
11:21:14.0083 7696 SynTP (8df6c536ece3b538978b53c223ab905d) C:\Windows\system32\DRIVERS\SynTP.sys
11:21:14.0114 7696 SynTP - ok
11:21:16.0844 7696 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:21:16.0891 7696 SysMain - ok
11:21:17.0546 7696 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:21:17.0561 7696 TabletInputService - ok
11:21:18.0872 7696 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:21:18.0903 7696 TapiSrv - ok
11:21:19.0059 7696 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:21:19.0090 7696 TBS - ok
11:21:20.0135 7696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:21:20.0198 7696 Tcpip - ok
11:21:20.0869 7696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:21:20.0900 7696 TCPIP6 - ok
11:21:21.0196 7696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:21:21.0212 7696 tcpipreg - ok
11:21:21.0259 7696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:21:21.0259 7696 TDPIPE - ok
11:21:21.0352 7696 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:21:21.0352 7696 TDTCP - ok
11:21:21.0446 7696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:21:21.0461 7696 tdx - ok
11:21:21.0524 7696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
11:21:21.0524 7696 TermDD - ok
11:21:21.0617 7696 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:21:21.0649 7696 TermService - ok
11:21:21.0820 7696 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:21:21.0851 7696 Themes - ok
11:21:22.0179 7696 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:21:22.0179 7696 THREADORDER - ok
11:21:22.0741 7696 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:21:22.0772 7696 TrkWks - ok
11:21:23.0037 7696 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:21:23.0053 7696 TrustedInstaller - ok
11:21:23.0287 7696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:21:23.0302 7696 tssecsrv - ok
11:21:23.0583 7696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:21:23.0614 7696 TsUsbFlt - ok
11:21:23.0739 7696 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:21:23.0755 7696 TsUsbGD - ok
11:21:24.0363 7696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:21:24.0394 7696 tunnel - ok
11:21:24.0644 7696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:21:24.0675 7696 uagp35 - ok
11:21:25.0096 7696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:21:25.0112 7696 udfs - ok
11:21:25.0315 7696 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:21:25.0346 7696 UI0Detect - ok
11:21:25.0658 7696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:21:25.0689 7696 uliagpkx - ok
11:21:25.0876 7696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:21:25.0908 7696 umbus - ok
11:21:25.0986 7696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:21:25.0986 7696 UmPass - ok
11:21:26.0048 7696 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:21:26.0048 7696 upnphost - ok
11:21:26.0376 7696 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:21:26.0407 7696 USBAAPL64 - ok
11:21:26.0734 7696 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
11:21:26.0750 7696 usbccgp - ok
11:21:27.0171 7696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:21:27.0202 7696 usbcir - ok
11:21:27.0452 7696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:21:27.0468 7696 usbehci - ok
11:21:28.0123 7696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:21:28.0138 7696 usbhub - ok
11:21:28.0185 7696 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:21:28.0185 7696 usbohci - ok
11:21:28.0326 7696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:21:28.0357 7696 usbprint - ok
11:21:28.0575 7696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:21:28.0591 7696 usbscan - ok
11:21:28.0996 7696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:21:29.0012 7696 USBSTOR - ok
11:21:29.0152 7696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:21:29.0184 7696 usbuhci - ok
11:21:29.0636 7696 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:21:29.0667 7696 usbvideo - ok
11:21:29.0854 7696 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:21:29.0886 7696 UxSms - ok
11:21:30.0057 7696 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:30.0057 7696 VaultSvc - ok
11:21:30.0135 7696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:21:30.0135 7696 vdrvroot - ok
11:21:30.0759 7696 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:21:30.0806 7696 vds - ok
11:21:30.0993 7696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:21:31.0009 7696 vga - ok
11:21:31.0180 7696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:21:31.0212 7696 VgaSave - ok
11:21:32.0085 7696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:21:32.0116 7696 vhdmp - ok
11:21:32.0241 7696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:21:32.0272 7696 viaide - ok
11:21:32.0631 7696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:21:32.0662 7696 volmgr - ok
11:21:33.0364 7696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:21:33.0380 7696 volmgrx - ok
11:21:33.0458 7696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:21:33.0474 7696 volsnap - ok
11:21:34.0144 7696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:21:34.0160 7696 vsmraid - ok
11:21:34.0550 7696 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:21:34.0597 7696 VSS - ok
11:21:36.0625 7696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:21:36.0656 7696 vwifibus - ok
11:21:36.0874 7696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:21:36.0890 7696 vwififlt - ok
11:21:38.0138 7696 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:21:38.0169 7696 W32Time - ok
11:21:38.0341 7696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:21:38.0372 7696 WacomPen - ok
11:21:38.0668 7696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:38.0700 7696 WANARP - ok
11:21:38.0731 7696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:38.0731 7696 Wanarpv6 - ok
11:21:39.0105 7696 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:21:39.0121 7696 WatAdminSvc - ok
11:21:39.0355 7696 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:21:39.0386 7696 wbengine - ok
11:21:39.0589 7696 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:21:39.0604 7696 WbioSrvc - ok
11:21:40.0166 7696 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:21:40.0197 7696 wcncsvc - ok
11:21:40.0416 7696 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:21:40.0447 7696 WcsPlugInService - ok
11:21:40.0962 7696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:21:40.0977 7696 Wd - ok
11:21:42.0428 7696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:21:42.0475 7696 Wdf01000 - ok
11:21:42.0693 7696 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:21:42.0693 7696 WdiServiceHost - ok
11:21:42.0709 7696 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:21:42.0709 7696 WdiSystemHost - ok
11:21:42.0974 7696 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:21:42.0990 7696 WebClient - ok
11:21:43.0052 7696 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:21:43.0083 7696 Wecsvc - ok
11:21:43.0130 7696 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:21:43.0130 7696 wercplsupport - ok
11:21:43.0177 7696 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:21:43.0177 7696 WerSvc - ok
11:21:43.0270 7696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:21:43.0286 7696 WfpLwf - ok
11:21:43.0380 7696 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:21:43.0395 7696 WimFltr - ok
11:21:43.0489 7696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:21:43.0489 7696 WIMMount - ok
11:21:43.0645 7696 WinDefend - ok
11:21:43.0676 7696 WinHttpAutoProxySvc - ok
11:21:44.0113 7696 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:21:44.0144 7696 Winmgmt - ok
11:21:44.0971 7696 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:21:45.0033 7696 WinRM - ok
11:21:45.0548 7696 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:21:45.0564 7696 WinUsb - ok
11:21:45.0720 7696 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:21:45.0766 7696 Wlansvc - ok
11:21:46.0156 7696 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
11:21:46.0172 7696 wltrysvc - ok
11:21:46.0328 7696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:21:46.0328 7696 WmiAcpi - ok
11:21:47.0280 7696 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:21:47.0311 7696 wmiApSrv - ok
11:21:47.0373 7696 WMPNetworkSvc - ok
11:21:47.0404 7696 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:21:47.0404 7696 WPCSvc - ok
11:21:47.0436 7696 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:21:47.0436 7696 WPDBusEnum - ok
11:21:47.0482 7696 WRkrn (1cc13e5b83730a70012e6e5ee4bf8cac) C:\Windows\system32\drivers\WRkrn.sys
11:21:47.0482 7696 WRkrn - ok
11:21:48.0652 7696 WRSVC (4af5a0222ed10013f4c27deb3ea22837) C:\Program Files\Webroot\WRSA.exe
11:21:48.0652 7696 WRSVC - ok
11:21:48.0777 7696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:21:48.0777 7696 ws2ifsl - ok
11:21:49.0417 7696 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:21:49.0432 7696 wscsvc - ok
11:21:49.0448 7696 WSearch - ok
11:21:49.0994 7696 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:21:50.0088 7696 wuauserv - ok
11:21:50.0571 7696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:21:50.0571 7696 WudfPf - ok
11:21:51.0429 7696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:21:51.0460 7696 WUDFRd - ok
11:21:51.0601 7696 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:21:51.0601 7696 wudfsvc - ok
11:21:52.0584 7696 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:21:52.0615 7696 WwanSvc - ok
11:21:53.0301 7696 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:21:53.0348 7696 YahooAUService - ok
11:21:53.0426 7696 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:21:53.0504 7696 \Device\Harddisk0\DR0 - ok
11:21:53.0535 7696 Boot (0x1200) (b5be9a1fa167f6f5024b9093a8ece812) \Device\Harddisk0\DR0\Partition0
11:21:53.0551 7696 \Device\Harddisk0\DR0\Partition0 - ok
11:21:53.0582 7696 Boot (0x1200) (fe18a076432ac6ca5e2af76f49dd9f99) \Device\Harddisk0\DR0\Partition1
11:21:53.0582 7696 \Device\Harddisk0\DR0\Partition1 - ok
11:21:53.0582 7696 ============================================================
11:21:53.0582 7696 Scan finished
11:21:53.0582 7696 ============================================================
11:21:53.0598 7420 Detected object count: 0
11:21:53.0598 7420 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 11:23:50
-----------------------------
11:23:50.227 OS Version: Windows x64 6.1.7601 Service Pack 1
11:23:50.227 Number of processors: 4 586 0x2505
11:23:50.227 ComputerName: CAPTAIN-BIPTO UserName: Mikey
11:23:51.366 Initialize success
11:34:57.878 AVAST engine defs: 12042900
11:35:14.508 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:35:14.523 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
11:35:14.554 Disk 0 MBR read successfully
11:35:14.570 Disk 0 MBR scan
11:35:14.570 Disk 0 Windows VISTA default MBR code
11:35:14.586 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
11:35:14.601 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19184 MB offset 81920
11:35:14.617 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 286020 MB offset 39370752
11:35:14.648 Disk 0 scanning C:\Windows\system32\drivers
11:35:24.195 Service scanning
11:35:52.416 Modules scanning
11:35:52.431 Disk 0 trace - called modules:
11:35:52.478 ntoskrnl.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys iaStor.sys hal.dll
11:35:52.494 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a725060]
11:35:52.509 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa800a572c90]
11:35:52.509 5 stdfltn.sys[fffff88001d39af2] -> nt!IofCallDriver -> [0xfffffa800869b4e0]
11:35:52.525 7 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800869c050]
11:35:53.866 AVAST engine scan C:\Windows
11:35:56.737 AVAST engine scan C:\Windows\system32
11:36:07.580 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
11:36:08.375 File: C:\Windows\system32\ctprxy2k.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:36:58.856 File: C:\Windows\system32\orbmediaservice.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:37:00.650 File: C:\Windows\system32\pinger.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:37:38.995 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:37:41.241 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:39:10.208 AVAST engine scan C:\Windows\system32\drivers
11:39:23.204 AVAST engine scan C:\Users\Mikey
11:40:13.608 Disk 0 MBR has been saved successfully to "C:\Users\Mikey\Desktop\MBR.dat"
11:40:13.624 The log file has been saved successfully to "C:\Users\Mikey\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 AM

Posted 29 April 2012 - 11:55 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

file::
C:\Windows\system32\consrv.dll
C:\Windows\system32\ctprxy2k.dll
C:\Windows\system32\orbmediaservice.dll
C:\Windows\system32\pinger.dll
C:\Windows\assembly\GAC_32\Desktop.ini 
C:\Windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Mikey83

Mikey83
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 29 April 2012 - 05:58 PM

Here are the results from the CFScript:

ComboFix 12-04-29.02 - Mikey 04/29/2012 17:45:55.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7990.6210 [GMT -5:00]
Running from: c:\users\Mikey\Downloads\ComboFix.exe
Command switches used :: c:\users\Mikey\Desktop\CFScript.txt.txt
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\system32\consrv.dll"
"c:\windows\system32\ctprxy2k.dll"
"c:\windows\system32\orbmediaservice.dll"
"c:\windows\system32\pinger.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Mikey\AppData\Local\DT Soft\dxswezpk.dll
c:\windows\SysWow64\ac3file.ax
c:\windows\SysWow64\ac3filter.ax
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cdxareader.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\DCBassSource.ax
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\ffdshow.ax
c:\windows\SysWow64\FLVSplitter.ax
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\IVIVIDEO.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\RealMediaSplitter.ax
c:\windows\SysWow64\splitter.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
-- Previous Run --
.
c:\windows\regedit.exe . . . is infected!!
.
c:\windows\regedit.exe . . . is infected!!
.
Infected copy of c:\windows\SysWOW64\regedit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!SysWOW64!regedit.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 22:53 . 2012-04-29 22:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-29 22:53 . 2012-04-29 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 00:20 . 2012-04-29 01:11 -------- d-----w- C:\FRST
2012-04-28 12:26 . 2012-04-28 12:26 -------- d-----we c:\windows\system64
2012-04-28 02:34 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-28 02:34 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-28 02:34 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 02:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-28 02:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-28 02:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-28 02:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-28 02:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-28 02:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-28 02:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-28 02:03 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-28 02:01 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-28 02:01 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-28 00:24 . 2012-04-28 00:24 -------- d-----w- c:\program files\Carbonite
2012-04-28 00:23 . 2012-04-28 00:23 -------- d-----w- c:\programdata\Carbonite
2012-04-28 00:23 . 2012-04-28 00:23 -------- d-----w- c:\program files (x86)\Carbonite
2012-04-27 22:31 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 22:21 . 2012-04-29 22:38 148112 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-04-27 22:21 . 2012-04-27 22:21 112616 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-04-27 22:21 . 2012-04-28 12:25 -------- d-----w- c:\program files\Webroot
2012-04-27 21:20 . 2012-04-27 22:08 -------- d-----w- c:\program files (x86)\Webroot
2012-04-27 21:20 . 2012-04-29 16:18 -------- d-----w- c:\programdata\WRData
2012-04-27 20:01 . 2012-04-27 20:01 -------- d-----w- c:\users\Mikey\AppData\Roaming\Malwarebytes
2012-04-27 20:01 . 2012-04-27 20:01 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 20:01 . 2012-04-27 22:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 03:04 . 2012-04-27 22:15 -------- d-----w- c:\users\Mikey\AppData\Roaming\Yahoo!
2012-04-23 03:04 . 2012-04-27 22:15 -------- d-----w- c:\programdata\Yahoo! Companion
2012-04-23 03:04 . 2012-04-23 03:04 -------- d-----w- c:\programdata\Yahoo!
2012-04-23 03:03 . 2012-04-27 22:10 -------- d-----w- c:\program files (x86)\Yahoo!
2012-04-22 16:50 . 2012-04-22 16:50 -------- d-----w- c:\users\Mikey\My Backup Files
2012-04-22 07:53 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-22 07:53 . 2012-04-27 22:15 -------- d-----w- c:\programdata\AVAST Software
2012-04-22 07:53 . 2012-04-27 22:10 -------- d-----w- c:\program files\AVAST Software
2012-04-22 04:18 . 2012-04-27 22:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-22 04:17 . 2012-04-22 04:17 -------- d-----w- c:\users\Mikey\AppData\Local\{0C110F2D-8C32-11E1-826D-B8AC6F996F26}
2012-04-22 02:27 . 2012-04-29 01:43 -------- d-----w- c:\users\Mikey\AppData\Local\DT Soft
2012-04-21 01:53 . 2012-04-21 01:53 -------- d-----w- c:\program files\iPod
2012-04-21 01:53 . 2012-04-21 01:54 -------- d-----w- c:\program files\iTunes
2012-04-21 01:53 . 2012-04-21 01:54 -------- d-----w- c:\program files (x86)\iTunes
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-04-21 01:49 . 2012-04-21 01:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-04-21 01:49 . 2012-04-21 01:49 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-19 01:12 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47C7F3F6-85CF-4FB2-8A1C-67D21053B722}\mpengine.dll
2012-04-17 01:13 . 2012-04-17 01:13 -------- d-----w- c:\users\Mikey\AppData\Roaming\MPEG Streamclip
2012-04-15 13:02 . 2012-04-15 13:02 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-15 12:49 . 2012-04-15 13:02 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-15 12:49 . 2012-04-15 12:49 -------- d-----w- c:\windows\system32\Macromed
2012-04-13 23:54 . 2012-04-13 23:54 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-13 23:54 . 2012-04-13 23:54 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-04 03:20 . 2012-04-04 03:20 -------- d-----w- c:\program files (x86)\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 13:02 . 2011-09-15 02:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 02:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"DT Soft"="c:\users\Mikey\AppData\Local\DT Soft\dxswezpk.dll" [BU]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"FAStartup"="" [BU]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-08-13 1362544]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-04-13 503942]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-04-27 667208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-9-21 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-04-27 667208]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-26 60928]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-26 1612392]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 13:02]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 01:38]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 01:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 01:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-26 276584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"(Default)"="" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-04-13 5016112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AEADIFilters
s116nd5
incdrm
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{01876FEA-DF62-4B7D-AD11-2D47643971CC}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\dhgcgorv.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-29 17:57:09
ComboFix-quarantined-files.txt 2012-04-29 22:57
ComboFix2.txt 2012-04-28 12:12
ComboFix3.txt 2012-04-27 19:43
.
Pre-Run: 197,240,934,400 bytes free
Post-Run: 196,528,488,448 bytes free
.
- - End Of File - - 3938D0D0D79BF9BE7FF305227B11910D

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:08 AM

Posted 29 April 2012 - 06:11 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 27
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Mikey83

Mikey83
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 29 April 2012 - 06:53 PM

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?


Java and Adobe updates made as noted. MBAM Log below. When I tried to run HijackThis, I got an error stating that the system denied access to the Hosts file. After clicking "OK" a blank text notepad document opens.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mikey :: CAPTAIN-BIPTO [administrator]

Protection: Enabled

4/29/2012 6:38:25 PM
mbam-log-2012-04-29 (18-38-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223878
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users