Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bsod on startup please help.


  • This topic is locked This topic is locked
24 replies to this topic

#1 jkad

jkad

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 June 2012 - 10:41 AM

History: got home from work and wife told me laptop was not working, tried starting it up, it loaded bios screen then went to black screen with blinking cursor. Tried rebooting and hitting f8 to get to try and boot it in safe mode, but f8 would not work, immediately went back to black screen with cursor. I did not have Amy recovery disks for that computer, so I used the ones from my desktop, which allowed me to get to the system recovery options screen. Tried to restore, but it failed repeatedly on multiple points. Tried to run the start up repair, its only option was to try a system restore. Did some research on my desktop, and opened the command prompt, ran scanos first, it found Windows on my d: drive as expected, rans fixmbr and fixboot, restarted. And for about 2 seconds was elated to see Windows logo, till it stopped appearing and I got bsod Error code was oxoooo7b I think, am at work right now so can't verify. After that I could access the recovery and boot options by hitting f8. But now all system restore points are gone, can't load in safe mode or even last known good configuration and scanos finds 0 os. I'm at the point where the only thing I know to do is reformat and reinstall Windows, any suggestions before I try that, and will that solution solve my issue?

BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:04:27 AM

Posted 08 June 2012 - 11:24 AM

The first thing I would do is check the hardware.

Run the hard drive test.

HP has a memory test and/or hard drive test in the Bios.
Dell F12 when the Dell logo is on the screen press F12 for boot device menu and choose diagnostics.

Other brands run the Seagate drive test.
http://www.seagate.com/support/downloads/seatools/
Page has a Seatools for Dos since windows does not run. That page has a downloadable link for a CDRom ISO that can be burned to run the test.

Before playing around with software it is important at this time to be sure the hard drive is not failing.

Good Luck
Roger

Edited by rotor123, 08 June 2012 - 12:11 PM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#3 jkad

jkad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 June 2012 - 01:05 PM

Will try that when I get home, would chkdsk do the same? Ran that as well last night and it found no errors. Also wife finally mentioned avast has been blocking some url and everytime it removes a virus, it comes back on restart. She told me that today lol. Best to my knowledge fixmbr should have cleared that, but will be running Windows defender offline as well when I get home tonight. If I did somehow screw something up badly, I am not a techie, is there any good, preferrably free, programs put there to restore and repair your mbr?

#4 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:04:27 AM

Posted 08 June 2012 - 02:16 PM

OK, that changes things. I'm going to refer you to the specialist since you indicate a virus caused this problem.

Doing anything more without expert guidance can toast the windows installation.

Also I tried out the Windows defender offline software on a infected computer that was at least booting. When Windows defender offline was finished it was not booting. It failed my test that way. It did find things but killed the windows.

Edited by rotor123, 08 June 2012 - 02:22 PM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#5 jkad

jkad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 June 2012 - 02:29 PM

Well, thank you for your time, hope the specialist can help. If it makes things easier I just want it up and running, don't even care about salvaging any files on it.

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:27 AM

Posted 08 June 2012 - 02:52 PM

:welcome:

Running Fixmbr and / or fixboot can do more damage than benefit your computer.

Lets give it a try. You will need a USB Flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

If you already have FRST, this is a new version I need you to download.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 jkad

jkad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 June 2012 - 06:12 PM

here it is.

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
Ran by SYSTEM at 08-06-2012 19:05:19
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-10-27] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-10-27] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-10-27] (Intel Corporation)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [234832 2011-10-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-11-27] (cyberlink)
HKLM-x32\...\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [PCTD Service Activation] "C:\Program Files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" -checkcounter [28597760 2010-12-02] (OakTree Digital)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKU\JKAD\...\Run: [PlayNC Launcher] [x]
HKU\JKAD\...\Run: [Adobe] rundll32.exe "C:\Users\JKAD\AppData\Local\Apple Computer\Adobe\cutfvdw.dll",DllRegisterServer [683024 2012-05-22] ()
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\JKAD\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-07-13] (Microsoft Corporation)
2 CLKMSVC10_9EC60124; "C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe" /svc [248304 2011-09-27] (CyberLink)
3 DCDhcpService; "C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe" [111776 2011-08-24] (Atheros Communication Inc.)
2 DMAgent; "C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe" [498688 2011-06-14] (Red Bend Ltd.)
2 IconMan_R; "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" [2413056 2011-10-24] (Realsil Microelectronics Inc.)
2 jhi_service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll" /prefetch:1 [309688 2012-01-24] (Symantec Corporation)
3 npggsvc; C:\Windows\SysWow64\GameMon.des -service [4323256 2011-03-28] (INCA Internet Co., Ltd.)
2 Oasis2Service; "C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe" [53248 2012-02-09] (Digital Delivery Networks, Inc.)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [430136 2011-08-24] (Sony Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "&_" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\%C3 &_ Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [260768 2011-08-26] (Sony Corporation)
3 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [113824 2011-02-21] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [67232 2011-02-21] (Sony Corporation)
3 Sony SCSI Helper Service; "C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2011-09-23] (Sony Corporation)
3 SpfService; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe" [286936 2011-01-20] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656536 2011-10-26] (Intel Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe" [65464 2011-12-12] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [535176 2011-09-20] (Sony Corporation)
3 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [894624 2011-09-01] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [549408 2011-09-08] (Sony Corporation)
3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [385336 2011-02-18] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [101600 2011-08-26] (Sony Corporation)
3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [54432 2011-10-29] (Sony Corporation)
2 VIPAppService; "C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe" [82544 2011-07-12] (Symantec Corporation)
2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [960152 2012-01-12] (Sony Corporation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" [1245800 2011-10-27] (Sony Corporation)
2 WiMAXAppSrv; "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [986112 2011-06-14] (Intel® Corporation)

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2012-02-15] (Symantec Corporation)
3 bpenum; C:\Windows\System32\Drivers\bpenum.sys [84480 2011-05-19] (Intel Corporation)
3 bpmp; C:\Windows\System32\Drivers\bpmp.sys [182272 2011-05-19] (Intel Corporation)
3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [83968 2011-05-19] (Intel Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
3 e1yexpress; C:\Windows\System32\DRIVERS\e1y60x64.sys [281088 2009-06-10] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-26] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-26] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120303.003\IDSvia64.sys [488568 2012-02-24] (Symantec Corporation)
3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [34200 2011-06-21] (Intel Corporation)
3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [12289472 2011-10-27] (Intel Corporation)
3 iwdbus; C:\Windows\System32\Drivers\iwdbus.sys [25496 2011-06-21] (Intel Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120302.017\ENG64.SYS [117880 2012-03-03] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120302.017\EX64.SYS [2048632 2012-03-03] (Symantec Corporation)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8593920 2011-05-01] (Intel Corporation)
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45416 2011-08-01] (Microsoft Corporation)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [338536 2011-10-24] (Realtek Semiconductor Corp.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS [738936 2012-01-17] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS [37496 2012-01-17] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1306020.00A\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [1092728 2012-01-17] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-26] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [190072 2012-01-17] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [405624 2012-01-17] (Symantec Corporation)
3 wdkmd; C:\Windows\System32\Drivers\wdkmd.sys [42392 2011-06-21] (Intel Corporation)
3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-08 19:05 - 2012-06-08 19:05 - 00000000 ____D C:\FRST
2012-05-27 14:38 - 2012-05-27 14:38 - 00000000 ____D C:\Users\JKAD\AppData\Roaming\iolo
2012-05-27 13:44 - 2012-05-27 13:44 - 00262144 ____A C:\Windows\Minidump\052712-12214-01.dmp
2012-05-26 20:16 - 2012-05-26 20:16 - 00262144 ____A C:\Windows\Minidump\052712-11263-01.dmp
2012-05-26 20:08 - 2012-05-26 20:08 - 00000000 ____D C:\Users\JKAD\Documents\Diablo III
2012-05-26 19:11 - 2012-06-07 21:06 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-05-26 19:11 - 2012-05-26 19:49 - 00001193 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-26 19:11 - 2012-05-26 19:49 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-26 19:09 - 2012-05-26 19:09 - 00262144 ____A C:\Windows\Minidump\052612-18236-01.dmp
2012-05-26 19:02 - 2012-05-26 19:02 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment.temp
2012-05-26 19:02 - 2012-05-26 19:02 - 00000000 ____D C:\Program Files (x86)\Diablo III.temp
2012-05-26 19:02 - 2012-05-26 19:02 - 00000000 ____A C:\Users\Public\Desktop\Diablo III.lnk.temp
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\All Users\Battle.net
2012-05-24 12:41 - 2012-05-24 12:41 - 00262144 ____A C:\Windows\Minidump\052412-11840-01.dmp
2012-05-23 16:49 - 2012-05-24 16:31 - 00000000 ___SD C:\ComboFix
2012-05-23 16:10 - 2012-05-23 16:49 - 00000000 ____D C:\Windows\ERDNT
2012-05-23 16:08 - 2012-05-23 16:49 - 00000000 ____D C:\Qoobox
2012-05-23 14:20 - 2012-05-23 20:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-23 14:20 - 2012-05-23 14:20 - 00000000 ____D C:\Users\JKAD\AppData\Roaming\Malwarebytes
2012-05-23 14:20 - 2012-05-23 14:20 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-22 15:47 - 2012-05-23 20:30 - 00000000 ____D C:\Users\JKAD\Downloads\Autoruns
2012-05-22 15:47 - 2012-05-22 15:47 - 00535772 ____A C:\Users\JKAD\Downloads\Autoruns.zip
2012-05-22 14:44 - 2012-05-22 14:44 - 00262144 ____A C:\Windows\Minidump\052212-11341-01.dmp
2012-05-22 14:20 - 2012-05-22 14:20 - 00262144 ____A C:\Windows\Minidump\052212-10576-01.dmp
2012-05-22 14:13 - 2012-05-23 20:30 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-05-22 14:04 - 2012-05-22 14:04 - 00262144 ____A C:\Windows\Minidump\052212-11310-01.dmp
2012-05-22 07:57 - 2012-05-22 07:57 - 00262144 ____A C:\Windows\Minidump\052212-13884-01.dmp
2012-05-22 06:43 - 2012-05-22 06:43 - 00262144 ____A C:\Windows\Minidump\052212-11232-01.dmp
2012-05-21 06:51 - 2012-05-21 06:51 - 00262144 ____A C:\Windows\Minidump\052112-12823-01.dmp
2012-05-18 18:38 - 2012-05-18 18:38 - 00262144 ____A C:\Windows\Minidump\051812-10514-01.dmp
2012-05-17 07:06 - 2012-05-17 07:11 - 00000000 ____D C:\Users\JKAD\Documents\WebCam Media
2012-05-17 07:02 - 2012-05-17 07:06 - 00000000 ____D C:\Users\JKAD\AppData\Roaming\ArcSoft
2012-05-17 07:02 - 2012-05-17 07:02 - 00000000 ____D C:\Users\JKAD\AppData\Local\ArcSoft
2012-05-17 07:00 - 2012-05-17 07:00 - 00000000 ____D C:\Users\JKAD\AppData\Local\Evernote
2012-05-17 06:40 - 2012-05-17 06:40 - 00262144 ____A C:\Windows\Minidump\051712-10202-01.dmp
2012-05-15 16:27 - 2012-05-15 16:27 - 00262144 ____A C:\Windows\Minidump\051512-10623-01.dmp
2012-05-15 15:04 - 2012-05-15 15:04 - 00266288 ____A C:\Windows\Minidump\051512-12885-01.dmp
2012-05-15 12:09 - 2012-05-15 12:09 - 00262144 ____A C:\Windows\Minidump\051512-12199-01.dmp
2012-05-15 12:06 - 2012-05-15 12:06 - 00262144 ____A C:\Windows\Minidump\051512-11856-01.dmp
2012-05-12 18:32 - 2012-05-12 18:32 - 00262144 ____A C:\Windows\Minidump\051212-11403-01.dmp
2012-05-12 16:14 - 2012-05-12 16:14 - 00262144 ____A C:\Windows\Minidump\051212-14991-01.dmp
2012-05-09 13:14 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-09 13:14 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-09 13:14 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 13:14 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 13:06 - 2012-05-09 13:06 - 00262144 ____A C:\Windows\Minidump\050912-12963-01.dmp

============ 3 Months Modified Files and Folders =============

2012-06-08 19:05 - 2012-06-08 19:05 - 00000000 ____D C:\FRST
2012-06-07 21:06 - 2012-05-26 19:11 - 00000000 ____D C:\Program Files (x86)\Diablo III
2012-06-07 21:06 - 2012-02-25 08:59 - 00000000 ____D C:\users\JKAD
2012-06-07 21:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2012-06-07 21:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-07 21:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-04 23:00 - 2012-04-26 03:33 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-04 23:00 - 2012-02-06 22:03 - 01863984 ____A C:\Windows\WindowsUpdate.log
2012-06-04 18:10 - 2012-04-26 03:33 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-04 18:10 - 2009-07-13 20:51 - 00054597 ____A C:\Windows\setupact.log
2012-06-04 08:07 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-04 08:07 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-04 08:05 - 2009-07-13 21:13 - 00796230 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-04 08:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-29 21:05 - 2012-04-26 15:49 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-05-29 21:02 - 2012-03-01 18:02 - 00000000 ____D C:\Users\JKAD\AppData\Local\Apple Computer
2012-05-29 17:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-05-27 14:55 - 2012-04-26 05:17 - 00000000 ____D C:\Users\JKAD\AppData\Local\ElevatedDiagnostics
2012-05-27 14:39 - 2011-12-16 19:53 - 00000000 ____D C:\Users\All Users\iolo
2012-05-27 14:38 - 2012-05-27 14:38 - 00000000 ____D C:\Users\JKAD\AppData\Roaming\iolo
2012-05-27 14:36 - 2012-02-25 12:46 - 00000021 ____A C:\Windows\Model.txt
2012-05-27 14:36 - 2012-02-25 12:46 - 00000000 ____A C:\Windows\Model.log
2012-05-27 14:10 - 2012-04-26 03:33 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-05-27 14:10 - 2010-11-20 19:47 - 00035422 ____A C:\Windows\PFRO.log
2012-05-27 13:44 - 2012-05-27 13:44 - 00262144 ____A C:\Windows\Minidump\052712-12214-01.dmp
2012-05-27 13:44 - 2012-03-24 18:58 - 613010927 ____A C:\Windows\MEMORY.DMP
2012-05-27 13:44 - 2012-03-24 18:58 - 00000000 ____D C:\Windows\Minidump
2012-05-26 20:16 - 2012-05-26 20:16 - 00262144 ____A C:\Windows\Minidump\052712-11263-01.dmp
2012-05-26 20:08 - 2012-05-26 20:08 - 00000000 ____D C:\Users\JKAD\Documents\Diablo III
2012-05-26 19:49 - 2012-05-26 19:11 - 00001193 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-26 19:49 - 2012-05-26 19:11 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-26 19:09 - 2012-05-26 19:09 - 00262144 ____A C:\Windows\Minidump\052612-18236-01.dmp
2012-05-26 19:02 - 2012-05-26 19:02 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment.temp
2012-05-26 19:02 - 2012-05-26 19:02 - 00000000 ____D C:\Program Files (x86)\Diablo III.temp
2012-05-26 19:02 - 2012-05-26 19:02 - 00000000 ____A C:\Users\Public\Desktop\Diablo III.lnk.temp
2012-05-26 19:00 - 2012-05-26 19:00 - 00000000 ____D C:\Users\All Users\Battle.net
2012-05-24 23:02 - 2012-04-26 03:35 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-24 16:31 - 2012-05-23 16:49 - 00000000 ___SD C:\ComboFix
2012-05-24 12:41 - 2012-05-24 12:41 - 00262144 ____A C:\Windows\Minidump\052412-11840-01.dmp
2012-05-24 12:32 - 2012-04-26 03:33 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-05-23 20:30 - 2012-05-23 14:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-23 20:30 - 2012-05-22 15:47 - 00000000 ____D C:\Users\JKAD\Downloads\Autoruns
2012-05-23 20:30 - 2012-05-22 14:13 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2012-05-23 20:30 - 2012-02-25 09:14 - 00000000 ____D C:\Users\JKAD\AppData\Roaming\Adobe
2012-05-23 20:30 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-05-23 20:29 - 2012-02-25 08:59 - 00000000 ____D C:\Users\JKAD\AppData\LocalLow
2012-05-23 16:49 - 2012-05-23 16:10 - 00000000 ____D C:\Windows\ERDNT
2012-05-23 16:49 - 2012-05-23 16:08 - 00000000 ____D C:\Qoobox
2012-05-23 16:41 - 2012-02-25 12:45 - 00000000 ____D C:\Update
2012-05-23 16:32 - 2009-07-13 21:08 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-23 14:20 - 2012-05-23 14:20 - 00000000 ____D C:\Users\JKAD\AppData\Roaming\Malwarebytes
2012-05-23 14:20 - 2012-05-23 14:20 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-05-22 15:55 - 2012-04-26 12:03 - 00590778 ____A C:\Windows\ntbtlog.txt
2012-05-22 15:47 - 2012-05-22 15:47 - 00535772 ____A C:\Users\JKAD\Downloads\Autoruns.zip
2012-05-22 14:44 - 2012-05-22 14:44 - 00262144 ____A C:\Windows\Minidump\052212-11341-01.dmp
2012-05-22 14:20 - 2012-05-22 14:20 - 00262144 ____A C:\Windows\Minidump\052212-10576-01.dmp
2012-05-22 14:04 - 2012-05-22 14:04 - 00262144 ____A C:\Windows\Minidump\052212-11310-01.dmp
2012-05-22 07:57 - 2012-05-22 07:57 - 00262144 ____A C:\Windows\Minidump\052212-13884-01.dmp
2012-05-22 06:43 - 2012-05-22 06:43 - 00262144 ____A C:\Windows\Minidump\052212-11232-01.dmp
2012-05-21 06:51 - 2012-05-21 06:51 - 00262144 ____A C:\Windows\Minidump\052112-12823-01.dmp
2012-05-18 18:38 - 2012-05-18 18:38 - 00262144 ____A C:\Windows\Minidump\051812-10514-01.dmp
2012-05-18 18:31 - 2012-02-26 06:51 - 00000000 ____D C:\Users\JKAD\AppData\Local\CrashDumps
2012-05-17 07:11 - 2012-05-17 07:06 - 00000000 ____D C:\Users\JKAD\Documents\WebCam Media
2012-05-17 07:06 - 2012-05-17 07:02 - 00000000 ____D C:\Users\JKAD\AppData\Roaming\ArcSoft
2012-05-17 07:06 - 2011-12-16 19:22 - 00000000 ___HD C:\Users\All Users\ArcSoft
2012-05-17 07:02 - 2012-05-17 07:02 - 00000000 ____D C:\Users\JKAD\AppData\Local\ArcSoft
2012-05-17 07:00 - 2012-05-17 07:00 - 00000000 ____D C:\Users\JKAD\AppData\Local\Evernote
2012-05-17 06:40 - 2012-05-17 06:40 - 00262144 ____A C:\Windows\Minidump\051712-10202-01.dmp
2012-05-16 16:39 - 2012-03-19 09:14 - 00000000 ____D C:\Users\JKAD\AppData\Local\Windows Live
2012-05-15 16:27 - 2012-05-15 16:27 - 00262144 ____A C:\Windows\Minidump\051512-10623-01.dmp
2012-05-15 15:04 - 2012-05-15 15:04 - 00266288 ____A C:\Windows\Minidump\051512-12885-01.dmp
2012-05-15 12:09 - 2012-05-15 12:09 - 00262144 ____A C:\Windows\Minidump\051512-12199-01.dmp
2012-05-15 12:06 - 2012-05-15 12:06 - 00262144 ____A C:\Windows\Minidump\051512-11856-01.dmp
2012-05-12 18:32 - 2012-05-12 18:32 - 00262144 ____A C:\Windows\Minidump\051212-11403-01.dmp
2012-05-12 16:14 - 2012-05-12 16:14 - 00262144 ____A C:\Windows\Minidump\051212-14991-01.dmp
2012-05-09 23:23 - 2011-12-16 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 23:08 - 2012-04-14 23:02 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-05-09 23:06 - 2012-03-03 11:16 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 23:06 - 2012-02-26 19:36 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-09 23:00 - 2011-10-20 13:31 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 13:06 - 2012-05-09 13:06 - 00262144 ____A C:\Windows\Minidump\050912-12963-01.dmp
2012-05-07 23:06 - 2012-05-07 23:06 - 00065536 __ASH C:\Windows\System32\config\components{ed573266-98db-11e1-be9c-642737ca5f72}.TxR.blf
2012-05-07 03:02 - 2012-02-25 12:50 - 00000000 ____D C:\Users\JKAD\AppData\Local\OakTree_Digital
2012-05-06 23:07 - 2012-05-06 23:07 - 00065536 __ASH C:\Windows\System32\config\components{c123aee6-9812-11e1-bbde-642737ca5f72}.TxR.blf
2012-05-06 03:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-05 23:07 - 2012-05-05 23:07 - 00065536 __ASH C:\Windows\System32\config\components{991c48e6-9749-11e1-bb71-642737ca5f72}.TxR.blf
2012-05-04 17:22 - 2012-05-04 17:22 - 00262144 ____A C:\Windows\Minidump\050412-11138-02.dmp
2012-05-04 03:28 - 2012-05-04 03:28 - 00262144 ____A C:\Windows\Minidump\050412-11138-01.dmp
2012-05-04 02:52 - 2012-05-04 02:52 - 00262144 ____A C:\Windows\Minidump\050412-13166-01.dmp
2012-05-03 18:36 - 2012-03-10 21:14 - 00000000 ____D C:\Users\JKAD\AppData\Local\PMB Files
2012-05-03 07:21 - 2012-03-10 21:14 - 00000000 ____D C:\Users\All Users\PMB Files
2012-05-03 05:56 - 2012-05-03 05:56 - 00262144 ____A C:\Windows\Minidump\050312-11294-01.dmp
2012-05-03 02:31 - 2012-05-03 02:31 - 00262144 ____A C:\Windows\Minidump\050312-10701-01.dmp
2012-05-03 02:25 - 2012-05-03 02:25 - 00065536 __ASH C:\Windows\System32\config\components{dd210b19-9509-11e1-b6ed-642737ca5f72}.TxR.blf
2012-05-02 23:00 - 2012-05-02 23:00 - 00065536 __ASH C:\Windows\System32\config\components{02a5fba7-93c8-11e1-be12-642737ca5f72}.TxR.blf
2012-05-02 08:40 - 2012-05-02 08:40 - 00262144 ____A C:\Windows\Minidump\050212-10374-01.dmp
2012-05-01 11:58 - 2012-05-01 11:58 - 00262144 ____A C:\Windows\Minidump\050112-10389-01.dmp
2012-05-01 05:44 - 2012-05-01 05:44 - 00262144 ____A C:\Windows\Minidump\050112-10810-01.dmp
2012-04-30 19:27 - 2012-04-30 19:27 - 00065536 __ASH C:\Windows\System32\config\components{94711438-92b5-11e1-bc70-642737ca5f72}.TxR.blf
2012-04-30 04:19 - 2012-03-28 12:45 - 00009277 ____A C:\test.xml
2012-04-30 03:14 - 2012-04-30 03:14 - 00262144 ____A C:\Windows\Minidump\043012-12027-01.dmp
2012-04-29 23:07 - 2012-04-29 23:07 - 00065536 __ASH C:\Windows\System32\config\components{9fff1366-9292-11e1-bc6a-642737ca5f72}.TxR.blf
2012-04-27 23:06 - 2012-04-27 23:06 - 00065536 __ASH C:\Windows\System32\config\components{423ac1e5-9100-11e1-bb25-642737ca5f72}.TxR.blf
2012-04-27 20:02 - 2012-04-27 20:02 - 03993600 ____A C:\Program Files (x86)\GUTAE4F.tmp
2012-04-27 03:02 - 2012-04-26 03:33 - 00000000 ____D C:\Program Files\AVAST Software
2012-04-26 23:07 - 2012-04-26 23:07 - 00065536 __ASH C:\Windows\System32\config\components{169fd4e5-9037-11e1-a182-642737ca5f72}.TxR.blf
2012-04-26 20:07 - 2012-04-26 20:07 - 00065536 __ASH C:\Windows\System32\config\components{bc3552f0-8ffb-11e1-a160-642737ca5f72}.TxR.blf
2012-04-26 15:21 - 2012-04-26 15:21 - 00065536 __ASH C:\Windows\System32\config\components{f95303e6-8f6d-11e1-bfa1-642737ca5f72}.TxR.blf
2012-04-26 14:15 - 2012-04-26 14:15 - 00002052 ____A C:\Windows\epplauncher.mif
2012-04-26 12:04 - 2012-04-26 12:03 - 00262144 ____A C:\Windows\Minidump\042612-8455-01.dmp
2012-04-26 05:59 - 2012-02-25 09:05 - 00000000 ____D C:\Users\JKAD\AppData\Local\Deployment
2012-04-26 05:08 - 2012-04-26 05:08 - 00262144 ____A C:\Windows\Minidump\042612-13431-01.dmp
2012-04-26 05:04 - 2012-04-26 05:04 - 00262144 ____A C:\Windows\Minidump\042612-15428-01.dmp
2012-04-26 03:50 - 2012-04-26 03:50 - 00262144 ____A C:\Windows\Minidump\042612-11107-01.dmp
2012-04-26 03:39 - 2012-04-26 03:39 - 00262144 ____A C:\Windows\Minidump\042612-14695-01.dmp
2012-04-26 03:38 - 2012-04-26 03:38 - 00000000 ____D C:\Program Files (x86)\GUMB366.tmp
2012-04-26 03:38 - 2012-04-26 03:38 - 00000000 ____A C:\Program Files (x86)\GUTB367.tmp
2012-04-26 03:36 - 2012-04-26 03:33 - 00000000 ____D C:\Users\JKAD\AppData\Local\Google
2012-04-26 03:35 - 2012-04-26 03:33 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-26 03:02 - 2011-12-16 19:51 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2012-04-26 03:02 - 2011-12-16 19:51 - 00000000 ____D C:\Users\All Users\Norton
2012-04-21 23:07 - 2012-04-21 23:07 - 00065536 __ASH C:\Windows\System32\config\components{52a6f469-8c49-11e1-8966-642737ca5f72}.TxR.blf
2012-04-20 16:28 - 2012-04-20 16:28 - 00065536 __ASH C:\Windows\System32\config\components{97b6e7e9-8924-11e1-bbe8-642737ca5f72}.TxR.blf
2012-04-17 15:22 - 2012-04-17 15:22 - 00000000 ____D C:\9cb74dfc5809bfc26974c44db7
2012-04-12 17:16 - 2012-04-12 17:16 - 00065536 __ASH C:\Windows\System32\config\components{cdfbfdf7-8505-11e1-bff3-642737ca5f72}.TxR.blf
2012-04-11 04:46 - 2012-04-11 04:46 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-11 04:46 - 2012-04-11 04:46 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-11 04:46 - 2012-04-11 04:44 - 00000000 ____D C:\712e8aa19e27c6902815
2012-04-11 04:43 - 2012-04-11 04:43 - 00065536 __ASH C:\Windows\System32\config\components{82493777-83d3-11e1-99b2-642737ca5f72}.TxR.blf
2012-04-10 14:31 - 2012-04-10 14:31 - 00023937 ____A C:\Users\JKAD\Downloads\Test Review _4.pdf
2012-04-10 10:11 - 2012-04-10 10:11 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{5bd16779-5ff2-11e1-a518-642737ca5f72}.TxR.blf
2012-04-02 06:53 - 2012-03-25 18:57 - 00080896 ____A C:\Users\JKAD\Downloads\psych paper - notes.wps
2012-03-31 10:31 - 2012-03-31 10:31 - 00000162 ___AH C:\Users\JKAD\Downloads\~$ych paper - notes.wps
2012-03-30 03:35 - 2012-05-09 13:14 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 23:02 - 2012-04-26 14:08 - 55154568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-03-28 11:39 - 2011-12-16 19:51 - 00002501 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-03-26 18:25 - 2011-12-16 19:51 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-03-26 18:25 - 2011-12-16 19:51 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-03-26 18:25 - 2011-12-16 19:51 - 00000854 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-03-26 18:25 - 2011-12-16 19:51 - 00000000 ____D C:\Program Files\Symantec
2012-03-25 18:53 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-03-24 18:58 - 2012-03-24 18:58 - 00262144 ____A C:\Windows\Minidump\032412-11980-01.dmp
2012-03-19 09:14 - 2012-03-19 09:14 - 00000000 ____D C:\Users\JKAD\Tracing
2012-03-19 09:14 - 2012-03-19 09:14 - 00000000 ____D C:\Users\JKAD\AppData\Local\{C93F5529-C841-4A63-B89D-407CCA093D13}
2012-03-19 09:14 - 2012-03-19 09:14 - 00000000 ____D C:\Users\JKAD\AppData\Local\{7ED7BE78-7ECB-49C2-83F3-B6425D2F083A}
2012-03-17 17:04 - 2012-03-17 17:04 - 00014722 ____A C:\Users\JKAD\Desktop\hs_err_pid8708.log
2012-03-16 23:58 - 2012-05-09 13:14 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-14 23:23 - 2012-03-14 23:23 - 00000000 __HDC C:\Users\All Users\{F974CC36-BF25-4374-A035-B0A9DA79E735}
2012-03-14 23:23 - 2011-12-16 18:42 - 00000000 ____D C:\Users\All Users\DDNi
2012-03-14 23:23 - 2011-12-16 18:42 - 00000000 ____D C:\Program Files (x86)\DDNi
2012-03-14 23:18 - 2009-07-13 20:45 - 00375040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-11 06:51 - 2012-03-11 06:51 - 00000000 ____D C:\Program Files\Common Files\INCA Shared

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8107.86 MB
Available physical RAM: 7324.96 MB
Total Pagefile: 8106.06 MB
Available Pagefile: 7311.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:684.79 GB) (Free:600.91 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:13.75 GB) (Free:1.08 GB) NTFS
4 Drive g: (USB DISK) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 7667 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 684 GB 13 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 13 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 684 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7662 MB 5100 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB DISK FAT32 Removable 7662 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-05-29 04:24

======================= End Of Log ==========================

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:27 AM

Posted 08 June 2012 - 09:05 PM

Download the enclosed file: [attachment=124836:fixlist.txt]

Save it next to FRST in the USB drive. Run FRST as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If successful, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 jkad

jkad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 June 2012 - 10:25 PM

FRST fix allowed me to boot. thank you.

i could not download combofix from the first link, gave some error about dos, and the screen was a wall of text. second link allowed me to. saved to deckstop and ran it. it did it's thing, rebooted my machine, i waited until the log popped up, copied it, but now i can't open internet explorer. i also can't open the combofix log via notepad. will try to manually move it to my usb/flash drive... which oddly enough has become drive D? should i have taken that out before running combo fix?

when i try opening internet explorer I get ths error: C:\program files (x86)\Internet Explorer\iexplorer.exe Illegal operation attempted on a registry key that has been marked for deletion. I click ok and window opens saying it can't open this item. it might have been moved, renamed, or deleted. do you want to remove this item? I clicked no.

same error for opening combofix log.

it let me move it to my usb/flash drive. here is the log I see it says norton and windows defender running. I apologize for that did not see them running in the task menu:

ComboFix 12-06-08.02 - JKAD 06/08/2012 22:58:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8108.6173 [GMT -4:00]
Running from: c:\users\JKAD\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JKAD\AppData\Local\Apple Computer\Adobe\cutfvdw.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 03:05 . 2012-06-09 03:05 -------- d-----w- C:\FRST
2012-06-09 03:02 . 2012-06-09 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 02:54 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A934F55-DA3B-4941-8577-DF271760963B}\mpengine.dll
2012-06-07 14:15 . 2012-06-07 14:15 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\A9C9.tmp
2012-06-07 14:15 . 2012-06-07 14:15 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\A9B8.tmp
2012-06-05 11:21 . 2012-06-05 11:21 129024 ----a-w- c:\programdata\Microsoft\Windows\DRM\50D3.tmp.dat
2012-05-27 22:38 . 2012-05-27 22:38 -------- d-----w- c:\users\JKAD\AppData\Roaming\iolo
2012-05-27 03:11 . 2012-06-08 05:06 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-27 03:11 . 2012-05-27 03:49 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-27 03:11 . 2012-05-27 03:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-27 03:00 . 2012-05-27 03:00 -------- d-----w- c:\programdata\Battle.net
2012-05-23 22:20 . 2012-05-23 22:20 -------- d-----w- c:\users\JKAD\AppData\Roaming\Malwarebytes
2012-05-23 22:20 . 2012-05-24 04:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-23 22:20 . 2012-05-23 22:20 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 22:13 . 2012-05-24 04:30 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-05-17 15:02 . 2012-05-17 15:02 -------- d-----w- c:\users\JKAD\AppData\Local\ArcSoft
2012-05-17 15:02 . 2012-05-17 15:06 -------- d-----w- c:\users\JKAD\AppData\Roaming\ArcSoft
2012-05-17 15:00 . 2012-05-17 15:00 -------- d-----w- c:\users\JKAD\AppData\Local\Evernote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 04:02 . 2012-04-28 04:02 3993600 ----a-w- c:\program files (x86)\GUTAE4F.tmp
2012-04-26 11:38 . 2012-04-26 11:38 0 ----a-w- c:\program files (x86)\GUTB367.tmp
2012-03-30 11:35 . 2012-05-09 21:14 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-27 02:25 . 2011-12-17 03:51 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-17 07:58 . 2012-05-09 21:14 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlayNC Launcher"="" [BU]
"Adobe"="c:\users\JKAD\AppData\Local\Apple Computer\Adobe\cutfvdw.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-11 343168]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-21 60552]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-11-28 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-25 651832]
"PCTD Service Activation"="c:\program files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" [2010-12-02 28597760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\JKAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-9-22 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/12/16 19:25;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-09-27 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-08-26 260768]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-27 2656536]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176]
R2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-07-13 82544]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-08-25 111776]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-09-01 894624]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-09 549408]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-10-30 54432]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-28 1245800]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-02-16 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120303.003\IDSvia64.sys [2012-02-24 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]
S2 DMAgent;IntelŪ PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-24 2413056]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-25 430136]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-01-12 960152]
S2 WiMAXAppSrv;IntelŪ PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-26 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 11:33]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-16 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}"=hex:51,66,7a,6c,4c,1d,38,12,49,d2,2f,
c2,f9,ef,27,08,db,e1,95,b8,8f,cf,3f,f2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:24,c5,76,40,7c,1d,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-06-08 23:04:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 03:04
ComboFix2.txt 2012-05-24 00:19
.
Pre-Run: 644,546,789,376 bytes free
Post-Run: 644,810,940,416 bytes free
.
- - End Of File - - 4B7E4185E21DE7C97C0C8B59BB4B13CC

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:27 AM

Posted 08 June 2012 - 10:46 PM

See if the error continues after a restart.

If successful, download the enclosed file: [attachment=124842:CFScript.txt]

Save it next to Combofix.

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Lets check for remnants:

Malwarebytes' Anti-Malware

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 jkad

jkad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 June 2012 - 10:51 PM

just quick update, restarted and can successfully run IE now. upon restart, before my login screen covered it there was a emssage saying something about failure to to isntall or update windows, at 35%.

performing the other tasks as we speak.

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:27 AM

Posted 08 June 2012 - 11:00 PM

We will deal with Windows Updates once the computer is clear of malware.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 jkad

jkad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 June 2012 - 11:07 PM

combo fix:

ComboFix 12-06-08.02 - JKAD 06/08/2012 23:54:50.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8108.6348 [GMT -4:00]
Running from: c:\users\JKAD\Desktop\ComboFix.exe
Command switches used :: c:\users\JKAD\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 03:58 . 2012-06-09 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 03:05 . 2012-06-09 03:05 -------- d-----w- C:\FRST
2012-06-09 02:54 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A934F55-DA3B-4941-8577-DF271760963B}\mpengine.dll
2012-06-07 14:15 . 2012-06-07 14:15 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\A9C9.tmp
2012-06-07 14:15 . 2012-06-07 14:15 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\A9B8.tmp
2012-06-05 11:21 . 2012-06-05 11:21 129024 ----a-w- c:\programdata\Microsoft\Windows\DRM\50D3.tmp.dat
2012-05-27 22:38 . 2012-05-27 22:38 -------- d-----w- c:\users\JKAD\AppData\Roaming\iolo
2012-05-27 03:11 . 2012-06-08 05:06 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-27 03:11 . 2012-05-27 03:49 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-05-27 03:11 . 2012-05-27 03:49 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-27 03:00 . 2012-05-27 03:00 -------- d-----w- c:\programdata\Battle.net
2012-05-23 22:20 . 2012-05-23 22:20 -------- d-----w- c:\users\JKAD\AppData\Roaming\Malwarebytes
2012-05-23 22:20 . 2012-05-24 04:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-23 22:20 . 2012-05-23 22:20 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 22:13 . 2012-05-24 04:30 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-05-17 15:02 . 2012-05-17 15:02 -------- d-----w- c:\users\JKAD\AppData\Local\ArcSoft
2012-05-17 15:02 . 2012-05-17 15:06 -------- d-----w- c:\users\JKAD\AppData\Roaming\ArcSoft
2012-05-17 15:00 . 2012-05-17 15:00 -------- d-----w- c:\users\JKAD\AppData\Local\Evernote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 04:02 . 2012-04-28 04:02 3993600 ----a-w- c:\program files (x86)\GUTAE4F.tmp
2012-04-26 11:38 . 2012-04-26 11:38 0 ----a-w- c:\program files (x86)\GUTB367.tmp
2012-03-30 11:35 . 2012-05-09 21:14 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-27 02:25 . 2011-12-17 03:51 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-17 07:58 . 2012-05-09 21:14 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_03.03.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-09 03:50 52398 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-09 03:50 40556 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-17 01:51 . 2012-06-09 03:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-17 01:51 . 2012-06-09 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-17 01:51 . 2012-06-09 03:48 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-17 01:51 . 2012-06-09 03:03 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-09 03:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-09 03:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-09 03:10 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-25 17:01 . 2012-06-09 03:50 9098 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1932921906-4155089045-1241038309-1000_UserData.bin
+ 2012-06-09 03:48 . 2012-06-09 03:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-09 03:48 . 2012-06-09 03:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-09 03:03 . 2012-06-09 03:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-09 02:55 672950 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-09 03:52 672950 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-09 03:52 125618 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-09 02:55 125618 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-09 03:47 351892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-09 03:02 351892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-25 17:15 . 2012-06-09 03:47 5562860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1932921906-4155089045-1241038309-1000-8192.dat
- 2012-02-25 17:15 . 2012-06-09 03:02 5562860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1932921906-4155089045-1241038309-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-11 343168]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-21 60552]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-11-28 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-25 651832]
"PCTD Service Activation"="c:\program files (x86)\OakTree\PCTDServiceActivation\PCTDServiceActivation.exe" [2010-12-02 28597760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\JKAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-9-22 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/12/16 19:25;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-09-27 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-08-25 111776]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-09-01 894624]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-09 549408]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-10-30 54432]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-02-16 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120303.003\IDSvia64.sys [2012-02-24 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]
S2 DMAgent;IntelŪ PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-24 2413056]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-25 430136]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-08-26 260768]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-27 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-07-13 82544]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-01-12 960152]
S2 WiMAXAppSrv;IntelŪ PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-26 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-10-28 1245800]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 11:33]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-16 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}"=hex:51,66,7a,6c,4c,1d,38,12,49,d2,2f,
c2,f9,ef,27,08,db,e1,95,b8,8f,cf,3f,f2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:24,c5,76,40,7c,1d,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-08 23:59:48
ComboFix-quarantined-files.txt 2012-06-09 03:59
ComboFix2.txt 2012-06-09 03:04
ComboFix3.txt 2012-05-24 00:19
.
Pre-Run: 644,522,962,944 bytes free
Post-Run: 644,475,199,488 bytes free
.
- - End Of File - - 6F6BC1474BB071BB94665C3FBF725E5A


doing mbam now. i apologize if you wanted them all in one post, but this is much easier for me.

#14 jkad

jkad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 June 2012 - 11:18 PM

here is mbam:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JKAD :: JKAD-VAIO [administrator]

6/9/2012 12:11:26 AM
mbam-log-2012-06-09 (00-11-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209626
Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\JKAD\AppData\Roaming\Adobe\Adobe\sgpeue.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

(end)

#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:27 AM

Posted 08 June 2012 - 11:22 PM

Eset SCanner comming up?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users