Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help witn Atraps.gen2! No windows firewall :(


  • This topic is locked This topic is locked
22 replies to this topic

#1 Aduren

Aduren

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 30 June 2012 - 10:34 AM

Well i got infected with Gen.2 and i have avira free anti-virus.

SO what I did a scan but avira could not delete any of the infected files, so I downloaded malwarebytes and combofix and restarted the computer in safe mode with network enabled.

I ran all 3 scans, avira deleted some, malwarebytes some, and combofix some. However when i restarted the computer I looked for the files combo fix had deleted and found them, so i restarted in safe mode (now that i knew where they were) and deleted them.

I restarted the computer again in regular mode and gave me 2 .dll errors c:\users\ThePedro\AppData\Roaming\nhlhon.dll and c:\users\ThePedro\AppData\Roaming\ondeg.dll. SO started msconfig and stop them from running, and went to those folders but they were gone (deleted in safe mode).

I scan once more time with avira and said my computer was clean, however i cannot start windows firewall which i'm assuming is a root kit. I am trying toa void a fresh clean, windows repair? But since you guys are the experts i am trusting myself to you guys.

Thank you!!!


DDS------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ThePedro at 10:25:17 on 2012-06-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8087.5333 [GMT -5:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\lxeccoms.exe
C:\Windows\system32\conhost.exe
c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
C:\Program Files (x86)\Polar\Daemon\polard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://AlienwareArena.com
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\POLARW~1.LNK - C:\Program Files (x86)\Polar\WebSync\WebSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3017B242-FE76-411F-B72D-CBB43544CB03} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{98DDC1D2-F5E7-407A-8CBB-4DA27F169E34} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ThePedro\AppData\Roaming\Mozilla\Firefox\Profiles\67qsmq1o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\ThePedro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-30 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-12-15 14664]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-15 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-15 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-6-15 8192]
R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
R2 MSI_ODD_Service;MSI_ODD_Service;C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-4 76800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-15 1262400]
R2 Polar Daemon;Polar Daemon;C:\Program Files (x86)\Polar\Daemon\polard.exe [2012-4-2 411648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NTIOLib_X64;NTIOLib_X64;C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-1-18 14136]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\system32\DRIVERS\rusb3hub.sys --> C:\Windows\system32\DRIVERS\rusb3hub.sys [?]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\system32\DRIVERS\rusb3xhc.sys --> C:\Windows\system32\DRIVERS\rusb3xhc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-26 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-15 257696]
S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-26 116648]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-15 113120]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
.
=============== Created Last 30 ================
.
2012-06-29 02:47:50 -------- d-----w- C:\ProgramData\ChessBase
2012-06-29 02:46:22 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\ChessBase
2012-06-27 22:37:37 -------- d-----w- C:\Users\ThePedro\AppData\Local\Aspyr
2012-06-27 21:30:59 -------- d-----w- C:\Program Files (x86)\Aspyr
2012-06-27 18:33:06 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-27 18:23:33 98816 ----a-w- C:\Windows\sed.exe
2012-06-27 18:23:33 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-27 18:23:33 256000 ----a-w- C:\Windows\PEV.exe
2012-06-27 18:23:33 208896 ----a-w- C:\Windows\MBR.exe
2012-06-27 15:11:53 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\Malwarebytes
2012-06-27 15:11:47 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-27 13:43:31 -------- d-----w- C:\Windows\pss
2012-06-27 11:16:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-27 11:03:44 -------- d-----w- C:\Program Files (x86)\2K Games
2012-06-27 11:02:42 -------- d-----w- C:\Users\ThePedro\AppData\Local\{9DC71EEF-C047-11E1-8270-B8AC6F996F26}
2012-06-27 11:02:42 -------- d-----w- C:\Users\ThePedro\AppData\Local\{9DC6EDBA-C047-11E1-8270-B8AC6F996F26}
2012-06-27 11:00:19 -------- d-----w- C:\Users\ThePedro\AppData\Local\ChessBase
2012-06-27 11:00:00 -------- d-----w- C:\Program Files (x86)\Common Files\ChessBase
2012-06-27 10:58:11 -------- d-----w- C:\Program Files (x86)\ChessBase
2012-06-27 10:49:54 -------- d-----w- C:\ProgramData\Media Center Programs
2012-06-25 02:56:54 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-06-24 22:14:37 -------- d-----w- C:\Program Files (x86)\Nero
2012-06-22 13:55:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 13:55:15 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 13:55:07 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 13:55:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 22:31:42 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-06-21 22:31:42 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-06-21 22:31:42 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-06-21 22:31:41 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-06-21 20:54:59 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\NVIDIA
2012-06-21 20:54:54 -------- d-sh--w- C:\ProgramData\DSS
2012-06-21 20:50:07 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-21 17:57:03 -------- d-----w- C:\Users\ThePedro\AppData\Local\Activision
2012-06-21 03:48:43 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-06-19 20:37:21 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\Day 1 Studios
2012-06-19 20:37:18 -------- d-----w- C:\Users\ThePedro\AppData\Local\SKIDROW
2012-06-19 20:29:40 -------- d-----w- C:\Program Files (x86)\WB Games
2012-06-19 17:13:35 -------- d-----w- C:\Windows\SysWow64\directx
2012-06-17 01:47:59 -------- d-----w- C:\Users\ThePedro\AppData\Local\Google
2012-06-16 20:02:49 -------- d-----w- C:\Program Files\AlienAutopsy
2012-06-16 20:00:51 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\PCDr
2012-06-16 20:00:09 -------- d-----w- C:\ProgramData\PCDr
2012-06-16 03:20:44 -------- d-----w- C:\Users\ThePedro\.swt
2012-06-16 03:20:42 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\Azureus
2012-06-16 03:20:31 -------- d-----w- C:\Program Files (x86)\Vuze
2012-06-16 03:20:29 -------- d-----w- C:\Program Files (x86)\Conduit
2012-06-16 03:20:28 -------- d-----w- C:\Users\ThePedro\AppData\Local\Conduit
2012-06-16 03:20:28 -------- d-----w- C:\Program Files (x86)\Vuze_Remote
2012-06-16 02:34:23 -------- d-----w- C:\Users\ThePedro\AppData\Local\Jaksta_Pty_Ltd
2012-06-16 02:21:14 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\Replay Media Catcher 4
2012-06-16 02:21:11 -------- d-----w- C:\Program Files\Applian Technologies
2012-06-16 02:03:16 -------- d-----w- C:\Windows\SysWow64\spool
2012-06-16 02:00:46 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2012-06-16 02:00:46 151552 ----a-w- C:\Windows\KMService.exe
2012-06-16 01:56:18 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-06-16 01:56:02 -------- d-----w- C:\Windows\PCHEALTH
2012-06-16 01:56:02 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-06-16 01:54:42 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-06-16 01:54:11 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-06-16 01:53:49 -------- d-----w- C:\Users\ThePedro\AppData\Local\Microsoft Help
2012-06-16 01:48:58 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2012-06-16 01:13:27 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\Polar WebSync
2012-06-16 01:12:55 -------- d-----w- C:\Program Files (x86)\Polar
2012-06-16 01:10:23 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2012-06-16 01:10:23 82816 ----a-w- C:\Users\ThePedro\AppData\Roaming\pcouffin.sys
2012-06-16 01:10:20 -------- d-----w- C:\Program Files (x86)\DVDFab 8
2012-06-16 01:09:23 -------- d-----w- C:\Users\ThePedro\AppData\Local\Adobe
2012-06-16 01:09:03 21099 ----a-w- C:\Windows\SysWow64\AdobePDF.dll
2012-06-16 00:58:11 -------- d-----w- C:\Users\ThePedro\AppData\Local\Nero_AG
2012-06-16 00:58:10 -------- d-----w- C:\Users\ThePedro\AppData\Local\Nero
2012-06-15 21:40:20 -------- d-----w- C:\Users\ThePedro\AppData\Local\Macromedia
2012-06-15 21:40:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-15 21:07:32 -------- d-----w- C:\ProgramData\lx_Cats
2012-06-15 21:07:30 189440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxecdrpp.dll
2012-06-15 21:07:20 -------- d-----w- C:\Program Files\Lexmark Pro800-Pro900 Series
2012-06-15 21:06:42 -------- d-----w- C:\Program Files\Lexmark
2012-06-15 21:06:10 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\Logishrd
2012-06-15 21:02:12 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-06-15 21:02:12 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-06-15 21:02:11 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-06-15 21:02:11 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-06-15 21:02:10 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-15 21:02:10 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-15 21:02:09 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-15 21:02:09 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-06-15 21:02:01 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-15 21:01:41 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-15 21:01:41 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-15 21:01:39 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-15 21:01:39 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-15 21:01:38 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-15 21:01:38 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-15 21:01:38 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-15 21:01:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-15 21:00:01 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-06-15 20:27:18 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-06-15 20:27:18 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-06-15 20:27:17 -------- d-----w- C:\ProgramData\Avira
2012-06-15 20:27:17 -------- d-----w- C:\Program Files (x86)\Avira
2012-06-15 20:26:15 -------- d-----w- C:\Program Files (x86)\MozBackup
2012-06-15 20:11:59 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-15 20:09:26 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-15 20:09:25 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-15 20:02:44 -------- d-----w- C:\Users\ThePedro\AppData\Local\Dell
2012-06-15 20:02:04 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\Dell
2012-06-15 20:02:00 -------- d-----w- C:\Users\ThePedro\AppData\Roaming\Fingertapps
2012-06-15 20:01:39 -------- d-----w- C:\Users\ThePedro\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-06-22 16:35:03 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 20:58:56 1600064 ----a-w- C:\Windows\System32\drivers\ae1000w7.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:47 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 07:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-30 19:10:59 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-04-30 19:01:57 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2012-04-30 17:40:08 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-30 17:39:36 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 10:25:48.44 ===============

Edited by Aduren, 30 June 2012 - 07:06 PM.


BC AdBot (Login to Remove)

 


#2 Aduren

Aduren
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 30 June 2012 - 12:06 PM

IF you guys want to see the other logs let me know.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 01 July 2012 - 12:51 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Aduren

Aduren
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 01 July 2012 - 09:30 AM

Hello Gringo!!! Thank you so much for replying to me. I did what you asked and I posted the logs after my response to your questions.

Again thank you so much!

My computer is running I think fine, but since I was infected I want to make sure everything will be fine down the line (e-mail, banking, bills). I tried to run windows firewall but i encounter an error I can't (1) turn it on or off (2) select advance options etc.

My internet is a half second slower but this is maybe me and my paranoid self, I am not redirected to anything and Avira has not popped out and pointed viruses to me (like before). I have been monitoring my processes and computer resources and I do not have a spike in use nor are any "suspicious" resources to me been run.

Running the tools was not an issue though I did have to restart after the computer boot because of combofix since the "Illegal operation attempted on a registery key that has been marked for deletion," popped. But besides that there were no issues running the applications.

Like I said before I stopped from running on start up two processes nholn.dll and and ondeg.dll. I would like to find a way to delete them from registry or computer so I can have my computer start normally and not in "select" start up mode just because those two pesky left overs.

(1) nhlhon / command / C:\Windows\System 32\ rundll32.exe" "C:\Users\ThePedro\AppData\Roamind\nhlhon.dll", ,megSplitClose

(2) ondeg / command / rundll32.exe "C:\Users\ThePedro\AppData|Roaming\ondeg.dll", StrToUintA

Location for both was HKLM\spftware\microsoft\currentversion\run

----------------------Security Check log---------------------------------------------
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 7 Update 1
Java version out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

-------------------------------------Combo-Fix Log------------------------------------------------

ComboFix 12-07-01.03 - ThePedro 07/01/2012 9:03.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8087.6326 [GMT -5:00]
Running from: c:\users\ThePedro\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 14:06 . 2012-07-01 14:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-01 14:06 . 2012-07-01 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 14:13 . 2012-06-30 14:13 -------- d-----w- c:\windows\Sun
2012-06-29 02:47 . 2012-06-29 02:47 -------- d-----w- c:\programdata\ChessBase
2012-06-27 21:30 . 2012-06-27 21:30 -------- d-----w- c:\program files (x86)\Aspyr
2012-06-27 15:11 . 2012-06-27 15:11 -------- d-----w- c:\programdata\Malwarebytes
2012-06-27 11:16 . 2012-06-27 11:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-27 11:03 . 2012-06-27 11:03 -------- d-----w- c:\program files (x86)\2K Games
2012-06-27 11:00 . 2012-06-27 11:00 -------- d-----w- c:\program files (x86)\Common Files\ChessBase
2012-06-27 10:58 . 2012-06-27 10:59 -------- d-----w- c:\program files (x86)\ChessBase
2012-06-27 10:49 . 2012-06-27 10:49 -------- d-----w- c:\programdata\Media Center Programs
2012-06-27 10:46 . 2012-06-27 10:47 -------- d-----w- c:\program files (x86)\Ubisoft
2012-06-26 21:33 . 2012-06-26 21:33 -------- d-----w- c:\program files (x86)\Google
2012-06-25 02:56 . 2012-06-25 02:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-06-24 22:14 . 2012-06-24 22:15 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-24 22:14 . 2012-06-24 22:23 -------- d-----w- c:\program files (x86)\Nero
2012-06-22 13:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:55 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:55 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:55 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:55 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:55 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:31 . 2012-06-21 22:51 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-06-21 22:31 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-06-21 22:31 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-06-21 22:31 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-06-21 22:31 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-06-21 20:54 . 2012-06-21 20:54 -------- d-sh--w- c:\programdata\DSS
2012-06-21 20:50 . 2012-06-21 20:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-21 03:48 . 2012-06-27 14:52 -------- d-----w- c:\programdata\FLEXnet
2012-06-21 03:48 . 2012-06-21 03:48 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-06-19 20:29 . 2012-06-19 20:29 -------- d-----w- c:\program files (x86)\WB Games
2012-06-18 20:25 . 2012-06-18 20:25 -------- d-----w- c:\programdata\CyberLink
2012-06-16 20:02 . 2012-06-16 20:02 -------- d-----w- c:\program files\AlienAutopsy
2012-06-16 20:00 . 2012-06-16 20:00 -------- d-----w- c:\programdata\PCDr
2012-06-16 03:20 . 2012-06-16 03:20 -------- d-----w- c:\program files (x86)\Vuze
2012-06-16 03:20 . 2012-06-16 03:20 -------- d-----w- c:\program files (x86)\Conduit
2012-06-16 02:21 . 2012-06-16 02:21 -------- d-----w- c:\program files\Applian Technologies
2012-06-16 02:03 . 2012-06-16 02:03 -------- d-----w- c:\windows\SysWow64\spool
2012-06-16 02:00 . 2012-06-16 02:00 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-06-16 02:00 . 2012-06-16 02:00 151552 ----a-w- c:\windows\KMService.exe
2012-06-16 01:56 . 2012-06-16 01:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-06-16 01:56 . 2012-06-16 01:56 -------- d-----w- c:\windows\PCHEALTH
2012-06-16 01:56 . 2012-06-16 01:56 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-06-16 01:56 . 2012-06-16 01:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-06-16 01:54 . 2012-06-16 01:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-16 01:54 . 2012-06-16 01:54 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-16 01:53 . 2012-06-16 01:57 -------- d-----w- c:\programdata\Microsoft Help
2012-06-16 01:53 . 2012-06-16 01:53 -------- d-----r- C:\MSOCache
2012-06-16 01:48 . 2012-06-16 01:48 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2012-06-16 01:12 . 2012-06-16 01:13 -------- d-----w- c:\program files (x86)\Polar
2012-06-16 01:10 . 2012-06-16 01:10 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-06-16 01:10 . 2012-06-16 02:16 -------- d-----w- c:\program files (x86)\DVDFab 8
2012-06-16 01:09 . 2003-05-15 01:32 21099 ----a-w- c:\windows\SysWow64\AdobePDF.dll
2012-06-16 00:52 . 2012-06-16 00:52 -------- d-----w- c:\program files\7-Zip
2012-06-15 21:40 . 2012-06-22 16:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 21:07 . 2012-06-28 19:33 -------- d-----w- c:\programdata\lx_Cats
2012-06-15 21:07 . 2009-11-04 18:18 189440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxecdrpp.dll
2012-06-15 21:07 . 2012-06-15 21:07 -------- d-----w- c:\program files\Lexmark Pro800-Pro900 Series
2012-06-15 21:06 . 2012-06-15 21:06 -------- d-----w- c:\program files\Lexmark
2012-06-15 21:06 . 2012-06-18 22:50 -------- d-----w- c:\programdata\LogiShrd
2012-06-15 21:06 . 2012-06-15 21:06 -------- d-----w- c:\program files\Logitech
2012-06-15 21:06 . 2012-06-18 22:50 -------- d-----w- c:\program files\Common Files\Logishrd
2012-06-15 21:02 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-15 21:02 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-06-15 21:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-15 21:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-15 21:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-15 21:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-15 21:02 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-15 21:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-15 21:02 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-15 21:01 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-15 21:01 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-15 21:01 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-15 21:01 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-15 21:01 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 21:01 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-15 21:01 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-15 21:01 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-15 21:00 . 2012-06-15 21:00 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-15 20:27 . 2012-05-02 20:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-15 20:27 . 2012-04-27 15:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-15 20:27 . 2012-04-25 05:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-15 20:27 . 2012-06-15 20:27 -------- d-----w- c:\programdata\Avira
2012-06-15 20:27 . 2012-06-15 20:27 -------- d-----w- c:\program files (x86)\Avira
2012-06-15 20:26 . 2012-06-15 20:26 -------- d-----w- c:\program files (x86)\MozBackup
2012-06-15 20:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-15 20:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-15 20:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-15 20:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-15 20:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-15 20:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-15 20:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-15 20:14 . 2012-06-16 11:25 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-15 20:11 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-15 20:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-15 20:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-15 19:58 . 2012-06-16 03:20 -------- d-----w- c:\users\ThePedro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 16:35 . 2012-04-30 17:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 20:58 . 2011-06-08 15:41 1600064 ----a-w- c:\windows\system32\drivers\ae1000w7.sys
2012-05-15 10:48 . 2012-04-30 19:04 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-30 19:04 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-30 19:04 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-04-30 19:04 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-04-30 19:04 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-04-30 19:04 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-04-30 19:04 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-04-30 19:04 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-04-30 19:04 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-04-30 19:04 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2012-04-30 19:15 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-04-30 19:15 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2012-04-30 19:15 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-04-30 19:15 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2012-04-30 19:15 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-04-30 19:15 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-04-30 19:15 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-04-30 19:15 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-04-30 19:11 . 2012-04-30 19:11 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-04-30 19:11 . 2012-04-30 19:11 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-04-30 19:11 . 2012-04-30 19:11 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-04-30 19:11 . 2012-04-30 19:11 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-04-30 19:11 . 2012-04-30 19:11 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-04-30 19:11 . 2012-04-30 19:11 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-04-30 19:11 . 2012-04-30 19:11 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-04-30 19:11 . 2012-04-30 19:11 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-04-30 19:11 . 2012-04-30 19:11 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-04-30 19:11 . 2012-04-30 19:11 491520 ----a-w- c:\windows\system32\mssph.dll
2012-04-30 19:11 . 2012-04-30 19:11 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-30 19:11 . 2012-04-30 19:11 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-04-30 19:11 . 2012-04-30 19:11 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-04-30 19:11 . 2012-04-30 19:11 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-30 19:11 . 2012-04-30 19:11 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-04-30 19:11 . 2012-04-30 19:11 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-04-30 19:11 . 2012-04-30 19:11 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-04-30 19:11 . 2012-04-30 19:11 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-04-30 19:11 . 2012-04-30 19:11 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-04-30 19:11 . 2012-04-30 19:11 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-04-30 19:11 . 2012-04-30 19:11 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-04-30 19:11 . 2012-04-30 19:11 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-04-30 19:11 . 2012-04-30 19:11 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-04-30 19:11 . 2012-04-30 19:11 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-30 19:11 . 2012-04-30 19:11 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-30 19:11 . 2012-04-30 19:11 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-04-30 19:11 . 2012-04-30 19:11 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-30 19:11 . 2012-04-30 19:11 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-30 19:11 . 2012-04-30 19:11 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-04-30 19:11 . 2012-04-30 19:11 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-04-30 19:11 . 2012-04-30 19:11 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-04-30 19:11 . 2012-04-30 19:11 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-04-30 19:11 . 2012-04-30 19:11 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-04-30 19:11 . 2012-04-30 19:11 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-30 19:10 . 2012-04-30 19:10 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-30 19:10 . 2012-04-30 19:10 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-30 19:10 . 2012-04-30 19:10 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-30 19:10 . 2012-04-30 19:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-04-30 19:10 . 2012-04-30 19:10 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-04-30 19:10 . 2012-04-30 19:10 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-30 19:10 . 2012-04-30 19:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-04-30 19:10 . 2012-04-30 19:10 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-04-30 19:10 . 2012-04-30 19:10 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-04-30 19:10 . 2012-04-30 19:10 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-04-30 19:10 . 2012-04-30 19:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-04-30 19:10 . 2012-04-30 19:10 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-04-30 19:10 . 2012-04-30 19:10 2871808 ----a-w- c:\windows\explorer.exe
2012-04-30 19:10 . 2012-04-30 19:10 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-04-30 19:10 . 2012-04-30 19:10 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-04-30 19:10 . 2012-04-30 19:10 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-30 19:10 . 2012-04-30 19:10 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-04-30 19:10 . 2012-04-30 19:10 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-04-30 19:10 . 2012-04-30 19:10 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-30 19:10 . 2012-04-30 19:10 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-04-30 19:10 . 2012-04-30 19:10 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-04-30 19:10 . 2012-04-30 19:10 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-30 19:10 . 2012-04-30 19:10 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-04-30 19:10 . 2012-04-30 19:10 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-04-30 19:10 . 2012-04-30 19:10 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-04-30 19:10 . 2012-04-30 19:10 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-04-30 19:10 . 2012-04-30 19:10 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-30 19:10 . 2012-04-30 19:10 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-04-30 19:10 . 2012-04-30 19:10 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-04-30 19:10 . 2012-04-30 19:10 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-04-30 19:10 . 2012-04-30 19:10 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_18.29.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-30 17:22 37028 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-30 17:22 35946 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-15 20:00 . 2012-06-30 22:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-15 20:00 . 2012-06-27 15:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-27 15:01 . 2012-06-30 22:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-27 15:01 . 2012-06-27 15:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-28 19:33 . 2012-06-28 19:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012062820120629\index.dat
- 2009-07-14 04:54 . 2012-06-27 15:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-30 22:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-15 20:31 . 2012-06-30 17:22 5708 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-790320148-693173899-1496283817-1002_UserData.bin
- 2012-06-27 18:29 . 2012-06-27 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-01 14:07 . 2012-07-01 14:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 18:29 . 2012-06-27 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-01 14:07 . 2012-07-01 14:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-01 14:06 400664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-27 15:48 400664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-16 01:23 . 2012-07-01 14:06 1152752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-15 20:28 . 2012-07-01 14:06 21327832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-790320148-693173899-1496283817-1002-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2012-6-15 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Polar WebSync.lnk - c:\program files (x86)\Polar\WebSync\WebSync.exe [2012-4-2 6184448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-12-15 14664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 257696]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 33888]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 116648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-10-20 291648]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-20 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-15 1052328]
S2 MSI_ODD_Service;MSI_ODD_Service;c:\program files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-05 76800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe [2012-04-02 411648]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2012-06-15 1600064]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 33888]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-11 60184]
S3 NTIOLib_X64;NTIOLib_X64;c:\program files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-01-18 14136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-06-16 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys [2011-09-15 100352]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys [2011-09-15 216064]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 16:35]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 21:33]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 21:33]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790320148-693173899-1496283817-1002Core.job
- c:\users\ThePedro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 01:47]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790320148-693173899-1496283817-1002UA.job
- c:\users\ThePedro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 01:47]
.
2012-06-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-05-22 07:09]
.
2012-07-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-05-22 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-03 6412904]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-20 1157224]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-12-15 12616]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ThePedro\AppData\Roaming\Mozilla\Firefox\Profiles\67qsmq1o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\06\10\03\14&O"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-07-01 09:10:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 14:10
.
Pre-Run: 658,939,756,544 bytes free
Post-Run: 658,400,862,208 bytes free
.
- - End Of File - - 7F191BF6373BA4A2B8414A499A52ED76

Edited by Aduren, 01 July 2012 - 09:35 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 01 July 2012 - 01:20 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Aduren

Aduren
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 01 July 2012 - 02:01 PM

Thank You Gringo, here are the logs!

I didn't have an issue with any of the programs, the aswMBR was done in like 3 seconds even after it updated the definitions.


------------------------------------TDSS Killer--------------------------------------------------------------------------
13:56:46.0544 4560 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
13:56:46.0544 4560 UEFI system
13:56:46.0894 4560 ============================================================
13:56:46.0894 4560 Current date / time: 2012/07/01 13:56:46.0894
13:56:46.0894 4560 SystemInfo:
13:56:46.0894 4560
13:56:46.0894 4560 OS Version: 6.1.7601 ServicePack: 1.0
13:56:46.0894 4560 Product type: Workstation
13:56:46.0894 4560 ComputerName: THEPEDRO-PC
13:56:46.0894 4560 UserName: ThePedro
13:56:46.0894 4560 Windows directory: C:\Windows
13:56:46.0894 4560 System windows directory: C:\Windows
13:56:46.0894 4560 Running under WOW64
13:56:46.0894 4560 Processor architecture: Intel x64
13:56:46.0894 4560 Number of processors: 4
13:56:46.0894 4560 Page size: 0x1000
13:56:46.0894 4560 Boot type: Normal boot
13:56:46.0894 4560 ============================================================
13:56:47.0779 4560 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:56:47.0784 4560 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1474000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:56:47.0889 4560 ============================================================
13:56:47.0889 4560 \Device\Harddisk0\DR0:
13:56:47.0904 4560 GPT partitions:
13:56:47.0904 4560 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {97841FF5-6AC5-4475-8C07-0D51C62D0DEB}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
13:56:47.0904 4560 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {84C9548C-909B-4749-BFA2-63C3E5C564E3}, Name: Basic data partition, StartLBA 0x98000, BlocksNum 0x14000
13:56:47.0904 4560 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {1F8DD56D-2FDB-463E-986E-AFDF62AB4492}, Name: Microsoft reserved partition, StartLBA 0xAC000, BlocksNum 0x40000
13:56:47.0904 4560 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B2A5D018-FB52-459D-A373-C9706B2CD5CE}, Name: Basic data partition, StartLBA 0xEC000, BlocksNum 0x1272000
13:56:47.0904 4560 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D3DE783E-D1BF-4FC6-AB1B-7FD14610C1FB}, Name: Basic data partition, StartLBA 0x135E000, BlocksNum 0x733A8000
13:56:47.0904 4560 MBR partitions:
13:56:47.0904 4560 \Device\Harddisk1\DR1:
13:56:47.0904 4560 MBR partitions:
13:56:47.0904 4560 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BAA0A20
13:56:47.0904 4560 ============================================================
13:56:47.0924 4560 C: <-> \Device\Harddisk0\DR0\Partition4
13:56:47.0949 4560 D: <-> \Device\Harddisk0\DR0\Partition3
13:56:47.0969 4560 G: <-> \Device\Harddisk1\DR1\Partition0
13:56:47.0969 4560 ============================================================
13:56:47.0969 4560 Initialize success
13:56:47.0969 4560 ============================================================
13:57:19.0184 1788 ============================================================
13:57:19.0184 1788 Scan started
13:57:19.0184 1788 Mode: Manual;
13:57:19.0184 1788 ============================================================
13:57:19.0414 1788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:57:19.0419 1788 1394ohci - ok
13:57:19.0439 1788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:57:19.0439 1788 ACPI - ok
13:57:19.0444 1788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:57:19.0444 1788 AcpiPmi - ok
13:57:19.0509 1788 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:57:19.0509 1788 AdobeFlashPlayerUpdateSvc - ok
13:57:19.0539 1788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:57:19.0544 1788 adp94xx - ok
13:57:19.0574 1788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:57:19.0579 1788 adpahci - ok
13:57:19.0599 1788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:57:19.0604 1788 adpu320 - ok
13:57:19.0674 1788 AE1000 (0d1875b197567fa5fc78e4913977b600) C:\Windows\system32\DRIVERS\ae1000w7.sys
13:57:19.0699 1788 AE1000 - ok
13:57:19.0739 1788 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:57:19.0744 1788 AeLookupSvc - ok
13:57:19.0789 1788 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:57:19.0789 1788 AERTFilters - ok
13:57:19.0844 1788 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:57:19.0849 1788 AFD - ok
13:57:19.0864 1788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:57:19.0869 1788 agp440 - ok
13:57:19.0884 1788 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:57:19.0884 1788 ALG - ok
13:57:19.0909 1788 AlienFusionService (36caead8a7ffb90d05ec97985315388f) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
13:57:19.0909 1788 AlienFusionService - ok
13:57:19.0909 1788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:57:19.0914 1788 aliide - ok
13:57:19.0914 1788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:57:19.0919 1788 amdide - ok
13:57:19.0924 1788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:57:19.0924 1788 AmdK8 - ok
13:57:19.0929 1788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:57:19.0934 1788 AmdPPM - ok
13:57:19.0959 1788 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:57:19.0959 1788 amdsata - ok
13:57:19.0969 1788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:57:19.0974 1788 amdsbs - ok
13:57:19.0989 1788 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:57:19.0989 1788 amdxata - ok
13:57:20.0049 1788 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:57:20.0054 1788 AntiVirSchedulerService - ok
13:57:20.0069 1788 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:57:20.0069 1788 AntiVirService - ok
13:57:20.0099 1788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:57:20.0099 1788 AppID - ok
13:57:20.0109 1788 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:57:20.0114 1788 AppIDSvc - ok
13:57:20.0119 1788 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:57:20.0124 1788 Appinfo - ok
13:57:20.0159 1788 appliand (1b1a533f3be2a540c8f58f14b2886a97) C:\Windows\system32\DRIVERS\appliand.sys
13:57:20.0164 1788 appliand - ok
13:57:20.0174 1788 appliandMP (1b1a533f3be2a540c8f58f14b2886a97) C:\Windows\system32\DRIVERS\appliand.sys
13:57:20.0174 1788 appliandMP - ok
13:57:20.0189 1788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:57:20.0194 1788 arc - ok
13:57:20.0199 1788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:57:20.0204 1788 arcsas - ok
13:57:20.0304 1788 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:57:20.0309 1788 aspnet_state - ok
13:57:20.0329 1788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:57:20.0329 1788 AsyncMac - ok
13:57:20.0349 1788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:57:20.0349 1788 atapi - ok
13:57:20.0429 1788 athr (5493ed5d300afc7a9a0a87fca08e5381) C:\Windows\system32\DRIVERS\athrx.sys
13:57:20.0464 1788 athr - ok
13:57:20.0529 1788 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:57:20.0539 1788 AudioEndpointBuilder - ok
13:57:20.0539 1788 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:57:20.0544 1788 AudioSrv - ok
13:57:20.0569 1788 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
13:57:20.0569 1788 avgntflt - ok
13:57:20.0584 1788 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
13:57:20.0589 1788 avipbb - ok
13:57:20.0599 1788 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:57:20.0604 1788 avkmgr - ok
13:57:20.0634 1788 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:57:20.0639 1788 AxInstSV - ok
13:57:20.0674 1788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:57:20.0679 1788 b06bdrv - ok
13:57:20.0699 1788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:57:20.0709 1788 b57nd60a - ok
13:57:20.0729 1788 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:57:20.0734 1788 BDESVC - ok
13:57:20.0744 1788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:57:20.0744 1788 Beep - ok
13:57:20.0784 1788 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:57:20.0804 1788 BFE - ok
13:57:20.0879 1788 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:57:20.0889 1788 BITS - ok
13:57:20.0929 1788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:57:20.0934 1788 blbdrive - ok
13:57:20.0959 1788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:57:20.0959 1788 bowser - ok
13:57:20.0964 1788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:57:20.0964 1788 BrFiltLo - ok
13:57:20.0969 1788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:57:20.0969 1788 BrFiltUp - ok
13:57:20.0974 1788 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:57:20.0979 1788 BridgeMP - ok
13:57:20.0989 1788 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:57:20.0994 1788 Browser - ok
13:57:21.0014 1788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:57:21.0024 1788 Brserid - ok
13:57:21.0029 1788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:57:21.0029 1788 BrSerWdm - ok
13:57:21.0034 1788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:57:21.0039 1788 BrUsbMdm - ok
13:57:21.0039 1788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:57:21.0039 1788 BrUsbSer - ok
13:57:21.0044 1788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:57:21.0049 1788 BTHMODEM - ok
13:57:21.0064 1788 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:57:21.0069 1788 bthserv - ok
13:57:21.0074 1788 catchme - ok
13:57:21.0089 1788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:57:21.0089 1788 cdfs - ok
13:57:21.0119 1788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:57:21.0124 1788 cdrom - ok
13:57:21.0149 1788 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:57:21.0154 1788 CertPropSvc - ok
13:57:21.0169 1788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:57:21.0174 1788 circlass - ok
13:57:21.0189 1788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:57:21.0194 1788 CLFS - ok
13:57:21.0244 1788 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:57:21.0249 1788 clr_optimization_v2.0.50727_32 - ok
13:57:21.0289 1788 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:57:21.0294 1788 clr_optimization_v2.0.50727_64 - ok
13:57:21.0334 1788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:57:21.0334 1788 clr_optimization_v4.0.30319_32 - ok
13:57:21.0349 1788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:57:21.0349 1788 clr_optimization_v4.0.30319_64 - ok
13:57:21.0354 1788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:57:21.0359 1788 CmBatt - ok
13:57:21.0359 1788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:57:21.0364 1788 cmdide - ok
13:57:21.0409 1788 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:57:21.0414 1788 CNG - ok
13:57:21.0469 1788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:57:21.0469 1788 Compbatt - ok
13:57:21.0489 1788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:57:21.0494 1788 CompositeBus - ok
13:57:21.0504 1788 COMSysApp - ok
13:57:21.0564 1788 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:57:21.0569 1788 cphs - ok
13:57:21.0569 1788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:57:21.0574 1788 crcdisk - ok
13:57:21.0619 1788 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:57:21.0624 1788 CryptSvc - ok
13:57:21.0654 1788 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:57:21.0659 1788 DcomLaunch - ok
13:57:21.0684 1788 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:57:21.0689 1788 defragsvc - ok
13:57:21.0694 1788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:57:21.0699 1788 DfsC - ok
13:57:21.0719 1788 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:57:21.0724 1788 Dhcp - ok
13:57:21.0734 1788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:57:21.0734 1788 discache - ok
13:57:21.0754 1788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:57:21.0754 1788 Disk - ok
13:57:21.0779 1788 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:57:21.0784 1788 Dnscache - ok
13:57:21.0799 1788 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:57:21.0804 1788 dot3svc - ok
13:57:21.0814 1788 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:57:21.0814 1788 DPS - ok
13:57:21.0854 1788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:57:21.0854 1788 drmkaud - ok
13:57:21.0884 1788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:57:21.0899 1788 DXGKrnl - ok
13:57:21.0924 1788 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:57:21.0924 1788 EapHost - ok
13:57:22.0009 1788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:57:22.0059 1788 ebdrv - ok
13:57:22.0129 1788 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:57:22.0129 1788 EFS - ok
13:57:22.0174 1788 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:57:22.0179 1788 ehRecvr - ok
13:57:22.0199 1788 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:57:22.0199 1788 ehSched - ok
13:57:22.0254 1788 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:57:22.0259 1788 ElbyCDIO - ok
13:57:22.0279 1788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:57:22.0284 1788 elxstor - ok
13:57:22.0289 1788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:57:22.0294 1788 ErrDev - ok
13:57:22.0309 1788 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:57:22.0314 1788 EventSystem - ok
13:57:22.0324 1788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:57:22.0329 1788 exfat - ok
13:57:22.0374 1788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:57:22.0374 1788 fastfat - ok
13:57:22.0404 1788 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:57:22.0409 1788 Fax - ok
13:57:22.0409 1788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:57:22.0414 1788 fdc - ok
13:57:22.0444 1788 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:57:22.0444 1788 fdPHost - ok
13:57:22.0449 1788 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:57:22.0454 1788 FDResPub - ok
13:57:22.0464 1788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:57:22.0464 1788 FileInfo - ok
13:57:22.0464 1788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:57:22.0469 1788 Filetrace - ok
13:57:22.0549 1788 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:57:22.0554 1788 FLEXnet Licensing Service - ok
13:57:22.0554 1788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:57:22.0559 1788 flpydisk - ok
13:57:22.0574 1788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:57:22.0579 1788 FltMgr - ok
13:57:22.0634 1788 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:57:22.0644 1788 FontCache - ok
13:57:22.0709 1788 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:57:22.0714 1788 FontCache3.0.0.0 - ok
13:57:22.0734 1788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:57:22.0739 1788 FsDepends - ok
13:57:22.0754 1788 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:57:22.0759 1788 Fs_Rec - ok
13:57:22.0789 1788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:57:22.0789 1788 fvevol - ok
13:57:22.0794 1788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:57:22.0799 1788 gagp30kx - ok
13:57:22.0829 1788 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:57:22.0834 1788 gpsvc - ok
13:57:22.0859 1788 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:57:22.0859 1788 gupdate - ok
13:57:22.0864 1788 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:57:22.0864 1788 gupdatem - ok
13:57:22.0879 1788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:57:22.0879 1788 hcw85cir - ok
13:57:22.0949 1788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:57:22.0949 1788 HDAudBus - ok
13:57:22.0959 1788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:57:22.0959 1788 HidBatt - ok
13:57:22.0969 1788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:57:22.0969 1788 HidBth - ok
13:57:22.0974 1788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:57:22.0979 1788 HidIr - ok
13:57:22.0989 1788 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:57:22.0994 1788 hidserv - ok
13:57:23.0024 1788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:57:23.0029 1788 HidUsb - ok
13:57:23.0054 1788 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:57:23.0054 1788 hkmsvc - ok
13:57:23.0069 1788 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:57:23.0074 1788 HomeGroupListener - ok
13:57:23.0084 1788 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:57:23.0089 1788 HomeGroupProvider - ok
13:57:23.0104 1788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:57:23.0104 1788 HpSAMD - ok
13:57:23.0134 1788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:57:23.0144 1788 HTTP - ok
13:57:23.0149 1788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:57:23.0149 1788 hwpolicy - ok
13:57:23.0164 1788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:57:23.0169 1788 i8042prt - ok
13:57:23.0189 1788 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:57:23.0199 1788 iaStorV - ok
13:57:23.0279 1788 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:57:23.0289 1788 idsvc - ok
13:57:23.0694 1788 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:57:23.0889 1788 igfx - ok
13:57:23.0959 1788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:57:23.0959 1788 iirsp - ok
13:57:24.0014 1788 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:57:24.0024 1788 IKEEXT - ok
13:57:24.0044 1788 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
13:57:24.0049 1788 Impcd - ok
13:57:24.0124 1788 IntcAzAudAddService (f34322b229c05b88e768508431e0894e) C:\Windows\system32\drivers\RTKVHD64.sys
13:57:24.0184 1788 IntcAzAudAddService - ok
13:57:24.0249 1788 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:57:24.0254 1788 IntcDAud - ok
13:57:24.0279 1788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:57:24.0279 1788 intelide - ok
13:57:24.0289 1788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:57:24.0294 1788 intelppm - ok
13:57:24.0304 1788 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:57:24.0309 1788 IPBusEnum - ok
13:57:24.0314 1788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:57:24.0319 1788 IpFilterDriver - ok
13:57:24.0354 1788 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:57:24.0359 1788 iphlpsvc - ok
13:57:24.0364 1788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:57:24.0369 1788 IPMIDRV - ok
13:57:24.0374 1788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:57:24.0379 1788 IPNAT - ok
13:57:24.0394 1788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:57:24.0399 1788 IRENUM - ok
13:57:24.0399 1788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:57:24.0404 1788 isapnp - ok
13:57:24.0419 1788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:57:24.0424 1788 iScsiPrt - ok
13:57:24.0439 1788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:57:24.0444 1788 kbdclass - ok
13:57:24.0444 1788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:57:24.0449 1788 kbdhid - ok
13:57:24.0469 1788 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:24.0469 1788 KeyIso - ok
13:57:24.0484 1788 KMService - ok
13:57:24.0494 1788 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:57:24.0494 1788 KSecDD - ok
13:57:24.0504 1788 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:57:24.0509 1788 KSecPkg - ok
13:57:24.0519 1788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:57:24.0524 1788 ksthunk - ok
13:57:24.0544 1788 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:57:24.0549 1788 KtmRm - ok
13:57:24.0629 1788 L4301_Solar (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
13:57:24.0634 1788 L4301_Solar - ok
13:57:24.0654 1788 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:57:24.0659 1788 LanmanServer - ok
13:57:24.0679 1788 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:57:24.0684 1788 LanmanWorkstation - ok
13:57:24.0699 1788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:57:24.0704 1788 lltdio - ok
13:57:24.0719 1788 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:57:24.0729 1788 lltdsvc - ok
13:57:24.0734 1788 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:57:24.0739 1788 lmhosts - ok
13:57:24.0759 1788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:57:24.0764 1788 LSI_FC - ok
13:57:24.0769 1788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:57:24.0774 1788 LSI_SAS - ok
13:57:24.0774 1788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:57:24.0779 1788 LSI_SAS2 - ok
13:57:24.0784 1788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:57:24.0789 1788 LSI_SCSI - ok
13:57:24.0804 1788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:57:24.0804 1788 luafv - ok
13:57:24.0809 1788 lxec_device - ok
13:57:24.0824 1788 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:57:24.0829 1788 Mcx2Svc - ok
13:57:24.0869 1788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:57:24.0874 1788 megasas - ok
13:57:24.0884 1788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:57:24.0889 1788 MegaSR - ok
13:57:24.0909 1788 MEIx64 (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\DRIVERS\HECIx64.sys
13:57:24.0914 1788 MEIx64 - ok
13:57:24.0974 1788 Microsoft SharePoint Workspace Audit Service - ok
13:57:24.0999 1788 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:57:25.0004 1788 MMCSS - ok
13:57:25.0004 1788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:57:25.0009 1788 Modem - ok
13:57:25.0039 1788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:57:25.0039 1788 monitor - ok
13:57:25.0049 1788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:57:25.0054 1788 mouclass - ok
13:57:25.0069 1788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:57:25.0074 1788 mouhid - ok
13:57:25.0079 1788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:57:25.0079 1788 mountmgr - ok
13:57:25.0109 1788 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:57:25.0109 1788 MozillaMaintenance - ok
13:57:25.0119 1788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:57:25.0124 1788 mpio - ok
13:57:25.0134 1788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:57:25.0134 1788 mpsdrv - ok
13:57:25.0169 1788 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:57:25.0174 1788 MpsSvc - ok
13:57:25.0189 1788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:57:25.0194 1788 MRxDAV - ok
13:57:25.0219 1788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:57:25.0219 1788 mrxsmb - ok
13:57:25.0229 1788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:57:25.0234 1788 mrxsmb10 - ok
13:57:25.0239 1788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:57:25.0239 1788 mrxsmb20 - ok
13:57:25.0259 1788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:57:25.0264 1788 msahci - ok
13:57:25.0279 1788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:57:25.0289 1788 msdsm - ok
13:57:25.0299 1788 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:57:25.0304 1788 MSDTC - ok
13:57:25.0314 1788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:57:25.0314 1788 Msfs - ok
13:57:25.0314 1788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:57:25.0319 1788 mshidkmdf - ok
13:57:25.0329 1788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:57:25.0329 1788 msisadrv - ok
13:57:25.0354 1788 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:57:25.0359 1788 MSiSCSI - ok
13:57:25.0359 1788 msiserver - ok
13:57:25.0429 1788 MSI_ODD_Service (583e83d46ccedb47476ac0db6114136a) c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
13:57:25.0429 1788 MSI_ODD_Service - ok
13:57:25.0439 1788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:57:25.0439 1788 MSKSSRV - ok
13:57:25.0444 1788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:57:25.0444 1788 MSPCLOCK - ok
13:57:25.0444 1788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:57:25.0449 1788 MSPQM - ok
13:57:25.0464 1788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:57:25.0464 1788 MsRPC - ok
13:57:25.0479 1788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:57:25.0479 1788 mssmbios - ok
13:57:25.0489 1788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:57:25.0489 1788 MSTEE - ok
13:57:25.0494 1788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:57:25.0494 1788 MTConfig - ok
13:57:25.0504 1788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:57:25.0504 1788 Mup - ok
13:57:25.0539 1788 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:57:25.0544 1788 napagent - ok
13:57:25.0579 1788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:57:25.0584 1788 NativeWifiP - ok
13:57:25.0634 1788 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:57:25.0639 1788 NDIS - ok
13:57:25.0664 1788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:57:25.0664 1788 NdisCap - ok
13:57:25.0684 1788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:57:25.0684 1788 NdisTapi - ok
13:57:25.0699 1788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:57:25.0699 1788 Ndisuio - ok
13:57:25.0714 1788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:57:25.0724 1788 NdisWan - ok
13:57:25.0729 1788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:57:25.0729 1788 NDProxy - ok
13:57:25.0744 1788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:57:25.0744 1788 NetBIOS - ok
13:57:25.0759 1788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:57:25.0764 1788 NetBT - ok
13:57:25.0784 1788 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:25.0784 1788 Netlogon - ok
13:57:25.0814 1788 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:57:25.0814 1788 Netman - ok
13:57:25.0889 1788 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:57:25.0894 1788 NetMsmqActivator - ok
13:57:25.0894 1788 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:57:25.0899 1788 NetPipeActivator - ok
13:57:25.0919 1788 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:57:25.0924 1788 netprofm - ok
13:57:25.0924 1788 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:57:25.0924 1788 NetTcpActivator - ok
13:57:25.0929 1788 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:57:25.0929 1788 NetTcpPortSharing - ok
13:57:25.0954 1788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:57:25.0959 1788 nfrd960 - ok
13:57:25.0984 1788 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:57:25.0989 1788 NlaSvc - ok
13:57:25.0999 1788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:57:25.0999 1788 Npfs - ok
13:57:26.0004 1788 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:57:26.0004 1788 nsi - ok
13:57:26.0014 1788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:57:26.0014 1788 nsiproxy - ok
13:57:26.0069 1788 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:57:26.0094 1788 Ntfs - ok
13:57:26.0124 1788 NTIOLib_X64 (3f39f013168428c8e505a7b9e6cba8a2) C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys
13:57:26.0124 1788 NTIOLib_X64 - ok
13:57:26.0169 1788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:57:26.0169 1788 Null - ok
13:57:26.0194 1788 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
13:57:26.0199 1788 NVHDA - ok
13:57:26.0549 1788 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:57:26.0759 1788 nvlddmkm - ok
13:57:26.0824 1788 nvpciflt (ecaf81ac8637f9bcbfcb6658a31e1109) C:\Windows\system32\DRIVERS\nvpciflt.sys
13:57:26.0829 1788 nvpciflt - ok
13:57:26.0844 1788 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:57:26.0849 1788 nvraid - ok
13:57:26.0864 1788 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:57:26.0869 1788 nvstor - ok
13:57:26.0899 1788 NvStUSB (67a5e83b66654888c5b4a7cabbd96aa9) C:\Windows\system32\drivers\nvstusb.sys
13:57:26.0904 1788 NvStUSB - ok
13:57:26.0939 1788 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
13:57:26.0944 1788 nvsvc - ok
13:57:26.0994 1788 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:57:27.0009 1788 nvUpdatusService - ok
13:57:27.0054 1788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:57:27.0059 1788 nv_agp - ok
13:57:27.0064 1788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:57:27.0069 1788 ohci1394 - ok
13:57:27.0194 1788 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:57:27.0199 1788 ose - ok
13:57:27.0364 1788 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:57:27.0429 1788 osppsvc - ok
13:57:27.0479 1788 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:57:27.0484 1788 p2pimsvc - ok
13:57:27.0499 1788 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:57:27.0509 1788 p2psvc - ok
13:57:27.0519 1788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:57:27.0519 1788 Parport - ok
13:57:27.0544 1788 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:57:27.0544 1788 partmgr - ok
13:57:27.0554 1788 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:57:27.0564 1788 PcaSvc - ok
13:57:27.0579 1788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:57:27.0584 1788 pci - ok
13:57:27.0594 1788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:57:27.0599 1788 pciide - ok
13:57:27.0614 1788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:57:27.0619 1788 pcmcia - ok
13:57:27.0654 1788 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
13:57:27.0659 1788 pcouffin - ok
13:57:27.0669 1788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:57:27.0669 1788 pcw - ok
13:57:27.0694 1788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:57:27.0704 1788 PEAUTH - ok
13:57:27.0754 1788 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:57:27.0754 1788 PerfHost - ok
13:57:27.0789 1788 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:57:27.0814 1788 pla - ok
13:57:27.0839 1788 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:57:27.0844 1788 PlugPlay - ok
13:57:27.0854 1788 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:57:27.0859 1788 PNRPAutoReg - ok
13:57:27.0879 1788 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:57:27.0879 1788 PNRPsvc - ok
13:57:27.0914 1788 Polar Daemon (64e5b51cc3df3112d95fd3b9287e3f6f) C:\Program Files (x86)\Polar\Daemon\polard.exe
13:57:27.0919 1788 Polar Daemon - ok
13:57:27.0944 1788 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:57:27.0954 1788 PolicyAgent - ok
13:57:27.0989 1788 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
13:57:27.0994 1788 Power - ok
13:57:28.0034 1788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:57:28.0039 1788 PptpMiniport - ok
13:57:28.0049 1788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:57:28.0054 1788 Processor - ok
13:57:28.0074 1788 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:57:28.0074 1788 ProfSvc - ok
13:57:28.0129 1788 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:28.0134 1788 ProtectedStorage - ok
13:57:28.0149 1788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:57:28.0149 1788 Psched - ok
13:57:28.0194 1788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:57:28.0234 1788 ql2300 - ok
13:57:28.0274 1788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:57:28.0279 1788 ql40xx - ok
13:57:28.0294 1788 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:57:28.0304 1788 QWAVE - ok
13:57:28.0309 1788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:57:28.0309 1788 QWAVEdrv - ok
13:57:28.0314 1788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:57:28.0314 1788 RasAcd - ok
13:57:28.0334 1788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:57:28.0339 1788 RasAgileVpn - ok
13:57:28.0344 1788 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:57:28.0349 1788 RasAuto - ok
13:57:28.0359 1788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:57:28.0364 1788 Rasl2tp - ok
13:57:28.0379 1788 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:57:28.0389 1788 RasMan - ok
13:57:28.0399 1788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:57:28.0404 1788 RasPppoe - ok
13:57:28.0419 1788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:57:28.0424 1788 RasSstp - ok
13:57:28.0434 1788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:57:28.0439 1788 rdbss - ok
13:57:28.0454 1788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:57:28.0494 1788 rdpbus - ok
13:57:28.0534 1788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:57:28.0534 1788 RDPCDD - ok
13:57:28.0559 1788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:57:28.0559 1788 RDPENCDD - ok
13:57:28.0569 1788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:57:28.0569 1788 RDPREFMP - ok
13:57:28.0594 1788 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:57:28.0599 1788 RDPWD - ok
13:57:28.0629 1788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:57:28.0629 1788 rdyboost - ok
13:57:28.0664 1788 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:57:28.0669 1788 RemoteAccess - ok
13:57:28.0684 1788 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:57:28.0689 1788 RemoteRegistry - ok
13:57:28.0699 1788 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:57:28.0704 1788 RpcEptMapper - ok
13:57:28.0719 1788 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:57:28.0719 1788 RpcLocator - ok
13:57:28.0739 1788 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:57:28.0739 1788 RpcSs - ok
13:57:28.0749 1788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:57:28.0754 1788 rspndr - ok
13:57:28.0789 1788 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:57:28.0794 1788 RTL8167 - ok
13:57:28.0824 1788 rusb3hub (cab06ca598638e0457e1dcf8ca824ec2) C:\Windows\system32\DRIVERS\rusb3hub.sys
13:57:28.0829 1788 rusb3hub - ok
13:57:28.0849 1788 rusb3xhc (f47e2920f2a8c34562aae24b73800c5c) C:\Windows\system32\DRIVERS\rusb3xhc.sys
13:57:28.0854 1788 rusb3xhc - ok
13:57:28.0864 1788 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:28.0864 1788 SamSs - ok
13:57:28.0879 1788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:57:28.0884 1788 sbp2port - ok
13:57:28.0899 1788 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:57:28.0904 1788 SCardSvr - ok
13:57:28.0944 1788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:57:28.0949 1788 scfilter - ok
13:57:28.0984 1788 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:57:28.0999 1788 Schedule - ok
13:57:29.0019 1788 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:57:29.0019 1788 SCPolicySvc - ok
13:57:29.0034 1788 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:57:29.0039 1788 SDRSVC - ok
13:57:29.0074 1788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:57:29.0079 1788 secdrv - ok
13:57:29.0109 1788 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:57:29.0114 1788 seclogon - ok
13:57:29.0124 1788 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:57:29.0124 1788 SENS - ok
13:57:29.0144 1788 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:57:29.0149 1788 SensrSvc - ok
13:57:29.0154 1788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:57:29.0159 1788 Serenum - ok
13:57:29.0169 1788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:57:29.0174 1788 Serial - ok
13:57:29.0179 1788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:57:29.0179 1788 sermouse - ok
13:57:29.0194 1788 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:57:29.0199 1788 SessionEnv - ok
13:57:29.0204 1788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:57:29.0204 1788 sffdisk - ok
13:57:29.0209 1788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:57:29.0209 1788 sffp_mmc - ok
13:57:29.0214 1788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:57:29.0214 1788 sffp_sd - ok
13:57:29.0219 1788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:57:29.0219 1788 sfloppy - ok
13:57:29.0264 1788 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:57:29.0274 1788 SharedAccess - ok
13:57:29.0289 1788 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:57:29.0294 1788 ShellHWDetection - ok
13:57:29.0294 1788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:57:29.0299 1788 SiSRaid2 - ok
13:57:29.0309 1788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:57:29.0314 1788 SiSRaid4 - ok
13:57:29.0319 1788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:57:29.0324 1788 Smb - ok
13:57:29.0339 1788 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:57:29.0339 1788 SNMPTRAP - ok
13:57:29.0354 1788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:57:29.0354 1788 spldr - ok
13:57:29.0374 1788 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:57:29.0374 1788 Spooler - ok
13:57:29.0459 1788 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:57:29.0499 1788 sppsvc - ok
13:57:29.0569 1788 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:57:29.0574 1788 sppuinotify - ok
13:57:29.0614 1788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:57:29.0614 1788 srv - ok
13:57:29.0644 1788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:57:29.0649 1788 srv2 - ok
13:57:29.0664 1788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:57:29.0664 1788 srvnet - ok
13:57:29.0689 1788 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:57:29.0694 1788 SSDPSRV - ok
13:57:29.0709 1788 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:57:29.0714 1788 SstpSvc - ok
13:57:29.0784 1788 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:57:29.0789 1788 Stereo Service - ok
13:57:29.0804 1788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:57:29.0804 1788 stexstor - ok
13:57:29.0834 1788 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:57:29.0844 1788 stisvc - ok
13:57:29.0854 1788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:57:29.0854 1788 swenum - ok
13:57:29.0874 1788 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:57:29.0884 1788 swprv - ok
13:57:29.0934 1788 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:57:29.0954 1788 SysMain - ok
13:57:30.0034 1788 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:57:30.0039 1788 TabletInputService - ok
13:57:30.0054 1788 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:57:30.0064 1788 TapiSrv - ok
13:57:30.0074 1788 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:57:30.0079 1788 TBS - ok
13:57:30.0144 1788 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:57:30.0169 1788 Tcpip - ok
13:57:30.0299 1788 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:57:30.0309 1788 TCPIP6 - ok
13:57:30.0349 1788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:57:30.0349 1788 tcpipreg - ok
13:57:30.0359 1788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:57:30.0364 1788 TDPIPE - ok
13:57:30.0384 1788 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:57:30.0389 1788 TDTCP - ok
13:57:30.0404 1788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:57:30.0409 1788 tdx - ok
13:57:30.0419 1788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:57:30.0424 1788 TermDD - ok
13:57:30.0454 1788 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:57:30.0464 1788 TermService - ok
13:57:30.0474 1788 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:57:30.0479 1788 Themes - ok
13:57:30.0494 1788 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:57:30.0494 1788 THREADORDER - ok
13:57:30.0504 1788 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:57:30.0509 1788 TrkWks - ok
13:57:30.0544 1788 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:57:30.0544 1788 TrustedInstaller - ok
13:57:30.0549 1788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:57:30.0554 1788 tssecsrv - ok
13:57:30.0564 1788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:57:30.0569 1788 TsUsbFlt - ok
13:57:30.0569 1788 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:57:30.0574 1788 TsUsbGD - ok
13:57:30.0604 1788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:57:30.0604 1788 tunnel - ok
13:57:30.0609 1788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:57:30.0614 1788 uagp35 - ok
13:57:30.0634 1788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:57:30.0644 1788 udfs - ok
13:57:30.0659 1788 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:57:30.0664 1788 UI0Detect - ok
13:57:30.0674 1788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:57:30.0679 1788 uliagpkx - ok
13:57:30.0694 1788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:57:30.0694 1788 umbus - ok
13:57:30.0699 1788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:57:30.0699 1788 UmPass - ok
13:57:30.0724 1788 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:57:30.0729 1788 upnphost - ok
13:57:30.0744 1788 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
13:57:30.0744 1788 usbccgp - ok
13:57:30.0759 1788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:57:30.0764 1788 usbcir - ok
13:57:30.0779 1788 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:57:30.0784 1788 usbehci - ok
13:57:30.0809 1788 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:57:30.0814 1788 usbhub - ok
13:57:30.0829 1788 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:57:30.0834 1788 usbohci - ok
13:57:30.0854 1788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:57:30.0859 1788 usbprint - ok
13:57:30.0884 1788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:57:30.0889 1788 usbscan - ok
13:57:30.0899 1788 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:57:30.0904 1788 USBSTOR - ok
13:57:30.0919 1788 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:57:30.0924 1788 usbuhci - ok
13:57:30.0939 1788 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:57:30.0939 1788 UxSms - ok
13:57:30.0959 1788 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:57:30.0964 1788 VaultSvc - ok
13:57:30.0989 1788 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
13:57:30.0989 1788 VClone - ok
13:57:30.0999 1788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:57:30.0999 1788 vdrvroot - ok
13:57:31.0024 1788 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:57:31.0029 1788 vds - ok
13:57:31.0039 1788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:57:31.0039 1788 vga - ok
13:57:31.0054 1788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:57:31.0054 1788 VgaSave - ok
13:57:31.0064 1788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:57:31.0074 1788 vhdmp - ok
13:57:31.0074 1788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:57:31.0079 1788 viaide - ok
13:57:31.0099 1788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:57:31.0099 1788 volmgr - ok
13:57:31.0119 1788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:57:31.0119 1788 volmgrx - ok
13:57:31.0144 1788 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
13:57:31.0144 1788 volsnap - ok
13:57:31.0159 1788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:57:31.0164 1788 vsmraid - ok
13:57:31.0209 1788 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:57:31.0229 1788 VSS - ok
13:57:31.0324 1788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:57:31.0329 1788 vwifibus - ok
13:57:31.0344 1788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:57:31.0349 1788 vwififlt - ok
13:57:31.0369 1788 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:57:31.0374 1788 W32Time - ok
13:57:31.0379 1788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:57:31.0384 1788 WacomPen - ok
13:57:31.0409 1788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:31.0414 1788 WANARP - ok
13:57:31.0414 1788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:31.0414 1788 Wanarpv6 - ok
13:57:31.0454 1788 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:57:31.0479 1788 wbengine - ok
13:57:31.0534 1788 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:57:31.0539 1788 WbioSrvc - ok
13:57:31.0559 1788 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:57:31.0569 1788 wcncsvc - ok
13:57:31.0584 1788 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:57:31.0589 1788 WcsPlugInService - ok
13:57:31.0594 1788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:57:31.0599 1788 Wd - ok
13:57:31.0634 1788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:57:31.0639 1788 Wdf01000 - ok
13:57:31.0654 1788 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:31.0659 1788 WdiServiceHost - ok
13:57:31.0659 1788 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:31.0664 1788 WdiSystemHost - ok
13:57:31.0679 1788 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:57:31.0684 1788 WebClient - ok
13:57:31.0699 1788 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:57:31.0704 1788 Wecsvc - ok
13:57:31.0719 1788 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:57:31.0724 1788 wercplsupport - ok
13:57:31.0749 1788 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:57:31.0749 1788 WerSvc - ok
13:57:31.0759 1788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:31.0764 1788 WfpLwf - ok
13:57:31.0774 1788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:57:31.0779 1788 WIMMount - ok
13:57:31.0809 1788 WinDefend - ok
13:57:31.0814 1788 WinHttpAutoProxySvc - ok
13:57:31.0844 1788 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:57:31.0844 1788 Winmgmt - ok
13:57:31.0904 1788 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:57:31.0934 1788 WinRM - ok
13:57:31.0999 1788 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:57:32.0004 1788 Wlansvc - ok
13:57:32.0014 1788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:57:32.0019 1788 WmiAcpi - ok
13:57:32.0029 1788 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:57:32.0034 1788 wmiApSrv - ok
13:57:32.0049 1788 WMPNetworkSvc - ok
13:57:32.0084 1788 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:57:32.0089 1788 WPCSvc - ok
13:57:32.0099 1788 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:57:32.0104 1788 WPDBusEnum - ok
13:57:32.0109 1788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:57:32.0109 1788 ws2ifsl - ok
13:57:32.0119 1788 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:57:32.0124 1788 wscsvc - ok
13:57:32.0129 1788 WSearch - ok
13:57:32.0214 1788 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:57:32.0244 1788 wuauserv - ok
13:57:32.0289 1788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:57:32.0294 1788 WudfPf - ok
13:57:32.0314 1788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:57:32.0319 1788 WUDFRd - ok
13:57:32.0329 1788 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:57:32.0334 1788 wudfsvc - ok
13:57:32.0349 1788 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:57:32.0354 1788 WwanSvc - ok
13:57:32.0374 1788 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
13:57:32.0379 1788 \Device\Harddisk0\DR0 - ok
13:57:32.0389 1788 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
13:57:32.0389 1788 \Device\Harddisk1\DR1 - ok
13:57:32.0399 1788 Boot (0x1200) (9d90938a3a2b24a19208fd69b9f9bddd) \Device\Harddisk0\DR0\Partition0
13:57:32.0399 1788 \Device\Harddisk0\DR0\Partition0 - ok
13:57:32.0409 1788 Boot (0x1200) (77e682ab12df16ec5b1b0eb173aa3399) \Device\Harddisk0\DR0\Partition1
13:57:32.0414 1788 \Device\Harddisk0\DR0\Partition1 - ok
13:57:32.0419 1788 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition2
13:57:32.0419 1788 \Device\Harddisk0\DR0\Partition2 - ok
13:57:32.0424 1788 Boot (0x1200) (5e4deaa74f70afa5c131b066ef5de83a) \Device\Harddisk0\DR0\Partition3
13:57:32.0429 1788 \Device\Harddisk0\DR0\Partition3 - ok
13:57:32.0439 1788 Boot (0x1200) (80fb099dfc3b6d2d26f09bc262cbe450) \Device\Harddisk0\DR0\Partition4
13:57:32.0439 1788 \Device\Harddisk0\DR0\Partition4 - ok
13:57:32.0439 1788 Boot (0x1200) (67c19bdda22403b71a693f2f38dc3269) \Device\Harddisk1\DR1\Partition0
13:57:32.0444 1788 \Device\Harddisk1\DR1\Partition0 - ok
13:57:32.0444 1788 ============================================================
13:57:32.0444 1788 Scan finished
13:57:32.0444 1788 ============================================================
13:57:32.0449 0116 Detected object count: 0
13:57:32.0449 0116 Actual detected object count: 0



------------------------------------------aswMBR Log-----------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 14:02:12
-----------------------------
14:02:12.781 OS Version: Windows x64 6.1.7601 Service Pack 1
14:02:12.781 Number of processors: 4 586 0x2A07
14:02:12.786 ComputerName: THEPEDRO-PC UserName: ThePedro
14:02:12.791 Initialze error 1
14:03:05.386 AVAST engine defs: 12070100
14:04:43.146 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:04:43.151 Disk 0 Vendor: ST31000524AS JC4A Size: 953869MB BusType: 11
14:04:43.176 Disk 0 MBR read successfully
14:04:43.176 Disk 0 MBR scan
14:04:43.191 Disk 0 unknown MBR code
14:04:43.191 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:04:43.196 Disk 0 scanning C:\Windows\system32\drivers
14:04:43.196 Service scanning
14:04:43.836 Modules scanning
14:04:43.836 Disk 0 trace - called modules:
14:04:43.876 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:04:43.876 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aa8060]
14:04:43.876 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8007576520]
14:04:43.881 5 ACPI.sys[fffff88000fa47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007574680]
14:04:43.881 AVAST engine scan C:\Windows
14:04:43.886 AVAST engine scan C:\Windows\system32
14:04:43.886 AVAST engine scan C:\Windows\system32\drivers
14:04:43.891 AVAST engine scan C:\Users\ThePedro
14:04:43.891 AVAST engine scan C:\ProgramData
14:04:43.896 Scan finished successfully
14:05:21.156 Disk 0 MBR has been saved successfully to "C:\Users\ThePedro\Desktop\MBR.dat"
14:05:21.161 The log file has been saved successfully to "C:\Users\ThePedro\Desktop\aswMBRQUICKSCAN.txt"

Edited by Aduren, 01 July 2012 - 02:09 PM.


#7 Aduren

Aduren
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 01 July 2012 - 04:10 PM

OMG OMG OMG hey Gringo my windows firewall is working!

Yay!

I started a game and it popped asking me if i wanted to grant it access to the internet. I also went into the control panel and windows firewall and I can access all of the options. ^__^ I'm not sure why, maybe combofix? Anyways I think things are getting better.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 01 July 2012 - 05:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Conduit
c:\program files (x86)\Vuze_Remote

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Aduren

Aduren
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 01 July 2012 - 06:32 PM

Thank You Gringo!

My computer is doing good. My firewall is working (I was afraid my windows was done for). The script ran fine and with no issues, had to restart it after it booted.

I don't seem to have issues with my computer, no slow web surfing etc.

The only thing is I am still in "selective startup" since I stopped ondeg.dll and nhlhon.dll from running. If i do load the computer normally it says that the ondeg.dll and nhlhon.dll blah blah could not run (which i why i stopped them from running to begin with).


--------------------------------------Combo-Fix Log-------------------------------------------------------------------------------
ComboFix 12-07-01.03 - ThePedro 07/01/2012 18:13:16.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8087.6157 [GMT -5:00]
Running from: c:\users\ThePedro\Desktop\ComboFix.exe
Command switches used :: c:\users\ThePedro\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\Vuze_Remote\GottenAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\ldrtbVuze.dll
c:\program files (x86)\Vuze_Remote\OtherAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
c:\program files (x86)\Vuze_Remote\SharedAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\tbVuze.dll
c:\program files (x86)\Vuze_Remote\toolbar.cfg
c:\program files (x86)\Vuze_Remote\ToolbarContextMenu.xml
c:\program files (x86)\Vuze_Remote\uninstall.exe
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 23:17 . 2012-07-01 23:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-01 23:17 . 2012-07-01 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 14:13 . 2012-06-30 14:13 -------- d-----w- c:\windows\Sun
2012-06-29 02:47 . 2012-06-29 02:47 -------- d-----w- c:\programdata\ChessBase
2012-06-27 21:30 . 2012-06-27 21:30 -------- d-----w- c:\program files (x86)\Aspyr
2012-06-27 15:11 . 2012-06-27 15:11 -------- d-----w- c:\programdata\Malwarebytes
2012-06-27 11:16 . 2012-06-27 11:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-27 11:03 . 2012-06-27 11:03 -------- d-----w- c:\program files (x86)\2K Games
2012-06-27 11:00 . 2012-06-27 11:00 -------- d-----w- c:\program files (x86)\Common Files\ChessBase
2012-06-27 10:58 . 2012-06-27 10:59 -------- d-----w- c:\program files (x86)\ChessBase
2012-06-27 10:49 . 2012-06-27 10:49 -------- d-----w- c:\programdata\Media Center Programs
2012-06-27 10:46 . 2012-06-27 10:47 -------- d-----w- c:\program files (x86)\Ubisoft
2012-06-26 21:33 . 2012-06-26 21:33 -------- d-----w- c:\program files (x86)\Google
2012-06-25 02:56 . 2012-06-25 02:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-06-24 22:14 . 2012-06-24 22:15 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-24 22:14 . 2012-06-24 22:23 -------- d-----w- c:\program files (x86)\Nero
2012-06-22 13:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:55 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:55 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:55 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:55 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:55 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:31 . 2012-06-21 22:51 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-06-21 22:31 . 2008-10-15 11:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-06-21 22:31 . 2008-10-15 11:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-06-21 22:31 . 2008-10-15 11:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-06-21 22:31 . 2008-10-15 11:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-06-21 20:54 . 2012-06-21 20:54 -------- d-sh--w- c:\programdata\DSS
2012-06-21 20:50 . 2012-06-21 20:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-21 03:48 . 2012-06-27 14:52 -------- d-----w- c:\programdata\FLEXnet
2012-06-21 03:48 . 2012-06-21 03:48 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-06-19 20:29 . 2012-06-19 20:29 -------- d-----w- c:\program files (x86)\WB Games
2012-06-18 20:25 . 2012-06-18 20:25 -------- d-----w- c:\programdata\CyberLink
2012-06-16 20:02 . 2012-06-16 20:02 -------- d-----w- c:\program files\AlienAutopsy
2012-06-16 20:00 . 2012-06-16 20:00 -------- d-----w- c:\programdata\PCDr
2012-06-16 03:20 . 2012-06-16 03:20 -------- d-----w- c:\program files (x86)\Vuze
2012-06-16 02:21 . 2012-06-16 02:21 -------- d-----w- c:\program files\Applian Technologies
2012-06-16 02:03 . 2012-06-16 02:03 -------- d-----w- c:\windows\SysWow64\spool
2012-06-16 02:00 . 2012-06-16 02:00 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-06-16 02:00 . 2012-06-16 02:00 151552 ----a-w- c:\windows\KMService.exe
2012-06-16 01:56 . 2012-06-16 01:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-06-16 01:56 . 2012-06-16 01:56 -------- d-----w- c:\windows\PCHEALTH
2012-06-16 01:56 . 2012-06-16 01:56 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-06-16 01:56 . 2012-06-16 01:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-06-16 01:54 . 2012-06-16 01:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-16 01:54 . 2012-06-16 01:54 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-16 01:53 . 2012-06-16 01:57 -------- d-----w- c:\programdata\Microsoft Help
2012-06-16 01:53 . 2012-06-16 01:53 -------- d-----r- C:\MSOCache
2012-06-16 01:48 . 2012-06-16 01:48 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2012-06-16 01:12 . 2012-06-16 01:13 -------- d-----w- c:\program files (x86)\Polar
2012-06-16 01:10 . 2012-06-16 01:10 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-06-16 01:10 . 2012-06-16 02:16 -------- d-----w- c:\program files (x86)\DVDFab 8
2012-06-16 01:09 . 2003-05-15 01:32 21099 ----a-w- c:\windows\SysWow64\AdobePDF.dll
2012-06-16 00:52 . 2012-06-16 00:52 -------- d-----w- c:\program files\7-Zip
2012-06-15 21:40 . 2012-06-22 16:35 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 21:07 . 2012-06-28 19:33 -------- d-----w- c:\programdata\lx_Cats
2012-06-15 21:07 . 2009-11-04 18:18 189440 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxecdrpp.dll
2012-06-15 21:07 . 2012-06-15 21:07 -------- d-----w- c:\program files\Lexmark Pro800-Pro900 Series
2012-06-15 21:06 . 2012-06-15 21:06 -------- d-----w- c:\program files\Lexmark
2012-06-15 21:06 . 2012-06-18 22:50 -------- d-----w- c:\programdata\LogiShrd
2012-06-15 21:06 . 2012-06-15 21:06 -------- d-----w- c:\program files\Logitech
2012-06-15 21:06 . 2012-06-18 22:50 -------- d-----w- c:\program files\Common Files\Logishrd
2012-06-15 21:02 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-15 21:02 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-06-15 21:02 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-15 21:02 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-15 21:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-15 21:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-15 21:02 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-15 21:02 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-15 21:02 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-15 21:01 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-15 21:01 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-15 21:01 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-15 21:01 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-15 21:01 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 21:01 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-15 21:01 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-15 21:01 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-15 21:00 . 2012-06-15 21:00 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-15 20:27 . 2012-05-02 20:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-15 20:27 . 2012-04-27 15:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-15 20:27 . 2012-04-25 05:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-15 20:27 . 2012-06-15 20:27 -------- d-----w- c:\programdata\Avira
2012-06-15 20:27 . 2012-06-15 20:27 -------- d-----w- c:\program files (x86)\Avira
2012-06-15 20:26 . 2012-06-15 20:26 -------- d-----w- c:\program files (x86)\MozBackup
2012-06-15 20:14 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-15 20:14 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-15 20:14 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-15 20:14 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-15 20:14 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-15 20:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-15 20:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-15 20:14 . 2012-06-16 11:25 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-15 20:11 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-15 20:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-15 20:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-15 19:58 . 2012-06-16 03:20 -------- d-----w- c:\users\ThePedro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 16:35 . 2012-04-30 17:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 20:58 . 2011-06-08 15:41 1600064 ----a-w- c:\windows\system32\drivers\ae1000w7.sys
2012-05-15 10:48 . 2012-04-30 19:04 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-30 19:04 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-30 19:04 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-04-30 19:04 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-04-30 19:04 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-04-30 19:04 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-04-30 19:04 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-04-30 19:04 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-04-30 19:04 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-04-30 19:04 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2012-04-30 19:15 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-04-30 19:15 858944 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2012-04-30 19:15 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-04-30 19:15 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2012-04-30 19:15 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-04-30 19:15 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-04-30 19:15 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-04-30 19:15 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-04-30 19:11 . 2012-04-30 19:11 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-04-30 19:11 . 2012-04-30 19:11 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-04-30 19:11 . 2012-04-30 19:11 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-04-30 19:11 . 2012-04-30 19:11 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-04-30 19:11 . 2012-04-30 19:11 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-04-30 19:11 . 2012-04-30 19:11 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-04-30 19:11 . 2012-04-30 19:11 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-04-30 19:11 . 2012-04-30 19:11 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-04-30 19:11 . 2012-04-30 19:11 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-04-30 19:11 . 2012-04-30 19:11 491520 ----a-w- c:\windows\system32\mssph.dll
2012-04-30 19:11 . 2012-04-30 19:11 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-30 19:11 . 2012-04-30 19:11 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-04-30 19:11 . 2012-04-30 19:11 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-04-30 19:11 . 2012-04-30 19:11 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-30 19:11 . 2012-04-30 19:11 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-04-30 19:11 . 2012-04-30 19:11 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-04-30 19:11 . 2012-04-30 19:11 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-04-30 19:11 . 2012-04-30 19:11 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-04-30 19:11 . 2012-04-30 19:11 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-04-30 19:11 . 2012-04-30 19:11 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-04-30 19:11 . 2012-04-30 19:11 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-04-30 19:11 . 2012-04-30 19:11 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-04-30 19:11 . 2012-04-30 19:11 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-04-30 19:11 . 2012-04-30 19:11 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-30 19:11 . 2012-04-30 19:11 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-30 19:11 . 2012-04-30 19:11 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-04-30 19:11 . 2012-04-30 19:11 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-30 19:11 . 2012-04-30 19:11 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-30 19:11 . 2012-04-30 19:11 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-04-30 19:11 . 2012-04-30 19:11 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-04-30 19:11 . 2012-04-30 19:11 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-04-30 19:11 . 2012-04-30 19:11 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-04-30 19:11 . 2012-04-30 19:11 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-04-30 19:11 . 2012-04-30 19:11 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-30 19:10 . 2012-04-30 19:10 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-30 19:10 . 2012-04-30 19:10 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-30 19:10 . 2012-04-30 19:10 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-30 19:10 . 2012-04-30 19:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-04-30 19:10 . 2012-04-30 19:10 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-04-30 19:10 . 2012-04-30 19:10 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-30 19:10 . 2012-04-30 19:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-04-30 19:10 . 2012-04-30 19:10 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-04-30 19:10 . 2012-04-30 19:10 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-04-30 19:10 . 2012-04-30 19:10 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-04-30 19:10 . 2012-04-30 19:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-04-30 19:10 . 2012-04-30 19:10 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-04-30 19:10 . 2012-04-30 19:10 2871808 ----a-w- c:\windows\explorer.exe
2012-04-30 19:10 . 2012-04-30 19:10 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-04-30 19:10 . 2012-04-30 19:10 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-04-30 19:10 . 2012-04-30 19:10 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-30 19:10 . 2012-04-30 19:10 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-04-30 19:10 . 2012-04-30 19:10 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-04-30 19:10 . 2012-04-30 19:10 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-30 19:10 . 2012-04-30 19:10 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-04-30 19:10 . 2012-04-30 19:10 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-04-30 19:10 . 2012-04-30 19:10 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-30 19:10 . 2012-04-30 19:10 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-04-30 19:10 . 2012-04-30 19:10 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-04-30 19:10 . 2012-04-30 19:10 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-04-30 19:10 . 2012-04-30 19:10 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-04-30 19:10 . 2012-04-30 19:10 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-04-30 19:10 . 2012-04-30 19:10 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-04-30 19:10 . 2012-04-30 19:10 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-04-30 19:10 . 2012-04-30 19:10 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-04-30 19:10 . 2012-04-30 19:10 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-04-30 19:10 . 2012-04-30 19:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_18.29.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-01 14:14 37486 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-01 14:14 36018 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-15 20:00 . 2012-06-30 22:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-15 20:00 . 2012-06-27 15:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-27 15:01 . 2012-06-30 22:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-27 15:01 . 2012-06-27 15:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-28 19:33 . 2012-06-28 19:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012062820120629\index.dat
- 2009-07-14 04:54 . 2012-06-27 15:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-30 22:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-15 20:31 . 2012-07-01 14:14 6102 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-790320148-693173899-1496283817-1002_UserData.bin
- 2012-06-27 18:29 . 2012-06-27 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-01 23:18 . 2012-07-01 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 18:29 . 2012-06-27 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-01 23:18 . 2012-07-01 23:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-01 23:17 400664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-27 15:48 400664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-16 01:23 . 2012-07-01 14:06 1152752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-15 20:28 . 2012-07-01 23:17 23922776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-790320148-693173899-1496283817-1002-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2012-6-15 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Polar WebSync.lnk - c:\program files (x86)\Polar\WebSync\WebSync.exe [2012-4-2 6184448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-12-15 14664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 116648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 257696]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 33888]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 116648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-10-20 291648]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-20 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-15 1052328]
S2 MSI_ODD_Service;MSI_ODD_Service;c:\program files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-05 76800]
S2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe [2012-04-02 411648]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2012-06-15 1600064]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 33888]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-11 60184]
S3 NTIOLib_X64;NTIOLib_X64;c:\program files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-01-18 14136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-06-16 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys [2011-09-15 100352]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys [2011-09-15 216064]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 16:35]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 21:33]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-26 21:33]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790320148-693173899-1496283817-1002Core.job
- c:\users\ThePedro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 01:47]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790320148-693173899-1496283817-1002UA.job
- c:\users\ThePedro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-17 01:47]
.
2012-06-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-05-22 07:09]
.
2012-07-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2012-05-22 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-03 6412904]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-20 1157224]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-12-15 12616]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ThePedro\AppData\Roaming\Mozilla\Firefox\Profiles\67qsmq1o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
Toolbar-Locked - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
AddRemove-Vuze_Remote Toolbar - c:\program files (x86)\Vuze_Remote\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\06\10\03\14&O"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-07-01 18:21:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 23:21
ComboFix2.txt 2012-07-01 14:10
.
Pre-Run: 658,537,218,048 bytes free
Post-Run: 658,336,821,248 bytes free
.
- - End Of File - - B138F4C67F7B071919474273E0231E4D

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 01 July 2012 - 08:59 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Aduren

Aduren
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 01 July 2012 - 09:51 PM

Thanks Gringo this is the log.

:-)

--------------ComboFix-------------------------------------------------------------------

Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Alienware Command Center
Avira Free Antivirus
Battlefield: Bad Company™ 2
Chessmaster Grandmaster Edition
Deep Fritz 12
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DVDFab 8.0.2.8 Beta (22/10/2010)
F.E.A.R. 3
Google Chrome
Google Earth Plug-in
Google Update Helper
High-Definition Video Playback
Intel® Processor Graphics
Java Auto Updater
Java™ 7 Update 1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSI ODD Monitor
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 ClipartPack
Nero 10 Kwik Themes 1
Nero 10 Kwik Themes 2
Nero 10 Kwik Themes 3
Nero 10 Kwik Themes 4
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 10 PiP EffectPack 1
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 10 Video TransitionPack 1
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Platinum HD
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NeroKwikMedia Help (CHM)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Polar Daemon
Polar WebSync
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Star Wars The Force Unleashed Ultimate Sith Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VirtualCloneDrive
VLC media player 2.0.1
Vuze
Vuze Remote Toolbar

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 01 July 2012 - 10:05 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

XXXX [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Aduren

Aduren
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 02 July 2012 - 06:20 AM

Hi Gringo, I installed Revo but was unable to find xxxx on the list to uninstall.

All other scanners went well and without any issue. Malwarebytes found KMService.exe

My computer is good, no slowing of performance, no overheating or using all of its resources. :-)



----------------------------------------------MAlwarebytes-----------------------------------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ThePedro :: THEPEDRO-PC [administrator]

7/2/2012 6:04:36 AM
mbam-log-2012-07-02 (06-04-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228779
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2396 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.

(end)


----------------------------------------------------HijackThis--------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:12:12 AM, on 7/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\ThePedro\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://AlienwareArena.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Polar WebSync.lnk = C:\Program Files (x86)\Polar\WebSync\WebSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Solar Keyboard Service (L4301_Solar) - Logitech, Inc. - C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
O23 - Service: lxec_device - Unknown owner - C:\Windows\system32\lxeccoms.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_ODD_Service - Micro-Star Int'l Co., Ltd. - c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Polar Daemon - Unknown owner - C:\Program Files (x86)\Polar\Daemon\polard.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11272 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 02 July 2012 - 01:15 PM

Greetings


very sorry XXX =

Java™ 7 Update 1
Vuze
Vuze Remote Toolbar



These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
      O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
      O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Aduren

Aduren
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 02 July 2012 - 08:22 PM

Hi Gringo I deleted the Hijackthis threads as I really didn't need any of those to start automatically.

ESENET found one thread

C:\Users\ThePedro\AppData\Local\{9DC6EDBA-C047-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan


Chrome is what my wife uses, and yesterday she so happened to search for a anime manga to read in some fishy looking website... But on the plus side this is the only thing ESENET found. And now that she's been banned from using it I expect to be safer. :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users