Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef trojan infection


  • This topic is locked This topic is locked
119 replies to this topic

#1 cheesehead9099

cheesehead9099

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 20 July 2012 - 10:27 PM

Hey everyone. Here's my problem (I've simply copied and pasted the diagnosis of the problem from my post in the "Am I infected" forum)
Link to post: http://www.bleepingcomputer.com/forums/topic461669.html


Here's the deal. Yesterday, at around 2:30am (meaning it was basically today,haha)I was on a video-streaming website watching TV shows, and I foolishly allowed the outdated Java script to run. After this, MSE, Windows Firewall, and Windows Update became disabled and i got error 0x80070424 when I tried to enable it. Scans with various programs showed that I had a decent amount of trojans. Then I decided to perform a system restore, and restored my PC to a restore point 2 days ago (july 18th). at this point, everything was working correcty, so i performed a scan with MSE and found the dreaded sirefef trojan. I deleted it, and to my surprise MSE actually said that it worked...and further scans showed up clean. I then did a scan with MBAM, and found a few trojans and adware programs that I promptly deleted..again it worked. i ran more and more scans throughout the day...and nothing was showing up - HOWEVER, during a full scan of MSE, my computer randomly restarted for no apparent reason...this has not happened since.

I've run scans with MBAM, MSE, HitmanPro, TDSSKiller, Norton Power Eraser, ESET Online Scanner (which found and removed a trojan and an adware program), EZ_Sirefix, ESESirefefRemover, SuperAntiSpyware, and ComboFix (I know I shouldn't have, but I did anyways - stupid, I know)
... and all of them have come up negative, other than the ESET Online scanner which i mentioned.

My question is: is it safe to say that my computer is free of this Sirefef/ZeroAccess malware, or should I simply do a nuke and pave (as I am aware that once the system is compromised with something like this, it really can't be trusted)?

also, if i were to do a nuke and pave, would it be safe for me to back up my documents? because the only thing that is important on my "infected" computer is some school documents..everything else is unimportant. will simple word documents and powerpoint files be infected as well?

thanks!

and just to add, i am running windows 7 x64

here are my DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Karanbir at 23:21:32 on 2012-07-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.5942.3607 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Karanbir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Karanbir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karanbir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1B10E8E7-6E18-4E26-8BB9-9048F14E710E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1B10E8E7-6E18-4E26-8BB9-9048F14E710E}\054435247457563747 : DhcpNameServer = 192.168.16.4 192.168.16.6
TCP: Interfaces\{1B10E8E7-6E18-4E26-8BB9-9048F14E710E}\055616368664963786D27657563747 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{1B10E8E7-6E18-4E26-8BB9-9048F14E710E}\157756374775966696 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{1B10E8E7-6E18-4E26-8BB9-9048F14E710E}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{1B10E8E7-6E18-4E26-8BB9-9048F14E710E}\25F6765627371313630313 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{1B10E8E7-6E18-4E26-8BB9-9048F14E710E}\378656271647F6E6 : DhcpNameServer = 4.53.41.66
TCP: Interfaces\{1B10E8E7-6E18-4E26-8BB9-9048F14E710E}\4656661657C647 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karanbir\AppData\Roaming\Mozilla\Firefox\Profiles\vydyowc8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-11 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-4 13336]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-4 2320920]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-5 1153368]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-21 00:28:24 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5024758-72C9-4D4F-B50A-5F9FE9378AA2}\offreg.dll
2012-07-21 00:27:34 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5024758-72C9-4D4F-B50A-5F9FE9378AA2}\mpengine.dll
2012-07-21 00:15:09 98816 ----a-w- C:\Windows\sed.exe
2012-07-21 00:15:09 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-21 00:15:09 256000 ----a-w- C:\Windows\PEV.exe
2012-07-21 00:15:09 208896 ----a-w- C:\Windows\MBR.exe
2012-07-20 20:02:52 -------- d-----w- C:\FRST
2012-07-20 19:05:53 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-20 18:50:27 -------- d-----w- C:\Users\Karanbir\AppData\Roaming\SUPERAntiSpyware.com
2012-07-20 18:50:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-20 18:50:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-20 17:25:59 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-20 17:25:59 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-20 07:54:56 -------- d-----w- C:\Program Files\HitmanPro
2012-07-20 07:52:39 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-20 07:16:09 -------- d-----w- C:\Users\Karanbir\AppData\Local\NPE
2012-07-20 06:54:13 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 06:41:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-20 06:19:35 -------- d-----w- C:\Users\Karanbir\AppData\Local\ElevatedDiagnostics
2012-07-20 05:53:40 -------- d-----w- C:\Users\Karanbir\AppData\Local\{F4C346B1-D22E-11E1-8270-B8AC6F996F26}
2012-07-20 05:51:40 -------- d-----w- C:\Users\Karanbir\AppData\Local\{F4C314F9-D22E-11E1-8270-B8AC6F996F26}
2012-07-20 04:36:20 -------- d-----w- C:\Users\Karanbir\AppData\Local\{DA1BC50E-980B-460B-887F-DEAEB7B464AC}
2012-07-20 04:36:07 -------- d-----w- C:\Users\Karanbir\AppData\Local\{17957705-AC87-49B5-B980-5B72FF4BD9A6}
2012-07-19 05:21:15 -------- d-----w- C:\Users\Karanbir\AppData\Local\{2499F575-87B1-4DAC-880E-C090D4CDBC79}
2012-07-19 05:21:05 -------- d-----w- C:\Users\Karanbir\AppData\Local\{8FC3423A-F623-435F-9683-AF547AE4C350}
2012-07-18 17:20:30 -------- d-----w- C:\Users\Karanbir\AppData\Local\{908EA756-7192-422D-9BB0-3B2396E6DC11}
2012-07-18 17:20:20 -------- d-----w- C:\Users\Karanbir\AppData\Local\{7D82BA72-E509-4984-94BE-9B4CA14A426A}
2012-07-16 21:41:40 -------- d-----w- C:\Users\Karanbir\AppData\Local\{849F53D2-B558-493D-A6FA-3012C35E7868}
2012-07-16 21:41:31 -------- d-----w- C:\Users\Karanbir\AppData\Local\{D0E3A267-FD28-4FB2-97D0-8017765FB2C4}
2012-07-15 21:06:04 -------- d-----w- C:\Users\Karanbir\AppData\Local\{367AED7D-23AA-4CE5-B9A6-D1A0441CC5E5}
2012-07-15 21:05:53 -------- d-----w- C:\Users\Karanbir\AppData\Local\{56EDF668-D3C6-4792-942B-2DF33010634B}
2012-07-14 18:42:09 -------- d-----w- C:\Users\Karanbir\AppData\Local\{F4E598C6-A397-46E9-BA6B-9ADB664CB93C}
2012-07-14 18:41:58 -------- d-----w- C:\Users\Karanbir\AppData\Local\{CD49B0DB-2C2D-4301-8F67-9A89B521BC56}
2012-07-13 23:27:18 -------- d-----w- C:\Users\Karanbir\AppData\Local\{B64BC966-8D36-47B1-BB3F-FF8140A76E2B}
2012-07-13 23:27:08 -------- d-----w- C:\Users\Karanbir\AppData\Local\{59697213-932C-4935-9F2C-244755127184}
2012-07-12 23:41:02 -------- d-----w- C:\Users\Karanbir\AppData\Local\{ABA83E2F-B536-44F4-9D4A-1D59A0366C7C}
2012-07-12 23:40:52 -------- d-----w- C:\Users\Karanbir\AppData\Local\{3F5D5347-C528-4A5C-B6EC-25158A2C2510}
2012-07-11 04:04:13 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 03:58:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-07-11 02:41:36 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 02:41:36 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 02:41:35 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 02:41:35 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 02:40:59 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 02:40:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 02:40:59 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 02:40:58 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 02:40:58 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 02:40:58 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 02:40:58 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-11 02:40:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 02:40:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 02:40:56 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 02:40:54 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 02:35:04 -------- d-----w- C:\Users\Karanbir\AppData\Local\{2D6A7F8A-4FF3-4BA2-9029-33B16DA4234A}
2012-07-11 02:34:49 -------- d-----w- C:\Users\Karanbir\AppData\Local\{273A18D6-0D92-4A8B-8D13-1DDBF5BFD327}
2012-07-09 23:12:50 -------- d-----w- C:\Users\Karanbir\AppData\Local\{05646279-BDC0-403F-AFB3-2F5726BCBBA2}
2012-07-09 23:12:40 -------- d-----w- C:\Users\Karanbir\AppData\Local\{6B786A15-8F93-40F2-AF6B-EA5AD18C9C83}
2012-07-08 18:49:26 -------- d-----w- C:\Users\Karanbir\AppData\Local\{9896AA7C-7DDD-4AF0-AFDE-D55A9F8ED25E}
2012-07-08 18:49:11 -------- d-----w- C:\Users\Karanbir\AppData\Local\{DF2583CD-F4EE-4066-9831-C7DBC8ADDFB8}
2012-07-08 06:42:26 -------- d-----w- C:\Users\Karanbir\AppData\Local\{AB288C42-C8AC-4D1A-A843-1CA04CF7525F}
2012-07-08 06:42:13 -------- d-----w- C:\Users\Karanbir\AppData\Local\{B673950F-5D83-48C2-8249-59BD47CE1A3D}
2012-07-07 18:42:02 -------- d-----w- C:\Users\Karanbir\AppData\Local\{DDB71713-A4FF-4285-8DAF-2C5538E55791}
2012-07-07 18:41:52 -------- d-----w- C:\Users\Karanbir\AppData\Local\{D8DC55C0-ADB9-4BBF-8028-502087BC83F2}
2012-07-07 02:26:22 -------- d-----w- C:\Users\Karanbir\AppData\Local\{0268EBD9-D74B-4056-85D3-55C56AF13593}
2012-07-07 02:26:13 -------- d-----w- C:\Users\Karanbir\AppData\Local\{C970E866-941F-44BF-997A-C906F2D8482B}
2012-07-07 02:26:01 -------- d-----w- C:\Users\Karanbir\AppData\Local\{6690E933-E572-4EEF-9F6B-02DFED8212A3}
2012-07-06 02:49:17 -------- d-----w- C:\Users\Karanbir\AppData\Local\Macromedia
2012-07-05 22:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-05 22:40:50 -------- d-----w- C:\Users\Karanbir\AppData\Local\{30F687F3-452E-4082-82FE-2AA6EEE97060}
2012-07-05 22:40:40 -------- d-----w- C:\Users\Karanbir\AppData\Local\{B61B53C8-A395-4D1A-808F-A0D4BA07B96A}
2012-07-04 23:23:25 -------- d-----w- C:\Users\Karanbir\AppData\Local\{820E17F3-938D-4806-A5DF-8D07BF8EA7D9}
2012-07-04 23:23:14 -------- d-----w- C:\Users\Karanbir\AppData\Local\{0FCE677D-80AA-4EAE-AA01-B5709945F63B}
2012-07-03 23:54:10 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEF0A2A4-53A6-4628-9F40-712AE5B20A3D}\gapaengine.dll
2012-07-03 23:44:38 -------- d-----w- C:\Users\Karanbir\AppData\Local\{A450C4B0-11FE-4830-B83F-FE43717A6DD5}
2012-07-03 23:44:26 -------- d-----w- C:\Users\Karanbir\AppData\Local\{FA9AFA18-3AEF-480B-ADD0-EB20FF2EA221}
2012-07-02 22:59:25 -------- d-----w- C:\Users\Karanbir\AppData\Local\{594470E3-31AF-4444-BCA2-A7BC7943D532}
2012-07-02 22:59:13 -------- d-----w- C:\Users\Karanbir\AppData\Local\{498823F2-9762-4D78-9C27-C6B2324EC8EB}
2012-07-01 23:02:17 -------- d-----w- C:\Users\Karanbir\AppData\Local\{FABB0115-FCAA-43E0-9E5F-D2BF0B244E29}
2012-07-01 23:02:04 -------- d-----w- C:\Users\Karanbir\AppData\Local\{5C2F4C52-0E41-4B51-8F12-A46D37B7B51F}
2012-07-01 05:12:08 -------- d-----w- C:\Users\Karanbir\AppData\Local\{0DDF3E19-3019-4C5B-8EEC-62A413780B0E}
2012-07-01 05:11:48 -------- d-----w- C:\Users\Karanbir\AppData\Local\{614F0757-41C7-417E-A95D-FCA7AB462D78}
2012-06-30 15:58:13 -------- d-----w- C:\Users\Karanbir\AppData\Local\{D9A505AD-3D5B-4167-87F2-4A94EF73206F}
2012-06-30 15:58:01 -------- d-----w- C:\Users\Karanbir\AppData\Local\{076EE3BD-9B32-4797-A1E4-2ADDCD789BC1}
2012-06-30 15:57:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-28 18:58:24 -------- d-----w- C:\Users\Karanbir\AppData\Local\{2201D667-4FE4-4ECF-B7E1-EB59DBDF8328}
2012-06-28 18:58:11 -------- d-----w- C:\Users\Karanbir\AppData\Local\{3964D54F-3003-4E95-A87C-45E5B08A7A58}
2012-06-27 21:16:24 -------- d-----w- C:\Users\Karanbir\AppData\Local\{CA8FB17F-74FA-45F3-8216-C7E1AE717C86}
2012-06-27 21:16:12 -------- d-----w- C:\Users\Karanbir\AppData\Local\{A7CE0FC5-4EA2-4012-8E1C-BFA65337DEBE}
2012-06-26 21:17:09 -------- d-----w- C:\Users\Karanbir\AppData\Local\{E6E6AE4E-856E-4259-8BFC-F6A88BC32C1C}
2012-06-25 18:35:31 -------- d-----w- C:\Users\Karanbir\AppData\Local\{AFD982C9-98D7-4D5A-8108-9173D3A20488}
2012-06-25 18:35:19 -------- d-----w- C:\Users\Karanbir\AppData\Local\{6902801E-43E4-4EBE-9350-5CEB3E83E24A}
2012-06-25 00:32:25 -------- d-----w- C:\Users\Karanbir\AppData\Local\{5B72E059-2C07-45E6-B029-31C3C0FA46B6}
2012-06-25 00:32:14 -------- d-----w- C:\Users\Karanbir\AppData\Local\{A448A1C0-194B-4831-AEDA-7DD17BBA05B2}
2012-06-25 00:29:19 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8f507a8b1cd526905\MeshBetaRemover.exe
2012-06-24 17:39:30 -------- d-----w- C:\Users\Karanbir\AppData\Local\{64EF0696-5BC8-4A87-BE2F-64EFB6AA7A1F}
2012-06-23 23:14:26 -------- d-----w- C:\Users\Karanbir\AppData\Local\{B62ABCCF-1A45-4B64-8E37-EC7B41792F71}
2012-06-23 03:06:17 -------- d-----w- C:\Users\Karanbir\AppData\Local\{0FCF16EB-2EE6-48E7-8490-A1499325AF46}
2012-06-23 03:06:07 -------- d-----w- C:\Users\Karanbir\AppData\Local\{60604845-AEB2-44A6-ADBB-FD4655C1044E}
2012-06-21 19:32:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 19:31:57 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 19:31:23 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 19:31:23 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 19:28:52 -------- d-----w- C:\Users\Karanbir\AppData\Local\{B944F7E7-66C5-4991-A902-AFF0258EF5E1}
2012-06-21 19:28:38 -------- d-----w- C:\Users\Karanbir\AppData\Local\{89452482-209C-4E43-90E9-E6DDC963278F}
.
==================== Find3M ====================
.
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 15:57:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2010-10-16 22:19:48 328568 ----a-w- C:\Program Files\uTorrent.exe
.
============= FINISH: 23:22:16.95 ===============



Thanks so much for any help you can give me :)

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 25 July 2012 - 10:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461689 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 cheesehead9099

cheesehead9099
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 25 July 2012 - 11:27 PM

I have not turned the computer on since posting my logs, but I will post updated logs tomorrow anyways. I am just replying to let you guys know that I still need help

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 26 July 2012 - 12:21 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cheesehead9099

cheesehead9099
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 26 July 2012 - 12:51 PM

Here are the FRST logs. I will post the updated DDS and Attach logs later.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 13:42:16
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-11-19] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-17] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-09-10] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-09-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-09-10] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [414744 2010-09-10] (Intel Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-24] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-24] (Hewlett-Packard Developement Company, L.P.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [95976 2011-03-24] (SANDBOXIE L.T.D)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-18] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [32880 2010-07-14] (Windows ® Win 7 DDK provider)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 HidUsb; C:\Windows\SysWow64\Drivers\HidUsb.sys [14256 2000-06-08] (Microsoft Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [148072 2011-03-24] (SANDBOXIE L.T.D)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-26 09:24 - 2012-07-26 09:24 - 00014362 ____A C:\Users\Karanbir\Desktop\Attach2.txt
2012-07-21 09:59 - 2012-07-21 09:59 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-07-21 09:39 - 2012-07-21 09:39 - 00002107 ____A C:\Users\Karanbir\Desktop\aswMBR.txt
2012-07-21 09:39 - 2012-07-21 09:39 - 00000512 ____A C:\Users\Karanbir\Desktop\MBR.dat
2012-07-21 09:07 - 2012-07-21 09:07 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-07-20 19:23 - 2012-07-20 19:23 - 00030471 ____A C:\Users\Karanbir\Desktop\DDS.txt
2012-07-20 19:23 - 2012-07-20 19:23 - 00011635 ____A C:\Users\Karanbir\Desktop\Attach.txt
2012-07-20 19:21 - 2012-07-20 19:21 - 00607260 ____R (Swearware) C:\Users\Karanbir\Desktop\dds.scr
2012-07-20 19:19 - 2012-07-20 19:19 - 00050477 ____A C:\Users\Karanbir\Downloads\Defogger.exe
2012-07-20 19:19 - 2012-07-20 19:19 - 00000478 ____A C:\Users\Karanbir\Downloads\defogger_disable.log
2012-07-20 19:19 - 2012-07-20 19:19 - 00000000 ____A C:\Users\Karanbir\defogger_reenable
2012-07-20 16:43 - 2012-07-20 16:43 - 00000000 ____D C:\Users\Karanbir\Documents\Freemake
2012-07-20 16:25 - 2012-07-20 16:25 - 00023365 ____A C:\ComboFix.txt
2012-07-20 16:15 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-20 16:15 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-20 16:15 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-20 16:15 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-20 16:15 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-20 16:15 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-20 16:15 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-20 16:15 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-20 16:14 - 2012-07-20 16:25 - 00000000 ____D C:\Qoobox
2012-07-20 16:14 - 2012-07-20 16:24 - 00000000 ____D C:\Windows\erdnt
2012-07-20 15:43 - 2012-07-20 15:43 - 00138120 ____A (ESET) C:\Users\Karanbir\Downloads\ESETSirefefRemover.exe
2012-07-20 14:21 - 2012-07-20 14:21 - 04582461 ____R (Swearware) C:\Users\Karanbir\Downloads\ComboFix.exe
2012-07-20 12:04 - 2012-07-20 12:04 - 00034172 ____A C:\Users\Karanbir\Downloads\FRST.txt
2012-07-20 12:02 - 2012-07-20 12:02 - 01437549 ____A (Farbar) C:\Users\Karanbir\Downloads\farbar.exe
2012-07-20 12:02 - 2012-07-20 12:02 - 00000000 ____D C:\FRST
2012-07-20 11:05 - 2012-07-20 11:05 - 02322184 ____A (ESET) C:\Users\Karanbir\Downloads\esetsmartinstaller_enu.exe
2012-07-20 11:05 - 2012-07-20 11:05 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-20 10:52 - 2012-07-20 10:52 - 01144963 ____A C:\Users\Karanbir\Downloads\ProcessExplorer (1).zip
2012-07-20 10:50 - 2012-07-20 10:50 - 00000000 ____D C:\Users\Karanbir\AppData\Roaming\SUPERAntiSpyware.com
2012-07-20 10:50 - 2012-07-20 10:50 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-07-20 10:50 - 2012-07-20 10:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-07-20 10:48 - 2012-07-20 10:48 - 18703024 ____A (SUPERAntiSpyware.com) C:\Users\Karanbir\Downloads\SUPERAntiSpyware.exe
2012-07-20 10:46 - 2012-07-20 10:46 - 01012656 ____A C:\Users\Karanbir\Downloads\rkill.exe
2012-07-20 10:46 - 2012-07-20 10:46 - 00000312 ____A C:\rkill.log
2012-07-20 09:30 - 2012-07-20 09:31 - 00278688 ____A C:\Windows\Minidump\072012-43352-01.dmp
2012-07-20 09:30 - 2012-07-20 09:30 - 606670788 ____A C:\Windows\MEMORY.DMP
2012-07-20 09:30 - 2012-07-20 09:30 - 00000000 ____D C:\Windows\Minidump
2012-07-20 09:25 - 2012-07-20 09:25 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-20 09:25 - 2012-07-20 09:25 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-20 09:25 - 2012-07-20 09:25 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-20 09:24 - 2012-07-20 09:24 - 21869552 ____A (Oracle Corporation) C:\Users\Karanbir\Downloads\jre-7u5-windows-x64.exe
2012-07-20 09:15 - 2012-07-20 09:15 - 04731392 ____A (AVAST Software) C:\Users\Karanbir\Downloads\aswMBR.exe
2012-07-19 23:54 - 2012-07-19 23:55 - 00000000 ____D C:\Program Files\HitmanPro
2012-07-19 23:52 - 2012-07-21 09:59 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-19 23:52 - 2012-07-19 23:52 - 08834304 ____A (SurfRight B.V.) C:\Users\Karanbir\Downloads\HitmanPro36_x64.exe
2012-07-19 23:26 - 2012-07-19 23:26 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Karanbir\Downloads\tdsskiller.exe
2012-07-19 23:25 - 2012-07-19 23:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Karanbir\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-19 23:16 - 2012-07-20 19:40 - 00000000 ____D C:\Users\Karanbir\AppData\Local\NPE
2012-07-19 23:15 - 2012-07-19 23:15 - 02841104 ____A (Symantec Corporation) C:\Users\Karanbir\Downloads\NPE.exe
2012-07-19 22:41 - 2012-07-19 23:28 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-19 22:40 - 2012-07-19 22:40 - 02117152 ____A C:\Users\Karanbir\Downloads\tdsskiller.zip
2012-07-19 21:53 - 2012-07-19 22:52 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{F4C346B1-D22E-11E1-8270-B8AC6F996F26}
2012-07-19 21:51 - 2012-07-19 22:52 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{F4C314F9-D22E-11E1-8270-B8AC6F996F26}
2012-07-19 20:36 - 2012-07-19 20:36 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{DA1BC50E-980B-460B-887F-DEAEB7B464AC}
2012-07-19 20:36 - 2012-07-19 20:36 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{17957705-AC87-49B5-B980-5B72FF4BD9A6}
2012-07-18 21:21 - 2012-07-18 21:21 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{8FC3423A-F623-435F-9683-AF547AE4C350}
2012-07-18 21:21 - 2012-07-18 21:21 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{2499F575-87B1-4DAC-880E-C090D4CDBC79}
2012-07-18 09:20 - 2012-07-18 09:20 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{908EA756-7192-422D-9BB0-3B2396E6DC11}
2012-07-18 09:20 - 2012-07-18 09:20 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{7D82BA72-E509-4984-94BE-9B4CA14A426A}
2012-07-16 13:41 - 2012-07-16 13:41 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{D0E3A267-FD28-4FB2-97D0-8017765FB2C4}
2012-07-16 13:41 - 2012-07-16 13:41 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{849F53D2-B558-493D-A6FA-3012C35E7868}
2012-07-15 13:06 - 2012-07-15 13:06 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{367AED7D-23AA-4CE5-B9A6-D1A0441CC5E5}
2012-07-15 13:05 - 2012-07-15 13:06 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{56EDF668-D3C6-4792-942B-2DF33010634B}
2012-07-14 10:42 - 2012-07-14 10:42 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{F4E598C6-A397-46E9-BA6B-9ADB664CB93C}
2012-07-14 10:41 - 2012-07-14 10:42 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{CD49B0DB-2C2D-4301-8F67-9A89B521BC56}
2012-07-13 16:19 - 2012-07-13 16:19 - 00219648 ____A C:\Users\Karanbir\Downloads\Oct 3 Presentation.ppt
2012-07-13 15:27 - 2012-07-13 15:27 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{B64BC966-8D36-47B1-BB3F-FF8140A76E2B}
2012-07-13 15:27 - 2012-07-13 15:27 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{59697213-932C-4935-9F2C-244755127184}
2012-07-12 15:41 - 2012-07-12 15:41 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{ABA83E2F-B536-44F4-9D4A-1D59A0366C7C}
2012-07-12 15:40 - 2012-07-12 15:41 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{3F5D5347-C528-4A5C-B6EC-25158A2C2510}
2012-07-10 20:04 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 19:59 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 19:59 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 19:59 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 19:59 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 19:59 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 19:59 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 19:59 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 19:59 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 19:59 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 19:59 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 19:59 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 19:59 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 19:59 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 19:59 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 19:59 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 19:59 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 19:59 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 19:59 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 19:59 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 19:59 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 19:59 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 19:59 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 19:59 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 19:59 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 19:58 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 19:58 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 19:58 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 19:58 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 18:41 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 18:41 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 18:41 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 18:41 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 18:41 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 18:41 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 18:40 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 18:40 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 18:40 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 18:40 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 18:40 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 18:40 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 18:40 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 18:40 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 18:40 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 18:35 - 2012-07-10 18:35 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{2D6A7F8A-4FF3-4BA2-9029-33B16DA4234A}
2012-07-10 18:34 - 2012-07-10 18:34 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{273A18D6-0D92-4A8B-8D13-1DDBF5BFD327}
2012-07-09 15:12 - 2012-07-09 15:12 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{6B786A15-8F93-40F2-AF6B-EA5AD18C9C83}
2012-07-09 15:12 - 2012-07-09 15:12 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{05646279-BDC0-403F-AFB3-2F5726BCBBA2}
2012-07-08 10:49 - 2012-07-08 10:49 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{DF2583CD-F4EE-4066-9831-C7DBC8ADDFB8}
2012-07-08 10:49 - 2012-07-08 10:49 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{9896AA7C-7DDD-4AF0-AFDE-D55A9F8ED25E}
2012-07-07 22:42 - 2012-07-07 22:42 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{B673950F-5D83-48C2-8249-59BD47CE1A3D}
2012-07-07 22:42 - 2012-07-07 22:42 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{AB288C42-C8AC-4D1A-A843-1CA04CF7525F}
2012-07-07 10:42 - 2012-07-07 10:42 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{DDB71713-A4FF-4285-8DAF-2C5538E55791}
2012-07-07 10:41 - 2012-07-07 10:42 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{D8DC55C0-ADB9-4BBF-8028-502087BC83F2}
2012-07-06 18:26 - 2012-07-06 18:26 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{C970E866-941F-44BF-997A-C906F2D8482B}
2012-07-06 18:26 - 2012-07-06 18:26 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{6690E933-E572-4EEF-9F6B-02DFED8212A3}
2012-07-06 18:26 - 2012-07-06 18:26 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{0268EBD9-D74B-4056-85D3-55C56AF13593}
2012-07-05 18:49 - 2012-07-05 18:49 - 00000000 ____D C:\Users\Karanbir\AppData\Local\Macromedia
2012-07-05 14:40 - 2012-07-05 14:40 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{B61B53C8-A395-4D1A-808F-A0D4BA07B96A}
2012-07-05 14:40 - 2012-07-05 14:40 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{30F687F3-452E-4082-82FE-2AA6EEE97060}
2012-07-04 15:23 - 2012-07-04 15:23 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{820E17F3-938D-4806-A5DF-8D07BF8EA7D9}
2012-07-04 15:23 - 2012-07-04 15:23 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{0FCE677D-80AA-4EAE-AA01-B5709945F63B}
2012-07-03 15:44 - 2012-07-03 15:44 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{FA9AFA18-3AEF-480B-ADD0-EB20FF2EA221}
2012-07-03 15:44 - 2012-07-03 15:44 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{A450C4B0-11FE-4830-B83F-FE43717A6DD5}
2012-07-02 14:59 - 2012-07-02 14:59 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{594470E3-31AF-4444-BCA2-A7BC7943D532}
2012-07-02 14:59 - 2012-07-02 14:59 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{498823F2-9762-4D78-9C27-C6B2324EC8EB}
2012-07-01 15:02 - 2012-07-01 15:02 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{FABB0115-FCAA-43E0-9E5F-D2BF0B244E29}
2012-07-01 15:02 - 2012-07-01 15:02 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{5C2F4C52-0E41-4B51-8F12-A46D37B7B51F}
2012-06-30 21:12 - 2012-06-30 21:12 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{0DDF3E19-3019-4C5B-8EEC-62A413780B0E}
2012-06-30 21:11 - 2012-06-30 21:12 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{614F0757-41C7-417E-A95D-FCA7AB462D78}
2012-06-30 07:58 - 2012-06-30 07:58 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{D9A505AD-3D5B-4167-87F2-4A94EF73206F}
2012-06-30 07:58 - 2012-06-30 07:58 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{076EE3BD-9B32-4797-A1E4-2ADDCD789BC1}
2012-06-30 07:57 - 2012-06-30 07:57 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-30 07:57 - 2012-06-30 07:57 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-28 10:58 - 2012-06-28 10:58 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{3964D54F-3003-4E95-A87C-45E5B08A7A58}
2012-06-28 10:58 - 2012-06-28 10:58 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{2201D667-4FE4-4ECF-B7E1-EB59DBDF8328}
2012-06-27 13:16 - 2012-06-27 13:16 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{CA8FB17F-74FA-45F3-8216-C7E1AE717C86}
2012-06-27 13:16 - 2012-06-27 13:16 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{A7CE0FC5-4EA2-4012-8E1C-BFA65337DEBE}
2012-06-26 13:17 - 2012-06-26 13:17 - 00000000 ____D C:\Users\Karanbir\AppData\Local\{E6E6AE4E-856E-4259-8BFC-F6A88BC32C1C}


============ 3 Months Modified Files ========================

2012-07-26 09:25 - 2010-08-04 07:02 - 01561715 ____A C:\Windows\WindowsUpdate.log
2012-07-26 09:24 - 2012-07-26 09:24 - 00028356 ____A C:\Users\Karanbir\Desktop\DDS2.txt
2012-07-26 09:24 - 2012-07-26 09:24 - 00014362 ____A C:\Users\Karanbir\Desktop\Attach2.txt
2012-07-26 09:12 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 09:12 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 09:04 - 2012-02-25 12:00 - 00023580 ____A C:\Windows\setupact.log
2012-07-26 09:04 - 2011-11-20 11:24 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForKaranbir.job
2012-07-26 09:04 - 2011-05-03 06:25 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-26 09:04 - 2011-01-02 00:36 - 00000330 ____A C:\Windows\Tasks\GlaryInitialize.job
2012-07-26 09:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-22 17:30 - 2011-11-13 08:42 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-22 17:30 - 2010-09-10 20:03 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-22 17:24 - 2009-07-13 21:13 - 00782766 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-21 09:59 - 2012-07-21 09:59 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-07-21 09:39 - 2012-07-21 09:39 - 00002107 ____A C:\Users\Karanbir\Desktop\aswMBR.txt
2012-07-21 09:39 - 2012-07-21 09:39 - 00000512 ____A C:\Users\Karanbir\Desktop\MBR.dat
2012-07-21 08:46 - 2010-10-01 10:40 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069413089-568081338-4011474029-1000UA.job
2012-07-20 19:34 - 2012-05-09 04:47 - 00002778 ____A C:\Windows\PFRO.log
2012-07-20 19:23 - 2012-07-20 19:23 - 00030471 ____A C:\Users\Karanbir\Desktop\DDS.txt
2012-07-20 19:23 - 2012-07-20 19:23 - 00011635 ____A C:\Users\Karanbir\Desktop\Attach.txt
2012-07-20 19:21 - 2012-07-20 19:21 - 00607260 ____R (Swearware) C:\Users\Karanbir\Desktop\dds.scr
2012-07-20 19:19 - 2012-07-20 19:19 - 00050477 ____A C:\Users\Karanbir\Downloads\Defogger.exe
2012-07-20 19:19 - 2012-07-20 19:19 - 00000478 ____A C:\Users\Karanbir\Downloads\defogger_disable.log
2012-07-20 19:19 - 2012-07-20 19:19 - 00000000 ____A C:\Users\Karanbir\defogger_reenable
2012-07-20 19:04 - 2011-05-03 06:25 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-20 16:25 - 2012-07-20 16:25 - 00023365 ____A C:\ComboFix.txt
2012-07-20 16:23 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-20 15:43 - 2012-07-20 15:43 - 00138120 ____A (ESET) C:\Users\Karanbir\Downloads\ESETSirefefRemover.exe
2012-07-20 14:21 - 2012-07-20 14:21 - 04582461 ____R (Swearware) C:\Users\Karanbir\Downloads\ComboFix.exe
2012-07-20 12:04 - 2012-07-20 12:04 - 00034172 ____A C:\Users\Karanbir\Downloads\FRST.txt
2012-07-20 12:02 - 2012-07-20 12:02 - 01437549 ____A (Farbar) C:\Users\Karanbir\Downloads\farbar.exe
2012-07-20 11:05 - 2012-07-20 11:05 - 02322184 ____A (ESET) C:\Users\Karanbir\Downloads\esetsmartinstaller_enu.exe
2012-07-20 10:52 - 2012-07-20 10:52 - 01144963 ____A C:\Users\Karanbir\Downloads\ProcessExplorer (1).zip
2012-07-20 10:48 - 2012-07-20 10:48 - 18703024 ____A (SUPERAntiSpyware.com) C:\Users\Karanbir\Downloads\SUPERAntiSpyware.exe
2012-07-20 10:46 - 2012-07-20 10:46 - 01012656 ____A C:\Users\Karanbir\Downloads\rkill.exe
2012-07-20 10:46 - 2012-07-20 10:46 - 00000312 ____A C:\rkill.log
2012-07-20 09:31 - 2012-07-20 09:30 - 00278688 ____A C:\Windows\Minidump\072012-43352-01.dmp
2012-07-20 09:30 - 2012-07-20 09:30 - 606670788 ____A C:\Windows\MEMORY.DMP
2012-07-20 09:25 - 2012-07-20 09:25 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-20 09:25 - 2012-07-20 09:25 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-20 09:25 - 2012-07-20 09:25 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-20 09:25 - 2010-05-28 12:49 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-20 09:25 - 2010-05-28 12:49 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-20 09:24 - 2012-07-20 09:24 - 21869552 ____A (Oracle Corporation) C:\Users\Karanbir\Downloads\jre-7u5-windows-x64.exe
2012-07-20 09:15 - 2012-07-20 09:15 - 04731392 ____A (AVAST Software) C:\Users\Karanbir\Downloads\aswMBR.exe
2012-07-19 23:52 - 2012-07-19 23:52 - 08834304 ____A (SurfRight B.V.) C:\Users\Karanbir\Downloads\HitmanPro36_x64.exe
2012-07-19 23:26 - 2012-07-19 23:26 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Karanbir\Downloads\tdsskiller.exe
2012-07-19 23:25 - 2012-07-19 23:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Karanbir\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-19 23:15 - 2012-07-19 23:15 - 02841104 ____A (Symantec Corporation) C:\Users\Karanbir\Downloads\NPE.exe
2012-07-19 22:40 - 2012-07-19 22:40 - 02117152 ____A C:\Users\Karanbir\Downloads\tdsskiller.zip
2012-07-16 19:46 - 2010-10-01 10:40 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069413089-568081338-4011474029-1000Core.job
2012-07-13 16:19 - 2012-07-13 16:19 - 00219648 ____A C:\Users\Karanbir\Downloads\Oct 3 Presentation.ppt
2012-07-12 15:27 - 2009-07-13 20:45 - 05049832 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 20:00 - 2010-09-11 20:57 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 09:46 - 2010-11-04 14:54 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 07:57 - 2012-06-30 07:57 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-30 07:57 - 2011-05-15 09:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-24 16:30 - 2012-06-02 15:03 - 00000766 ____A C:\Windows\DirectX.log
2012-06-24 16:28 - 2012-06-24 16:28 - 01287528 ____A (Microsoft Corporation) C:\Users\Karanbir\Downloads\wlsetup-web.exe
2012-06-11 19:02 - 2012-07-10 20:04 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-10 18:41 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 18:41 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-10 18:41 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 18:41 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 18:41 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 18:41 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-21 11:32 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:32 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:32 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 11:32 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 11:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 11:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 19:58 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 19:58 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 19:59 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 19:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 19:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 19:59 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 19:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 19:59 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 19:59 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 19:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 19:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 19:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 19:59 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 19:58 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 19:58 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 19:59 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 19:59 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 19:59 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 19:59 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 19:59 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 19:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 19:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 19:59 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 19:59 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 19:59 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 19:59 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 19:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-10 18:40 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 18:40 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 18:40 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 18:40 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 18:40 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 18:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 18:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 18:40 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 18:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 08:03 - 2012-06-01 08:01 - 00032768 ____A C:\Users\Karanbir\Downloads\Projected_Financial_Statement_Examples_-.xls
2012-05-12 16:04 - 2012-05-12 16:04 - 01247245 ____A C:\Users\Karanbir\Downloads\IBT Portfolio.pptx
2012-05-08 15:14 - 2012-05-08 15:13 - 05399104 ____A C:\Users\Karanbir\Downloads\YTDSetup.exe
2012-05-04 02:52 - 2012-06-12 13:32 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-12 13:32 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-12 13:32 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 21:32 - 2012-06-12 13:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 12:56 - 2011-01-25 14:58 - 00788548 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-28 12:56 - 2011-01-25 14:58 - 00001945 ____A C:\Windows\epplauncher.mif
2012-04-28 11:43 - 2009-07-13 21:08 - 00032552 ____A C:\Windows\Tasks\SCHEDLGU.TXT

ZeroAccess:
C:\Users\Karanbir\AppData\Local\{e9377798-1339-55bc-e606-ea75b7c7087e}
C:\Users\Karanbir\AppData\Local\{e9377798-1339-55bc-e606-ea75b7c7087e}\@
C:\Users\Karanbir\AppData\Local\{e9377798-1339-55bc-e606-ea75b7c7087e}\L
C:\Users\Karanbir\AppData\Local\{e9377798-1339-55bc-e606-ea75b7c7087e}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 5941.61 MB
Available physical RAM: 5092.17 MB
Total Pagefile: 5939.76 MB
Available Pagefile: 5102.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:581.1 GB) (Free:477.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.78 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (Kingston) (Removable) (Total:0.24 GB) (Free:0.22 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 243 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 581 GB 200 MB
Partition 3 Primary 14 GB 581 GB
Partition 4 Primary 103 MB 596 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 581 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 243 MB 2048 B

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Kingston FAT Removable 243 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 19:50

======================= End Of Log ==========================

Here is the search log:
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 13:43:00
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-07-20 16:24] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======




Thanks for your help

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 26 July 2012 - 01:06 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Users\Karanbir\AppData\Local\{e9377798-1339-55bc-e606-ea75b7c7087e}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cheesehead9099

cheesehead9099
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 26 July 2012 - 06:47 PM

here is the fixlist log

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 19:44:15 Run:1
Running from H:\

==============================================

C:\Users\Karanbir\AppData\Local\{e9377798-1339-55bc-e606-ea75b7c7087e} moved successfully.

==== End of Fixlog ====


I would also like to ask: Do you think it would be best to simply do a full format and reinstall of Windows?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 26 July 2012 - 08:32 PM

Hello

I don't think a format is needed but if that is what will make you feel better then that is what I would do

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cheesehead9099

cheesehead9099
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 26 July 2012 - 08:48 PM

I will post the combofix log later, but as I said, I've already run it before. Do you want me to post that one as well?

I think I may just go with a full format and reinstall. Is it okay if I backup school documents such as word docs and powerpoint files as well as some important family pictures, or can those be infected as well?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 26 July 2012 - 09:31 PM

Those should be safe to backup but I would scan them before you back them up and before you put them on the new install



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cheesehead9099

cheesehead9099
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 26 July 2012 - 10:23 PM

I still want to try and cure my PC, if possible.
Here is my combofix log:


ComboFix 12-07-27.02 - Karanbir 26/07/2012 22:58:14.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.5942.4314 [GMT -4:00]
Running from: c:\users\Karanbir\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 03:04 . 2012-07-27 03:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 02:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{296DBF3C-E0AE-40C9-BB13-B42DAB2A4DB7}\mpengine.dll
2012-07-23 01:29 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-21 17:59 . 2012-07-21 17:59 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-20 20:02 . 2012-07-20 20:02 -------- d-----w- C:\FRST
2012-07-20 19:05 . 2012-07-20 19:05 -------- d-----w- c:\program files (x86)\ESET
2012-07-20 18:50 . 2012-07-20 18:50 -------- d-----w- c:\users\Karanbir\AppData\Roaming\SUPERAntiSpyware.com
2012-07-20 18:50 . 2012-07-20 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-20 18:50 . 2012-07-20 18:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-20 17:25 . 2012-07-20 17:25 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-20 17:25 . 2012-07-20 17:25 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-20 17:25 . 2012-07-20 17:25 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-20 07:54 . 2012-07-20 07:55 -------- d-----w- c:\program files\HitmanPro
2012-07-20 07:52 . 2012-07-21 17:59 -------- d-----w- c:\programdata\HitmanPro
2012-07-20 07:16 . 2012-07-21 03:40 -------- d-----w- c:\users\Karanbir\AppData\Local\NPE
2012-07-20 06:41 . 2012-07-20 07:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-20 06:19 . 2012-07-20 06:19 -------- d-----w- c:\users\Karanbir\AppData\Local\ElevatedDiagnostics
2012-07-20 05:53 . 2012-07-20 06:52 -------- d-----w- c:\users\Karanbir\AppData\Local\{F4C346B1-D22E-11E1-8270-B8AC6F996F26}
2012-07-20 05:51 . 2012-07-20 06:52 -------- d-----w- c:\users\Karanbir\AppData\Local\{F4C314F9-D22E-11E1-8270-B8AC6F996F26}
2012-07-11 04:04 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:58 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-11 03:58 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 03:58 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-11 02:41 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 02:41 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 02:41 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 02:41 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 02:41 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 02:40 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 02:40 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 02:40 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 02:40 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 02:40 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 02:40 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 02:40 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 02:40 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 02:40 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 02:40 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 02:40 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-06 02:49 . 2012-07-06 02:49 -------- d-----w- c:\users\Karanbir\AppData\Local\Macromedia
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-03 23:54 . 2012-02-10 17:07 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEF0A2A4-53A6-4628-9F40-712AE5B20A3D}\gapaengine.dll
2012-06-30 15:57 . 2012-06-30 15:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-30 15:57 . 2012-06-30 15:57 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 17:25 . 2010-05-28 20:49 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-20 17:25 . 2010-05-28 20:49 188912 ----a-w- c:\windows\system32\java.exe
2012-07-11 04:00 . 2010-09-12 04:57 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2010-11-04 22:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 15:57 . 2011-05-15 17:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 19:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 19:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 19:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 10:52 . 2012-06-12 21:32 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-12 21:32 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-12 21:32 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-12 21:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-12 21:32 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-10-16 22:19 . 2010-10-16 22:19 328568 ----a-w- c:\program files\uTorrent.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-21_00.23.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-28 18:23 . 2012-07-27 02:43 66656 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-27 02:43 44254 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-05 03:09 . 2012-07-27 02:43 26674 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069413089-568081338-4011474029-1000_UserData.bin
- 2010-09-07 23:34 . 2010-09-07 20:21 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-09-07 23:34 . 2012-07-23 00:48 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-10-26 23:04 . 2012-07-20 06:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-26 23:04 . 2012-07-23 01:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-26 23:04 . 2012-07-23 01:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-26 23:04 . 2012-07-20 06:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-26 23:04 . 2012-07-20 06:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-26 23:04 . 2012-07-23 01:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-06 19:00 . 2012-07-21 03:33 4138 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-09-06 19:00 . 2012-05-04 19:00 4138 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-21 18:01 . 2012-07-21 18:01 9560 c:\windows\system32\NetworkList\Icons\{1354B608-39E5-442D-B59A-B312A36089F2}_48.bin
+ 2012-07-21 18:01 . 2012-07-21 18:01 4280 c:\windows\system32\NetworkList\Icons\{1354B608-39E5-442D-B59A-B312A36089F2}_32.bin
+ 2012-07-21 18:01 . 2012-07-21 18:01 2456 c:\windows\system32\NetworkList\Icons\{1354B608-39E5-442D-B59A-B312A36089F2}_24.bin
- 2012-07-20 16:58 . 2012-07-20 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 02:40 . 2012-07-27 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 02:40 . 2012-07-27 02:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-20 16:58 . 2012-07-20 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-23 01:24 667120 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-20 20:23 667120 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-20 20:23 126724 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-23 01:24 126724 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-26 17:25 522400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-20 08:45 522400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-04 15:36 . 2012-07-16 04:29 2540680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-04 15:36 . 2012-07-26 17:25 2540680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-01 01:27 . 2012-07-20 08:45 4906800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069413089-568081338-4011474029-1000-12288.dat
+ 2010-10-01 01:27 . 2012-07-21 03:33 4906800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069413089-568081338-4011474029-1000-12288.dat
+ 2012-07-18 20:42 . 2012-07-18 20:42 7931392 c:\windows\Installer\69949.msi
+ 2009-07-14 02:34 . 2012-07-23 05:00 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-20 08:13 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-09-05 03:25 . 2012-07-26 17:25 15982417 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069413089-568081338-4011474029-1000-8192.dat
- 2010-09-05 03:25 . 2012-07-20 07:47 15982417 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069413089-568081338-4011474029-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-24 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-17 40448]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 20056]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-11 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-24 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-11 116240]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-14 32880]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-03-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-09-11 158976]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-09-11 10342240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-01-02 15:47]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 14:25]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 14:25]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069413089-568081338-4011474029-1000Core.job
- c:\users\Karanbir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 18:40]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069413089-568081338-4011474029-1000UA.job
- c:\users\Karanbir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 18:40]
.
2012-07-26 c:\windows\Tasks\HPCeeScheduleForKaranbir.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-11 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-11 414744]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Karanbir\AppData\Roaming\Mozilla\Firefox\Profiles\vydyowc8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2069413089-568081338-4011474029-1000\Software\SecuROM\License information*]
"datasecu"=hex:55,d7,78,ce,47,de,7f,30,bd,42,e0,df,75,4b,26,e3,0e,99,7f,2a,df,
22,40,71,cb,7b,85,4a,d8,08,10,40,d0,ab,25,b1,e0,c2,1b,dc,f9,a3,5c,d7,ae,ce,\
"rkeysecu"=hex:10,e0,17,32,8d,a7,49,46,93,10,dd,58,2f,03,ed,ac
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-26 23:06:20
ComboFix-quarantined-files.txt 2012-07-27 03:06
ComboFix2.txt 2012-07-21 00:25
.
Pre-Run: 512,218,652,672 bytes free
Post-Run: 511,840,866,304 bytes free
.
- - End Of File - - DBD85185E43B0097AC571D6CDA43A611



I also want to add that the PC is running slower than usual on startup- everything is normal after that though. Sometimes it gives me an error screen on startup and says "windows failed to start" - but I can still choose the option to 'start windows normally' and it boots fine (it is slower in booting, however). Finally, I tried to run rkill but it gave me a whole bunch of dialog boxes that said "installation failed", and then rkill said that it was not able to access a certain file under my Users/Karanbir/AppData/ - a log file. However, I ran it again and again and it finally worked: and produced this log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26/07/2012 at 23:21:55.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Karanbir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karanbir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Karanbir\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 26/07/2012 at 23:22:00.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 26 July 2012 - 10:43 PM

Greetings

Just because RKill is stopping those processes does not mean they are infected

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cheesehead9099

cheesehead9099
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 26 July 2012 - 11:29 PM

TDSS Log:

23:57:20.0136 2436 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:57:20.0416 2436 ============================================================
23:57:20.0416 2436 Current date / time: 2012/07/26 23:57:20.0416
23:57:20.0416 2436 SystemInfo:
23:57:20.0416 2436
23:57:20.0416 2436 OS Version: 6.1.7600 ServicePack: 0.0
23:57:20.0416 2436 Product type: Workstation
23:57:20.0416 2436 ComputerName: KARANSPC
23:57:20.0416 2436 UserName: Karanbir
23:57:20.0416 2436 Windows directory: C:\Windows
23:57:20.0416 2436 System windows directory: C:\Windows
23:57:20.0416 2436 Running under WOW64
23:57:20.0416 2436 Processor architecture: Intel x64
23:57:20.0416 2436 Number of processors: 4
23:57:20.0416 2436 Page size: 0x1000
23:57:20.0416 2436 Boot type: Normal boot
23:57:20.0416 2436 ============================================================
23:57:21.0150 2436 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:21.0212 2436 ============================================================
23:57:21.0212 2436 \Device\Harddisk0\DR0:
23:57:21.0212 2436 MBR partitions:
23:57:21.0212 2436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:57:21.0212 2436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A33000
23:57:21.0212 2436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48A97000, BlocksNum 0x1D8D000
23:57:21.0212 2436 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
23:57:21.0212 2436 ============================================================
23:57:21.0259 2436 C: <-> \Device\Harddisk0\DR0\Partition1
23:57:21.0306 2436 D: <-> \Device\Harddisk0\DR0\Partition2
23:57:21.0321 2436 E: <-> \Device\Harddisk0\DR0\Partition3
23:57:21.0321 2436 ============================================================
23:57:21.0321 2436 Initialize success
23:57:21.0321 2436 ============================================================
23:57:26.0672 3556 ============================================================
23:57:26.0672 3556 Scan started
23:57:26.0672 3556 Mode: Manual; SigCheck; TDLFS;
23:57:26.0672 3556 ============================================================
23:57:27.0062 3556 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:57:27.0124 3556 !SASCORE - ok
23:57:27.0358 3556 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:57:27.0421 3556 1394ohci - ok
23:57:27.0483 3556 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:57:27.0499 3556 Accelerometer - ok
23:57:27.0577 3556 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:57:27.0608 3556 ACPI - ok
23:57:27.0670 3556 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:57:27.0702 3556 AcpiPmi - ok
23:57:27.0811 3556 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:57:27.0842 3556 adp94xx - ok
23:57:27.0904 3556 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:57:27.0936 3556 adpahci - ok
23:57:27.0998 3556 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:57:28.0014 3556 adpu320 - ok
23:57:28.0076 3556 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:57:28.0138 3556 AeLookupSvc - ok
23:57:28.0294 3556 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
23:57:28.0341 3556 AESTFilters - ok
23:57:28.0450 3556 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:57:28.0482 3556 AFD - ok
23:57:28.0544 3556 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:57:28.0560 3556 agp440 - ok
23:57:28.0622 3556 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:57:28.0653 3556 ALG - ok
23:57:28.0716 3556 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:57:28.0731 3556 aliide - ok
23:57:28.0809 3556 AMD External Events Utility (dceee24e57e8176115207312f827c130) C:\Windows\system32\atiesrxx.exe
23:57:28.0840 3556 AMD External Events Utility - ok
23:57:28.0856 3556 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:57:28.0872 3556 amdide - ok
23:57:28.0918 3556 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:57:28.0950 3556 AmdK8 - ok
23:57:29.0542 3556 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
23:57:29.0636 3556 amdkmdag - ok
23:57:29.0839 3556 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
23:57:29.0870 3556 amdkmdap - ok
23:57:29.0948 3556 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:57:29.0964 3556 AmdPPM - ok
23:57:30.0026 3556 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:57:30.0057 3556 amdsata - ok
23:57:30.0120 3556 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:57:30.0151 3556 amdsbs - ok
23:57:30.0166 3556 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:57:30.0166 3556 amdxata - ok
23:57:30.0244 3556 AmUStor (37ea167782af19301af9c05804948bb2) C:\Windows\system32\drivers\AmUStor.SYS
23:57:30.0260 3556 AmUStor - ok
23:57:30.0354 3556 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:57:30.0400 3556 AppID - ok
23:57:30.0478 3556 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:57:30.0541 3556 AppIDSvc - ok
23:57:30.0603 3556 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:57:30.0634 3556 Appinfo - ok
23:57:30.0775 3556 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:57:30.0790 3556 Apple Mobile Device - ok
23:57:30.0900 3556 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:57:30.0915 3556 arc - ok
23:57:30.0946 3556 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:57:30.0978 3556 arcsas - ok
23:57:31.0102 3556 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:57:31.0134 3556 aspnet_state - ok
23:57:31.0196 3556 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:57:31.0274 3556 AsyncMac - ok
23:57:31.0321 3556 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:57:31.0352 3556 atapi - ok
23:57:31.0430 3556 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys
23:57:31.0446 3556 AtiHDAudioService - ok
23:57:31.0492 3556 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
23:57:31.0524 3556 AtiHdmiService - ok
23:57:31.0648 3556 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:57:31.0726 3556 AudioEndpointBuilder - ok
23:57:31.0726 3556 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:57:31.0773 3556 AudioSrv - ok
23:57:31.0836 3556 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:57:31.0867 3556 AxInstSV - ok
23:57:31.0960 3556 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:57:32.0007 3556 b06bdrv - ok
23:57:32.0085 3556 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:57:32.0132 3556 b57nd60a - ok
23:57:32.0413 3556 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:57:32.0475 3556 BCM43XX - ok
23:57:32.0616 3556 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:57:32.0631 3556 BDESVC - ok
23:57:32.0725 3556 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:57:32.0787 3556 Beep - ok
23:57:32.0896 3556 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
23:57:32.0959 3556 BFE - ok
23:57:33.0052 3556 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
23:57:33.0146 3556 BITS - ok
23:57:33.0224 3556 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:57:33.0255 3556 blbdrive - ok
23:57:33.0364 3556 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
23:57:33.0396 3556 Bonjour Service - ok
23:57:33.0458 3556 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:57:33.0505 3556 bowser - ok
23:57:33.0567 3556 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:57:33.0598 3556 BrFiltLo - ok
23:57:33.0614 3556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:57:33.0661 3556 BrFiltUp - ok
23:57:33.0723 3556 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:57:33.0770 3556 BridgeMP - ok
23:57:33.0848 3556 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:57:33.0910 3556 Browser - ok
23:57:33.0957 3556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:57:33.0988 3556 Brserid - ok
23:57:34.0004 3556 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:57:34.0035 3556 BrSerWdm - ok
23:57:34.0098 3556 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:57:34.0129 3556 BrUsbMdm - ok
23:57:34.0144 3556 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:57:34.0176 3556 BrUsbSer - ok
23:57:34.0238 3556 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:57:34.0269 3556 BthEnum - ok
23:57:34.0332 3556 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:57:34.0363 3556 BTHMODEM - ok
23:57:34.0394 3556 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:57:34.0410 3556 BthPan - ok
23:57:34.0519 3556 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
23:57:34.0534 3556 BTHPORT - ok
23:57:34.0597 3556 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:57:34.0659 3556 bthserv - ok
23:57:34.0737 3556 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
23:57:34.0753 3556 BTHUSB - ok
23:57:34.0815 3556 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
23:57:34.0831 3556 btwaudio - ok
23:57:34.0909 3556 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
23:57:34.0924 3556 btwavdt - ok
23:57:35.0049 3556 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:57:35.0080 3556 btwdins - ok
23:57:35.0112 3556 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:57:35.0112 3556 btwl2cap - ok
23:57:35.0127 3556 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
23:57:35.0143 3556 btwrchid - ok
23:57:35.0190 3556 catchme - ok
23:57:35.0236 3556 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:57:35.0314 3556 cdfs - ok
23:57:35.0408 3556 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:57:35.0439 3556 cdrom - ok
23:57:35.0517 3556 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:57:35.0595 3556 CertPropSvc - ok
23:57:35.0642 3556 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:57:35.0673 3556 circlass - ok
23:57:35.0782 3556 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:57:35.0814 3556 CLFS - ok
23:57:35.0923 3556 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:57:35.0938 3556 clr_optimization_v2.0.50727_32 - ok
23:57:36.0001 3556 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:57:36.0016 3556 clr_optimization_v2.0.50727_64 - ok
23:57:36.0126 3556 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:57:36.0141 3556 clr_optimization_v4.0.30319_32 - ok
23:57:36.0172 3556 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:57:36.0204 3556 clr_optimization_v4.0.30319_64 - ok
23:57:36.0282 3556 clwvd (8504557ef1fe29bd0a0f8c3578e670f5) C:\Windows\system32\DRIVERS\clwvd.sys
23:57:36.0297 3556 clwvd - ok
23:57:36.0344 3556 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:57:36.0375 3556 CmBatt - ok
23:57:36.0391 3556 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:57:36.0406 3556 cmdide - ok
23:57:36.0500 3556 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
23:57:36.0547 3556 CNG - ok
23:57:36.0594 3556 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:57:36.0609 3556 Compbatt - ok
23:57:36.0656 3556 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:57:36.0703 3556 CompositeBus - ok
23:57:36.0718 3556 COMSysApp - ok
23:57:36.0796 3556 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
23:57:36.0812 3556 cpuz135 - ok
23:57:36.0843 3556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:57:36.0859 3556 crcdisk - ok
23:57:36.0937 3556 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
23:57:36.0968 3556 CryptSvc - ok
23:57:37.0077 3556 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:57:37.0155 3556 DcomLaunch - ok
23:57:37.0186 3556 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:57:37.0233 3556 defragsvc - ok
23:57:37.0264 3556 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:57:37.0296 3556 DfsC - ok
23:57:37.0342 3556 DgiVecp - ok
23:57:37.0420 3556 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:57:37.0467 3556 Dhcp - ok
23:57:37.0483 3556 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:57:37.0530 3556 discache - ok
23:57:37.0592 3556 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:57:37.0623 3556 Disk - ok
23:57:37.0670 3556 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:57:37.0701 3556 Dnscache - ok
23:57:37.0748 3556 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:57:37.0826 3556 dot3svc - ok
23:57:37.0857 3556 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:57:37.0935 3556 DPS - ok
23:57:37.0998 3556 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:57:38.0029 3556 drmkaud - ok
23:57:38.0091 3556 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
23:57:38.0107 3556 DVMIO - ok
23:57:38.0216 3556 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:57:38.0263 3556 DXGKrnl - ok
23:57:38.0310 3556 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:57:38.0372 3556 EapHost - ok
23:57:38.0622 3556 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:57:38.0668 3556 ebdrv - ok
23:57:38.0793 3556 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:57:38.0824 3556 EFS - ok
23:57:38.0949 3556 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:57:38.0996 3556 ehRecvr - ok
23:57:39.0043 3556 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:57:39.0058 3556 ehSched - ok
23:57:39.0199 3556 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:57:39.0230 3556 elxstor - ok
23:57:39.0246 3556 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:57:39.0292 3556 ErrDev - ok
23:57:39.0386 3556 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:57:39.0448 3556 EventSystem - ok
23:57:39.0526 3556 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:57:39.0604 3556 exfat - ok
23:57:39.0636 3556 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:57:39.0682 3556 fastfat - ok
23:57:39.0792 3556 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:57:39.0823 3556 Fax - ok
23:57:39.0854 3556 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:57:39.0885 3556 fdc - ok
23:57:39.0901 3556 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:57:39.0963 3556 fdPHost - ok
23:57:39.0979 3556 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:57:40.0010 3556 FDResPub - ok
23:57:40.0088 3556 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:57:40.0104 3556 FileInfo - ok
23:57:40.0119 3556 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:57:40.0197 3556 Filetrace - ok
23:57:40.0213 3556 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:57:40.0228 3556 flpydisk - ok
23:57:40.0275 3556 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:57:40.0291 3556 FltMgr - ok
23:57:40.0400 3556 FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll
23:57:40.0447 3556 FontCache - ok
23:57:40.0509 3556 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:57:40.0525 3556 FontCache3.0.0.0 - ok
23:57:40.0572 3556 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:57:40.0587 3556 FsDepends - ok
23:57:40.0634 3556 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:57:40.0650 3556 Fs_Rec - ok
23:57:40.0728 3556 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:57:40.0759 3556 fvevol - ok
23:57:40.0806 3556 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:57:40.0821 3556 gagp30kx - ok
23:57:40.0852 3556 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:57:40.0852 3556 GEARAspiWDM - ok
23:57:40.0962 3556 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:57:41.0008 3556 gpsvc - ok
23:57:41.0180 3556 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:57:41.0196 3556 gupdate - ok
23:57:41.0227 3556 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:57:41.0242 3556 gupdatem - ok
23:57:41.0289 3556 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
23:57:41.0305 3556 hamachi - ok
23:57:41.0352 3556 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:57:41.0383 3556 hcw85cir - ok
23:57:41.0476 3556 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:57:41.0508 3556 HdAudAddService - ok
23:57:41.0570 3556 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:57:41.0601 3556 HDAudBus - ok
23:57:41.0664 3556 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:57:41.0679 3556 HECIx64 - ok
23:57:41.0695 3556 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:57:41.0726 3556 HidBatt - ok
23:57:41.0757 3556 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:57:41.0804 3556 HidBth - ok
23:57:41.0851 3556 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:57:41.0866 3556 HidIr - ok
23:57:41.0898 3556 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:57:41.0960 3556 hidserv - ok
23:57:42.0022 3556 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:57:42.0038 3556 HidUsb - ok
23:57:42.0069 3556 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:57:42.0116 3556 hkmsvc - ok
23:57:42.0132 3556 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:57:42.0163 3556 HomeGroupListener - ok
23:57:42.0194 3556 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:57:42.0225 3556 HomeGroupProvider - ok
23:57:42.0366 3556 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:57:42.0381 3556 HP Support Assistant Service - ok
23:57:42.0428 3556 hpdoccardsvc (cecf7cb10e778f921cf41858c653ea15) C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe
23:57:42.0444 3556 hpdoccardsvc - ok
23:57:42.0568 3556 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:57:42.0584 3556 HPDrvMntSvc.exe - ok
23:57:42.0600 3556 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:57:42.0615 3556 hpdskflt - ok
23:57:42.0724 3556 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:57:42.0756 3556 hpqwmiex - ok
23:57:42.0802 3556 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:57:42.0834 3556 HpSAMD - ok
23:57:42.0849 3556 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
23:57:42.0865 3556 hpsrv - ok
23:57:42.0974 3556 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:57:43.0068 3556 HTTP - ok
23:57:43.0114 3556 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:57:43.0130 3556 hwpolicy - ok
23:57:43.0177 3556 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:57:43.0208 3556 i8042prt - ok
23:57:43.0270 3556 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\Windows\system32\DRIVERS\iaStor.sys
23:57:43.0302 3556 iaStor - ok
23:57:43.0442 3556 IAStorDataMgrSvc (3aa361a727be3b01b6b909eefd26788a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:57:43.0458 3556 IAStorDataMgrSvc - ok
23:57:43.0536 3556 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:57:43.0567 3556 iaStorV - ok
23:57:43.0707 3556 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:57:43.0738 3556 idsvc - ok
23:57:44.0394 3556 igfx (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:57:44.0534 3556 igfx - ok
23:57:44.0706 3556 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:57:44.0721 3556 iirsp - ok
23:57:44.0815 3556 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:57:44.0877 3556 IKEEXT - ok
23:57:44.0955 3556 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
23:57:45.0002 3556 Impcd - ok
23:57:45.0080 3556 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:57:45.0096 3556 intelide - ok
23:57:45.0782 3556 intelkmd (fbacbed7a37b3223822470ff1d8ea00f) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:57:45.0891 3556 intelkmd - ok
23:57:46.0047 3556 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:57:46.0063 3556 intelppm - ok
23:57:46.0110 3556 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:57:46.0188 3556 IPBusEnum - ok
23:57:46.0250 3556 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:57:46.0312 3556 IpFilterDriver - ok
23:57:46.0422 3556 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
23:57:46.0468 3556 iphlpsvc - ok
23:57:46.0500 3556 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:57:46.0531 3556 IPMIDRV - ok
23:57:46.0562 3556 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:57:46.0609 3556 IPNAT - ok
23:57:46.0765 3556 iPod Service (3151d878bb16307ef2cf4cda2463d15e) C:\Program Files\iPod\bin\iPodService.exe
23:57:46.0796 3556 iPod Service - ok
23:57:46.0843 3556 iPodDrv - ok
23:57:46.0890 3556 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:57:46.0936 3556 IRENUM - ok
23:57:46.0983 3556 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:57:46.0999 3556 isapnp - ok
23:57:47.0061 3556 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:57:47.0077 3556 iScsiPrt - ok
23:57:47.0108 3556 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:57:47.0124 3556 kbdclass - ok
23:57:47.0170 3556 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:57:47.0202 3556 kbdhid - ok
23:57:47.0264 3556 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:57:47.0280 3556 KeyIso - ok
23:57:47.0326 3556 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
23:57:47.0342 3556 KSecDD - ok
23:57:47.0358 3556 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
23:57:47.0389 3556 KSecPkg - ok
23:57:47.0420 3556 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:57:47.0451 3556 ksthunk - ok
23:57:47.0514 3556 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:57:47.0592 3556 KtmRm - ok
23:57:47.0685 3556 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
23:57:47.0701 3556 LanmanServer - ok
23:57:47.0779 3556 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:57:47.0857 3556 LanmanWorkstation - ok
23:57:47.0919 3556 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:57:47.0982 3556 lltdio - ok
23:57:48.0028 3556 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:57:48.0091 3556 lltdsvc - ok
23:57:48.0138 3556 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:57:48.0169 3556 lmhosts - ok
23:57:48.0309 3556 LMS (fddebf45ce8cfd47af2871fbc093e4b0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:57:48.0325 3556 LMS - ok
23:57:48.0403 3556 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:57:48.0418 3556 LSI_FC - ok
23:57:48.0450 3556 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:57:48.0465 3556 LSI_SAS - ok
23:57:48.0512 3556 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:57:48.0528 3556 LSI_SAS2 - ok
23:57:48.0606 3556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:57:48.0621 3556 LSI_SCSI - ok
23:57:48.0668 3556 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:57:48.0730 3556 luafv - ok
23:57:48.0808 3556 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:57:48.0855 3556 Mcx2Svc - ok
23:57:48.0871 3556 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:57:48.0886 3556 megasas - ok
23:57:48.0933 3556 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:57:48.0964 3556 MegaSR - ok
23:57:49.0089 3556 Microsoft SharePoint Workspace Audit Service - ok
23:57:49.0120 3556 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:57:49.0167 3556 MMCSS - ok
23:57:49.0214 3556 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:57:49.0261 3556 Modem - ok
23:57:49.0308 3556 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:57:49.0354 3556 monitor - ok
23:57:49.0417 3556 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
23:57:49.0432 3556 MotioninJoyXFilter - ok
23:57:49.0495 3556 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:57:49.0510 3556 mouclass - ok
23:57:49.0557 3556 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:57:49.0604 3556 mouhid - ok
23:57:49.0651 3556 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:57:49.0682 3556 mountmgr - ok
23:57:49.0791 3556 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
23:57:49.0807 3556 MpFilter - ok
23:57:49.0838 3556 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:57:49.0869 3556 mpio - ok
23:57:49.0900 3556 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:57:49.0932 3556 mpsdrv - ok
23:57:50.0025 3556 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
23:57:50.0103 3556 MpsSvc - ok
23:57:50.0134 3556 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:57:50.0166 3556 MRxDAV - ok
23:57:50.0212 3556 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:57:50.0244 3556 mrxsmb - ok
23:57:50.0290 3556 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:57:50.0306 3556 mrxsmb10 - ok
23:57:50.0337 3556 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:57:50.0353 3556 mrxsmb20 - ok
23:57:50.0400 3556 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:57:50.0415 3556 msahci - ok
23:57:50.0446 3556 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:57:50.0462 3556 msdsm - ok
23:57:50.0524 3556 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:57:50.0556 3556 MSDTC - ok
23:57:50.0618 3556 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:57:50.0665 3556 Msfs - ok
23:57:50.0680 3556 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:57:50.0712 3556 mshidkmdf - ok
23:57:50.0743 3556 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:57:50.0743 3556 msisadrv - ok
23:57:50.0805 3556 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:57:50.0868 3556 MSiSCSI - ok
23:57:50.0868 3556 msiserver - ok
23:57:50.0914 3556 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:57:50.0992 3556 MSKSSRV - ok
23:57:51.0117 3556 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:57:51.0133 3556 MsMpSvc - ok
23:57:51.0164 3556 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:57:51.0226 3556 MSPCLOCK - ok
23:57:51.0242 3556 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:57:51.0289 3556 MSPQM - ok
23:57:51.0336 3556 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:57:51.0367 3556 MsRPC - ok
23:57:51.0382 3556 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:57:51.0398 3556 mssmbios - ok
23:57:51.0429 3556 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:57:51.0476 3556 MSTEE - ok
23:57:51.0492 3556 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:57:51.0523 3556 MTConfig - ok
23:57:51.0538 3556 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:57:51.0554 3556 Mup - ok
23:57:51.0632 3556 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:57:51.0679 3556 napagent - ok
23:57:51.0757 3556 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:57:51.0788 3556 NativeWifiP - ok
23:57:51.0866 3556 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:57:51.0913 3556 NDIS - ok
23:57:51.0944 3556 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:57:51.0991 3556 NdisCap - ok
23:57:52.0038 3556 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:57:52.0084 3556 NdisTapi - ok
23:57:52.0162 3556 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:57:52.0225 3556 Ndisuio - ok
23:57:52.0256 3556 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:57:52.0318 3556 NdisWan - ok
23:57:52.0396 3556 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:57:52.0459 3556 NDProxy - ok
23:57:52.0506 3556 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:57:52.0568 3556 NetBIOS - ok
23:57:52.0599 3556 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:57:52.0662 3556 NetBT - ok
23:57:52.0724 3556 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:57:52.0740 3556 Netlogon - ok
23:57:52.0818 3556 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:57:52.0880 3556 Netman - ok
23:57:53.0020 3556 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:57:53.0036 3556 NetMsmqActivator - ok
23:57:53.0052 3556 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:57:53.0067 3556 NetPipeActivator - ok
23:57:53.0130 3556 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:57:53.0208 3556 netprofm - ok
23:57:53.0223 3556 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:57:53.0239 3556 NetTcpActivator - ok
23:57:53.0239 3556 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:57:53.0254 3556 NetTcpPortSharing - ok
23:57:53.0691 3556 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:57:53.0769 3556 netw5v64 - ok
23:57:53.0956 3556 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:57:53.0972 3556 nfrd960 - ok
23:57:54.0050 3556 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:57:54.0066 3556 NisDrv - ok
23:57:54.0175 3556 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
23:57:54.0190 3556 NisSrv - ok
23:57:54.0268 3556 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:57:54.0346 3556 NlaSvc - ok
23:57:54.0378 3556 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:57:54.0440 3556 Npfs - ok
23:57:54.0471 3556 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:57:54.0518 3556 nsi - ok
23:57:54.0534 3556 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:57:54.0565 3556 nsiproxy - ok
23:57:54.0705 3556 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:57:54.0736 3556 Ntfs - ok
23:57:54.0877 3556 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:57:54.0924 3556 Null - ok
23:57:54.0986 3556 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:57:55.0017 3556 nvraid - ok
23:57:55.0080 3556 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:57:55.0095 3556 nvstor - ok
23:57:55.0173 3556 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:57:55.0204 3556 nv_agp - ok
23:57:55.0236 3556 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:57:55.0267 3556 ohci1394 - ok
23:57:55.0360 3556 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:57:55.0376 3556 ose64 - ok
23:57:55.0750 3556 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:57:55.0844 3556 osppsvc - ok
23:57:56.0031 3556 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:57:56.0062 3556 p2pimsvc - ok
23:57:56.0125 3556 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:57:56.0156 3556 p2psvc - ok
23:57:56.0218 3556 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:57:56.0250 3556 Parport - ok
23:57:56.0296 3556 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
23:57:56.0328 3556 partmgr - ok
23:57:56.0374 3556 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:57:56.0406 3556 PcaSvc - ok
23:57:56.0452 3556 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:57:56.0452 3556 pci - ok
23:57:56.0468 3556 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:57:56.0484 3556 pciide - ok
23:57:56.0530 3556 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:57:56.0562 3556 pcmcia - ok
23:57:56.0577 3556 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:57:56.0593 3556 pcw - ok
23:57:56.0655 3556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:57:56.0718 3556 PEAUTH - ok
23:57:56.0842 3556 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:57:56.0858 3556 PerfHost - ok
23:57:57.0076 3556 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:57:57.0154 3556 pla - ok
23:57:57.0248 3556 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:57:57.0279 3556 PlugPlay - ok
23:57:57.0310 3556 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:57:57.0357 3556 PNRPAutoReg - ok
23:57:57.0388 3556 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:57:57.0420 3556 PNRPsvc - ok
23:57:57.0466 3556 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:57:57.0529 3556 PolicyAgent - ok
23:57:57.0591 3556 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:57:57.0654 3556 Power - ok
23:57:57.0732 3556 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:57:57.0794 3556 PptpMiniport - ok
23:57:57.0825 3556 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:57:57.0841 3556 Processor - ok
23:57:57.0903 3556 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
23:57:57.0934 3556 ProfSvc - ok
23:57:57.0966 3556 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:57:57.0981 3556 ProtectedStorage - ok
23:57:58.0059 3556 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:57:58.0122 3556 Psched - ok
23:57:58.0309 3556 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:57:58.0340 3556 ql2300 - ok
23:57:58.0496 3556 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:57:58.0527 3556 ql40xx - ok
23:57:58.0558 3556 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:57:58.0590 3556 QWAVE - ok
23:57:58.0605 3556 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:57:58.0621 3556 QWAVEdrv - ok
23:57:58.0621 3556 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:57:58.0668 3556 RasAcd - ok
23:57:58.0714 3556 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:57:58.0777 3556 RasAgileVpn - ok
23:57:58.0870 3556 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:57:58.0933 3556 RasAuto - ok
23:57:58.0980 3556 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:57:59.0042 3556 Rasl2tp - ok
23:57:59.0136 3556 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:57:59.0182 3556 RasMan - ok
23:57:59.0198 3556 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:57:59.0260 3556 RasPppoe - ok
23:57:59.0323 3556 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:57:59.0385 3556 RasSstp - ok
23:57:59.0432 3556 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:57:59.0510 3556 rdbss - ok
23:57:59.0526 3556 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:57:59.0557 3556 rdpbus - ok
23:57:59.0604 3556 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:57:59.0650 3556 RDPCDD - ok
23:57:59.0666 3556 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:57:59.0713 3556 RDPENCDD - ok
23:57:59.0713 3556 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:57:59.0744 3556 RDPREFMP - ok
23:57:59.0806 3556 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
23:57:59.0853 3556 RDPWD - ok
23:57:59.0916 3556 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:57:59.0947 3556 rdyboost - ok
23:57:59.0994 3556 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:58:00.0025 3556 RemoteAccess - ok
23:58:00.0072 3556 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:58:00.0118 3556 RemoteRegistry - ok
23:58:00.0196 3556 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
23:58:00.0228 3556 Revoflt - ok
23:58:00.0306 3556 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:58:00.0337 3556 RFCOMM - ok
23:58:00.0384 3556 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:58:00.0430 3556 RpcEptMapper - ok
23:58:00.0446 3556 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:58:00.0462 3556 RpcLocator - ok
23:58:00.0508 3556 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:58:00.0555 3556 RpcSs - ok
23:58:00.0618 3556 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:58:00.0680 3556 rspndr - ok
23:58:00.0727 3556 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:58:00.0758 3556 RTL8167 - ok
23:58:00.0789 3556 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:58:00.0805 3556 SamSs - ok
23:58:00.0914 3556 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:58:00.0930 3556 SASDIFSV - ok
23:58:00.0992 3556 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:58:01.0008 3556 SASKUTIL - ok
23:58:01.0101 3556 SbieDrv (152ee68830ffb13f0b1fec6c9b99644f) C:\Program Files\Sandboxie\SbieDrv.sys
23:58:01.0132 3556 SbieDrv - ok
23:58:01.0195 3556 SbieSvc (fd0287131d91352f225ebb5cd3527952) C:\Program Files\Sandboxie\SbieSvc.exe
23:58:01.0210 3556 SbieSvc - ok
23:58:01.0242 3556 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:58:01.0273 3556 sbp2port - ok
23:58:01.0476 3556 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:58:01.0522 3556 SBSDWSCService - ok
23:58:01.0554 3556 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:58:01.0616 3556 SCardSvr - ok
23:58:01.0678 3556 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:58:01.0725 3556 scfilter - ok
23:58:01.0834 3556 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:58:01.0866 3556 Schedule - ok
23:58:01.0897 3556 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:58:01.0944 3556 SCPolicySvc - ok
23:58:02.0006 3556 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
23:58:02.0037 3556 sdbus - ok
23:58:02.0084 3556 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:58:02.0115 3556 SDRSVC - ok
23:58:02.0146 3556 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:58:02.0224 3556 secdrv - ok
23:58:02.0240 3556 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:58:02.0287 3556 seclogon - ok
23:58:02.0334 3556 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:58:02.0380 3556 SENS - ok
23:58:02.0396 3556 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:58:02.0427 3556 SensrSvc - ok
23:58:02.0458 3556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:58:02.0458 3556 Serenum - ok
23:58:02.0490 3556 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:58:02.0505 3556 Serial - ok
23:58:02.0583 3556 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:58:02.0599 3556 sermouse - ok
23:58:02.0630 3556 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:58:02.0677 3556 SessionEnv - ok
23:58:02.0692 3556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:58:02.0708 3556 sffdisk - ok
23:58:02.0739 3556 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:58:02.0755 3556 sffp_mmc - ok
23:58:02.0786 3556 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:58:02.0802 3556 sffp_sd - ok
23:58:02.0833 3556 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:58:02.0864 3556 sfloppy - ok
23:58:02.0911 3556 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:58:02.0958 3556 SharedAccess - ok
23:58:03.0036 3556 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:58:03.0067 3556 ShellHWDetection - ok
23:58:03.0129 3556 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:58:03.0145 3556 SiSRaid2 - ok
23:58:03.0176 3556 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:58:03.0192 3556 SiSRaid4 - ok
23:58:03.0566 3556 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:58:03.0628 3556 Skype C2C Service - ok
23:58:03.0738 3556 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:58:03.0753 3556 SkypeUpdate - ok
23:58:03.0925 3556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:58:03.0987 3556 Smb - ok
23:58:04.0050 3556 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:58:04.0081 3556 SNMPTRAP - ok
23:58:04.0096 3556 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:58:04.0112 3556 spldr - ok
23:58:04.0190 3556 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:58:04.0221 3556 Spooler - ok
23:58:04.0533 3556 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:58:04.0611 3556 sppsvc - ok
23:58:04.0752 3556 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:58:04.0814 3556 sppuinotify - ok
23:58:04.0892 3556 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:58:04.0939 3556 srv - ok
23:58:04.0986 3556 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:58:05.0017 3556 srv2 - ok
23:58:05.0079 3556 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:58:05.0111 3556 SrvHsfHDA - ok
23:58:05.0235 3556 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:58:05.0282 3556 SrvHsfV92 - ok
23:58:05.0485 3556 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:58:05.0532 3556 SrvHsfWinac - ok
23:58:05.0579 3556 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:58:05.0594 3556 srvnet - ok
23:58:05.0672 3556 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:58:05.0735 3556 SSDPSRV - ok
23:58:05.0797 3556 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
23:58:05.0828 3556 SSPORT - ok
23:58:05.0844 3556 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:58:05.0922 3556 SstpSvc - ok
23:58:06.0062 3556 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
23:58:06.0093 3556 STacSV - ok
23:58:06.0125 3556 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:58:06.0140 3556 stexstor - ok
23:58:06.0249 3556 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
23:58:06.0281 3556 STHDA - ok
23:58:06.0374 3556 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:58:06.0421 3556 stisvc - ok
23:58:06.0452 3556 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:58:06.0452 3556 swenum - ok
23:58:06.0515 3556 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:58:06.0577 3556 swprv - ok
23:58:06.0749 3556 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
23:58:06.0780 3556 SynTP - ok
23:58:07.0045 3556 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:58:07.0092 3556 SysMain - ok
23:58:07.0232 3556 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:58:07.0263 3556 TabletInputService - ok
23:58:07.0295 3556 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:58:07.0373 3556 TapiSrv - ok
23:58:07.0388 3556 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:58:07.0419 3556 TBS - ok
23:58:07.0653 3556 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
23:58:07.0716 3556 Tcpip - ok
23:58:08.0043 3556 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
23:58:08.0090 3556 TCPIP6 - ok
23:58:08.0215 3556 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:58:08.0277 3556 tcpipreg - ok
23:58:08.0324 3556 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:58:08.0355 3556 TDPIPE - ok
23:58:08.0387 3556 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:58:08.0418 3556 TDTCP - ok
23:58:08.0433 3556 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:58:08.0480 3556 tdx - ok
23:58:08.0511 3556 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:58:08.0511 3556 TermDD - ok
23:58:08.0589 3556 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:58:08.0652 3556 TermService - ok
23:58:08.0667 3556 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:58:08.0699 3556 Themes - ok
23:58:08.0714 3556 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:58:08.0761 3556 THREADORDER - ok
23:58:08.0777 3556 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:58:08.0823 3556 TrkWks - ok
23:58:08.0886 3556 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:58:08.0933 3556 TrustedInstaller - ok
23:58:08.0964 3556 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:58:09.0026 3556 tssecsrv - ok
23:58:09.0073 3556 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:58:09.0104 3556 tunnel - ok
23:58:09.0151 3556 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:58:09.0167 3556 uagp35 - ok
23:58:09.0229 3556 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
23:58:09.0245 3556 udfs - ok
23:58:09.0276 3556 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:58:09.0323 3556 UI0Detect - ok
23:58:09.0385 3556 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:58:09.0401 3556 uliagpkx - ok
23:58:09.0510 3556 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:58:09.0541 3556 umbus - ok
23:58:09.0603 3556 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:58:09.0635 3556 UmPass - ok
23:58:09.0915 3556 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:58:09.0978 3556 UNS - ok
23:58:10.0118 3556 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:58:10.0181 3556 upnphost - ok
23:58:10.0227 3556 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
23:58:10.0259 3556 USBAAPL64 - ok
23:58:10.0305 3556 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
23:58:10.0321 3556 usbccgp - ok
23:58:10.0383 3556 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:58:10.0415 3556 usbcir - ok
23:58:10.0446 3556 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
23:58:10.0461 3556 usbehci - ok
23:58:10.0508 3556 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
23:58:10.0539 3556 usbhub - ok
23:58:10.0571 3556 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
23:58:10.0586 3556 usbohci - ok
23:58:10.0649 3556 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:58:10.0680 3556 usbprint - ok
23:58:10.0758 3556 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:58:10.0789 3556 usbscan - ok
23:58:10.0836 3556 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:58:10.0851 3556 USBSTOR - ok
23:58:10.0883 3556 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
23:58:10.0898 3556 usbuhci - ok
23:58:10.0976 3556 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
23:58:11.0007 3556 usbvideo - ok
23:58:11.0039 3556 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:58:11.0101 3556 UxSms - ok
23:58:11.0132 3556 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:58:11.0148 3556 VaultSvc - ok
23:58:11.0195 3556 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:58:11.0226 3556 vdrvroot - ok
23:58:11.0273 3556 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:58:11.0304 3556 vds - ok
23:58:11.0335 3556 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:58:11.0335 3556 vga - ok
23:58:11.0351 3556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:58:11.0397 3556 VgaSave - ok
23:58:11.0444 3556 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:58:11.0460 3556 vhdmp - ok
23:58:11.0460 3556 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:58:11.0475 3556 viaide - ok
23:58:11.0538 3556 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:58:11.0569 3556 volmgr - ok
23:58:11.0616 3556 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:58:11.0647 3556 volmgrx - ok
23:58:11.0678 3556 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:58:11.0709 3556 volsnap - ok
23:58:11.0772 3556 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:58:11.0787 3556 vsmraid - ok
23:58:11.0928 3556 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:58:11.0990 3556 VSS - ok
23:58:12.0131 3556 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:58:12.0146 3556 vwifibus - ok
23:58:12.0209 3556 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:58:12.0240 3556 vwififlt - ok
23:58:12.0302 3556 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:58:12.0349 3556 W32Time - ok
23:58:12.0396 3556 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:58:12.0396 3556 WacomPen - ok
23:58:12.0474 3556 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:12.0536 3556 WANARP - ok
23:58:12.0552 3556 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:12.0599 3556 Wanarpv6 - ok
23:58:12.0755 3556 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:58:12.0801 3556 WatAdminSvc - ok
23:58:12.0942 3556 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:58:12.0973 3556 wbengine - ok
23:58:13.0113 3556 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:58:13.0145 3556 WbioSrvc - ok
23:58:13.0191 3556 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:58:13.0207 3556 wcncsvc - ok
23:58:13.0223 3556 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:58:13.0254 3556 WcsPlugInService - ok
23:58:13.0301 3556 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:58:13.0316 3556 Wd - ok
23:58:13.0394 3556 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:58:13.0441 3556 Wdf01000 - ok
23:58:13.0472 3556 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:58:13.0503 3556 WdiServiceHost - ok
23:58:13.0503 3556 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:58:13.0519 3556 WdiSystemHost - ok
23:58:13.0566 3556 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:58:13.0597 3556 WebClient - ok
23:58:13.0628 3556 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:58:13.0675 3556 Wecsvc - ok
23:58:13.0691 3556 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:58:13.0722 3556 wercplsupport - ok
23:58:13.0784 3556 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:58:13.0847 3556 WerSvc - ok
23:58:13.0925 3556 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:58:13.0971 3556 WfpLwf - ok
23:58:13.0987 3556 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:58:14.0003 3556 WIMMount - ok
23:58:14.0049 3556 WinDefend - ok
23:58:14.0049 3556 WinHttpAutoProxySvc - ok
23:58:14.0143 3556 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:58:14.0205 3556 Winmgmt - ok
23:58:14.0377 3556 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:58:14.0455 3556 WinRM - ok
23:58:14.0658 3556 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:58:14.0673 3556 WinUsb - ok
23:58:14.0798 3556 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:58:14.0829 3556 Wlansvc - ok
23:58:15.0110 3556 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:58:15.0157 3556 wlidsvc - ok
23:58:15.0313 3556 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:58:15.0344 3556 WmiAcpi - ok
23:58:15.0438 3556 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:58:15.0453 3556 wmiApSrv - ok
23:58:15.0516 3556 WMPNetworkSvc - ok
23:58:15.0547 3556 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:58:15.0563 3556 WPCSvc - ok
23:58:15.0594 3556 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:58:15.0609 3556 WPDBusEnum - ok
23:58:15.0641 3556 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:58:15.0672 3556 ws2ifsl - ok
23:58:15.0719 3556 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
23:58:15.0750 3556 wscsvc - ok
23:58:15.0750 3556 WSearch - ok
23:58:15.0968 3556 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:58:16.0031 3556 wuauserv - ok
23:58:16.0187 3556 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:58:16.0233 3556 WudfPf - ok
23:58:16.0311 3556 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:58:16.0358 3556 WUDFRd - ok
23:58:16.0389 3556 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:58:16.0436 3556 wudfsvc - ok
23:58:16.0483 3556 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:58:16.0561 3556 WwanSvc - ok
23:58:16.0623 3556 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
23:58:16.0639 3556 xusb21 - ok
23:58:16.0733 3556 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:58:16.0764 3556 yukonw7 - ok
23:58:16.0826 3556 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:58:17.0185 3556 \Device\Harddisk0\DR0 - ok
23:58:17.0201 3556 Boot (0x1200) (dee91d617d99777891ba317a1e278e41) \Device\Harddisk0\DR0\Partition0
23:58:17.0201 3556 \Device\Harddisk0\DR0\Partition0 - ok
23:58:17.0232 3556 Boot (0x1200) (afa03ddcfa8e9eb64e7a5b5206affbb1) \Device\Harddisk0\DR0\Partition1
23:58:17.0232 3556 \Device\Harddisk0\DR0\Partition1 - ok
23:58:17.0263 3556 Boot (0x1200) (692f3e78f7f22563df279b3b7c71b6dd) \Device\Harddisk0\DR0\Partition2
23:58:17.0263 3556 \Device\Harddisk0\DR0\Partition2 - ok
23:58:17.0279 3556 Boot (0x1200) (71c15d9272cbb72a9d7476872e9d275f) \Device\Harddisk0\DR0\Partition3
23:58:17.0279 3556 \Device\Harddisk0\DR0\Partition3 - ok
23:58:17.0279 3556 ============================================================
23:58:17.0279 3556 Scan finished
23:58:17.0279 3556 ============================================================
23:58:17.0294 4248 Detected object count: 0
23:58:17.0294 4248 Actual detected object count: 0



aswMBR log: (Also includes an earlier log of the last time i ran this program)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 13:05:17
-----------------------------
13:05:17.710 OS Version: Windows x64 6.1.7600
13:05:17.710 Number of processors: 4 586 0x2502
13:05:17.710 ComputerName: KARANSPC UserName: Karanbir
13:05:18.724 Initialize success
13:17:20.139 AVAST engine defs: 12072100
13:19:47.813 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:19:47.813 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
13:19:47.828 Disk 0 MBR read successfully
13:19:47.828 Disk 0 MBR scan
13:19:47.844 Disk 0 Windows 7 default MBR code
13:19:47.844 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:19:47.860 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595046 MB offset 409600
13:19:47.891 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15130 MB offset 1219063808
13:19:47.906 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
13:19:47.953 Disk 0 scanning C:\Windows\system32\drivers
13:19:58.234 Service scanning
13:20:29.262 Modules scanning
13:20:29.278 Disk 0 trace - called modules:
13:20:29.309 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
13:20:29.309 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078d8060]
13:20:29.340 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800774f9e0]
13:20:29.340 5 hpdskflt.sys[fffff880018a8289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006881050]
13:20:30.962 AVAST engine scan C:\Windows
13:20:34.176 AVAST engine scan C:\Windows\system32
13:23:46.899 AVAST engine scan C:\Windows\system32\drivers
13:24:23.278 AVAST engine scan C:\Users\Karanbir
13:35:29.927 AVAST engine scan C:\ProgramData
13:38:37.066 Scan finished successfully
13:39:09.257 Disk 0 MBR has been saved successfully to "C:\Users\Karanbir\Desktop\MBR.dat"
13:39:09.304 The log file has been saved successfully to "C:\Users\Karanbir\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 00:01:46
-----------------------------
00:01:46.900 OS Version: Windows x64 6.1.7600
00:01:46.900 Number of processors: 4 586 0x2502
00:01:46.900 ComputerName: KARANSPC UserName: Karanbir
00:01:48.413 Initialize success
00:02:45.434 AVAST engine defs: 12072602
00:03:06.826 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:03:06.842 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
00:03:06.842 Disk 0 MBR read successfully
00:03:06.842 Disk 0 MBR scan
00:03:06.857 Disk 0 Windows 7 default MBR code
00:03:06.873 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:03:06.888 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595046 MB offset 409600
00:03:06.920 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15130 MB offset 1219063808
00:03:06.935 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
00:03:06.982 Disk 0 scanning C:\Windows\system32\drivers
00:03:18.198 Service scanning
00:03:54.000 Modules scanning
00:03:54.000 Disk 0 trace - called modules:
00:03:54.032 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
00:03:54.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800892a060]
00:03:54.047 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80087a7b10]
00:03:54.047 5 hpdskflt.sys[fffff880018a8289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068b7050]
00:03:56.418 AVAST engine scan C:\Windows
00:04:00.256 AVAST engine scan C:\Windows\system32
00:07:11.528 AVAST engine scan C:\Windows\system32\drivers
00:07:24.679 AVAST engine scan C:\Users\Karanbir
00:14:51.698 AVAST engine scan C:\ProgramData
00:17:45.435 Scan finished successfully
00:26:03.126 Disk 0 MBR has been saved successfully to "C:\Users\Karanbir\Desktop\MBR.dat"
00:26:03.142 The log file has been saved successfully to "C:\Users\Karanbir\Desktop\aswMBR.txt"



I would just like to ask: if i was to do a clean reinstall - this would completely remove the malware 100%, correct? (by clean reinstall i mean wiping the drive with a utility like derek's boot and nuke and then installing windows from a new cd, restoring my pc from a system image that i made last year, and finally restoring my important docs and pics)

Edited by cheesehead9099, 26 July 2012 - 11:31 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 PM

Posted 27 July 2012 - 12:18 AM

Greetings

I would just like to ask: if i was to do a clean reinstall - this would completely remove the malware 100%, correct? (by clean reinstall i mean wiping the drive with a utility like derek's boot and nuke and then installing windows from a new cd, restoring my pc from a system image that i made last year, and finally restoring my important docs and pics)

Yes it would but at this time your reports are looking good



At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\uTorrentBar

FireFox::
FF - ProfilePath - c:\users\Karanbir\AppData\Roaming\Mozilla\Firefox\Profiles\vydyowc8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cheesehead9099

cheesehead9099
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 27 July 2012 - 05:07 PM

Computer is a little snappier - I have not seen any errors on startup - but there is no major change in performance.


Here is the combofix log:

ComboFix 12-07-27.02 - Karanbir 27/07/2012 12:05:55.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.5942.4325 [GMT -4:00]
Running from: c:\users\Karanbir\Desktop\ComboFix.exe
Command switches used :: c:\users\Karanbir\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\uTorrentBar
c:\program files (x86)\uTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\INSTALL.LOG
c:\program files (x86)\uTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\tbuTor.dll
c:\program files (x86)\uTorrentBar\toolbar.cfg
c:\program files (x86)\uTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentBar\UNWISE.EXE
c:\program files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 16:11 . 2012-07-27 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 16:04 . 2012-07-27 16:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74CFEF01-8B91-459F-9D67-040AE57F2EF4}\offreg.dll
2012-07-27 04:26 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74CFEF01-8B91-459F-9D67-040AE57F2EF4}\mpengine.dll
2012-07-23 01:29 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-21 17:59 . 2012-07-21 17:59 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-20 20:02 . 2012-07-20 20:02 -------- d-----w- C:\FRST
2012-07-20 19:05 . 2012-07-20 19:05 -------- d-----w- c:\program files (x86)\ESET
2012-07-20 18:50 . 2012-07-20 18:50 -------- d-----w- c:\users\Karanbir\AppData\Roaming\SUPERAntiSpyware.com
2012-07-20 18:50 . 2012-07-20 18:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-20 18:50 . 2012-07-20 18:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-20 17:25 . 2012-07-20 17:25 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-20 17:25 . 2012-07-20 17:25 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-20 17:25 . 2012-07-20 17:25 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-20 07:54 . 2012-07-20 07:55 -------- d-----w- c:\program files\HitmanPro
2012-07-20 07:52 . 2012-07-21 17:59 -------- d-----w- c:\programdata\HitmanPro
2012-07-20 07:16 . 2012-07-21 03:40 -------- d-----w- c:\users\Karanbir\AppData\Local\NPE
2012-07-20 06:41 . 2012-07-20 07:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-20 06:19 . 2012-07-20 06:19 -------- d-----w- c:\users\Karanbir\AppData\Local\ElevatedDiagnostics
2012-07-20 05:53 . 2012-07-20 06:52 -------- d-----w- c:\users\Karanbir\AppData\Local\{F4C346B1-D22E-11E1-8270-B8AC6F996F26}
2012-07-20 05:51 . 2012-07-20 06:52 -------- d-----w- c:\users\Karanbir\AppData\Local\{F4C314F9-D22E-11E1-8270-B8AC6F996F26}
2012-07-11 04:04 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 03:58 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-11 03:58 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 03:58 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-11 02:41 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 02:41 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 02:41 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 02:41 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 02:41 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 02:40 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 02:40 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 02:40 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 02:40 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 02:40 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 02:40 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 02:40 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 02:40 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 02:40 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 02:40 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 02:40 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-06 02:49 . 2012-07-06 02:49 -------- d-----w- c:\users\Karanbir\AppData\Local\Macromedia
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-03 23:54 . 2012-02-10 17:07 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEF0A2A4-53A6-4628-9F40-712AE5B20A3D}\gapaengine.dll
2012-06-30 15:57 . 2012-06-30 15:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-30 15:57 . 2012-06-30 15:57 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 17:25 . 2010-05-28 20:49 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-20 17:25 . 2010-05-28 20:49 188912 ----a-w- c:\windows\system32\java.exe
2012-07-11 04:00 . 2010-09-12 04:57 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2010-11-04 22:54 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 15:57 . 2011-05-15 17:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 19:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 19:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 19:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 10:52 . 2012-06-12 21:32 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-12 21:32 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-12 21:32 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-12 21:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2010-10-16 22:19 . 2010-10-16 22:19 328568 ----a-w- c:\program files\uTorrent.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-21_00.23.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-28 18:23 . 2012-07-27 15:59 66672 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-27 15:59 44294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-05 03:09 . 2012-07-27 15:59 26880 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069413089-568081338-4011474029-1000_UserData.bin
- 2010-09-07 23:34 . 2010-09-07 20:21 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2010-09-07 23:34 . 2012-07-23 00:48 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-10-26 23:04 . 2012-07-20 06:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-26 23:04 . 2012-07-27 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-26 23:04 . 2012-07-27 04:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-26 23:04 . 2012-07-20 06:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-26 23:04 . 2012-07-20 06:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-26 23:04 . 2012-07-27 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-06 19:00 . 2012-07-21 03:33 4138 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-09-06 19:00 . 2012-05-04 19:00 4138 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-21 18:01 . 2012-07-21 18:01 9560 c:\windows\system32\NetworkList\Icons\{1354B608-39E5-442D-B59A-B312A36089F2}_48.bin
+ 2012-07-21 18:01 . 2012-07-21 18:01 4280 c:\windows\system32\NetworkList\Icons\{1354B608-39E5-442D-B59A-B312A36089F2}_32.bin
+ 2012-07-21 18:01 . 2012-07-21 18:01 2456 c:\windows\system32\NetworkList\Icons\{1354B608-39E5-442D-B59A-B312A36089F2}_24.bin
- 2012-07-20 16:58 . 2012-07-20 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 15:57 . 2012-07-27 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 15:57 . 2012-07-27 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-20 16:58 . 2012-07-20 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-23 01:24 667120 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-20 20:23 667120 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-20 20:23 126724 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-23 01:24 126724 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-27 04:32 522400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-20 08:45 522400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-04 15:36 . 2012-07-16 04:29 2540680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-04 15:36 . 2012-07-26 17:25 2540680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-01 01:27 . 2012-07-20 08:45 4906800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069413089-568081338-4011474029-1000-12288.dat
+ 2010-10-01 01:27 . 2012-07-21 03:33 4906800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069413089-568081338-4011474029-1000-12288.dat
+ 2012-07-18 20:42 . 2012-07-18 20:42 7931392 c:\windows\Installer\69949.msi
+ 2009-07-14 02:34 . 2012-07-27 16:11 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-20 08:13 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-09-05 03:25 . 2012-07-26 17:25 15982417 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069413089-568081338-4011474029-1000-8192.dat
- 2010-09-05 03:25 . 2012-07-20 07:47 15982417 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2069413089-568081338-4011474029-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-24 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-17 40448]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R3 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 20056]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-11 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-24 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-11 116240]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-14 32880]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-03-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-09-11 158976]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-09-11 10342240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-01-02 15:47]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 14:25]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 14:25]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069413089-568081338-4011474029-1000Core.job
- c:\users\Karanbir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 18:40]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069413089-568081338-4011474029-1000UA.job
- c:\users\Karanbir\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-01 18:40]
.
2012-07-26 c:\windows\Tasks\HPCeeScheduleForKaranbir.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-17 323072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-11 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-11 414744]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Karanbir\AppData\Roaming\Mozilla\Firefox\Profiles\vydyowc8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\tbuTor.dll
AddRemove-uTorrentBar Toolbar - c:\progra~2\UTORRE~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2069413089-568081338-4011474029-1000\Software\SecuROM\License information*]
"datasecu"=hex:55,d7,78,ce,47,de,7f,30,bd,42,e0,df,75,4b,26,e3,0e,99,7f,2a,df,
22,40,71,cb,7b,85,4a,d8,08,10,40,d0,ab,25,b1,e0,c2,1b,dc,f9,a3,5c,d7,ae,ce,\
"rkeysecu"=hex:10,e0,17,32,8d,a7,49,46,93,10,dd,58,2f,03,ed,ac
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 12:13:58
ComboFix-quarantined-files.txt 2012-07-27 16:13
ComboFix2.txt 2012-07-27 03:06
ComboFix3.txt 2012-07-21 00:25
.
Pre-Run: 511,868,796,928 bytes free
Post-Run: 511,959,650,304 bytes free
.
- - End Of File - - A4DB7DBBCDB808D60CB5EEBBA31ADB33


I also ran SystemLook to show you a suspicious folder in my C:\ drive - it consists of random numbers and letters. I had another one like this before, but I determined that the other folder was a remnant of a Windows update, and was able to successfully delete it (it had 3 files - mrtstub.exe, mrt.exe_p, and finally $shtdwn$.req)

The remaining folder, however, is not delete-able as it tells me I do not have permission to delete it (you need permission from SYSTEM - access denied).
Here are the SystemLook logs:


SystemLook 30.07.11 by jpshortstuff
Log created at 18:06 on 27/07/2012 by Karanbir
Administrator - Elevation successful

========== dir ==========

c: - Parameters: "(none)"

---Files---
bootmgr -rahs-- 383562 bytes [01:57 07/09/2009] [01:38 14/07/2009]
ComboFix.txt --a---- 26549 bytes [16:13 27/07/2012] [16:13 27/07/2012]
hiberfil.sys --ahs-- 377704448 bytes [22:55 26/10/2010] [21:51 27/07/2012]
MSVCR100 Error Fix.txt --a---- 117 bytes [16:53 25/02/2011] [14:54 06/01/2011]
pagefile.sys --ahs-- 1935261696 bytes [22:55 26/10/2010] [21:51 27/07/2012]
rkill.log --a---- 605 bytes [18:46 20/07/2012] [03:22 27/07/2012]
TDSSKiller.2.7.46.0_20.07.2012_02.40.15_log.txt --a---- 139556 bytes [06:40 20/07/2012] [06:43 20/07/2012]
TDSSKiller.2.7.46.0_20.07.2012_03.26.48_log.txt --a---- 141480 bytes [07:26 20/07/2012] [07:28 20/07/2012]
TDSSKiller.2.7.46.0_20.07.2012_19.30.31_log.txt --a---- 397632 bytes [23:30 20/07/2012] [00:02 21/07/2012]
TDSSKiller.2.7.46.0_21.07.2012_13.39.38_log.txt --a---- 267264 bytes [17:39 21/07/2012] [17:43 21/07/2012]
TDSSKiller.2.7.48.0_26.07.2012_23.57.20_log.txt --a---- 135798 bytes [03:57 27/07/2012] [04:01 27/07/2012]

---Folders---
$RECYCLE.BIN d--hs-- [21:52 27/07/2012]
681d81e234914888ea d------ [04:13 13/10/2011]
ATI d------ [23:03 31/12/2010]
boot d------ [01:57 07/09/2009]
Config.Msi d------ [13:18 15/06/2011]
Documents and Settings d--hs-- [05:08 14/07/2009]
FRST d------ [20:02 20/07/2012]
HP d------ [22:05 28/01/2010]
Intel d------ [15:10 04/08/2010]
MSOCache dr----- [16:20 06/09/2010]
PerfLogs d------ [03:20 14/07/2009]
Program Files dr----- [03:20 14/07/2009]
Program Files (x86) d------ [03:20 14/07/2009]
ProgramData d------ [03:20 14/07/2009]
Python25 d------ [12:46 14/09/2010]
Qoobox d------ [00:14 21/07/2012]
Recovery d------ [01:02 07/09/2009]
Riot Games d------ [03:26 23/08/2011]
Sandbox dr----- [01:49 05/06/2011]
SwSetup d------ [00:40 07/09/2009]
System Volume Information d--hs-- [18:15 28/05/2010]
SYSTEM.SAV d-a---- [00:40 07/09/2009]
TDSSKiller_Quarantine d------ [06:41 20/07/2012]
Users dr----- [03:20 14/07/2009]
Windows d------ [03:20 14/07/2009]

-= EOF =-



SystemLook 30.07.11 by jpshortstuff
Log created at 17:58 on 27/07/2012 by Karanbir
Administrator - Elevation successful

========== dir ==========

c:\681d81e234914888ea - Parameters: "/s"

---Files---
$shtdwn$.req --ah--- 788 bytes [04:13 13/10/2011] [04:13 13/10/2011]
DHtmlHeader.html --a---- 16118 bytes [13:02 09/07/2011] [13:02 09/07/2011]
header.bmp --a---- 3628 bytes [21:57 11/07/2011] [21:57 11/07/2011]
NDP40-KB2572078.msp --a---- 23254016 bytes [21:33 11/07/2011] [21:33 11/07/2011]
ParameterInfo.xml --a---- 8274 bytes [22:01 11/07/2011] [22:01 11/07/2011]
Setup.exe --a---- 78152 bytes [13:23 09/07/2011] [13:23 09/07/2011]
SetupEngine.dll --a---- 809304 bytes [13:23 09/07/2011] [13:23 09/07/2011]
SetupUi.dll --a---- 295760 bytes [13:23 09/07/2011] [13:23 09/07/2011]
SetupUi.xsd --a---- 30120 bytes [13:02 09/07/2011] [13:02 09/07/2011]
SplashScreen.bmp --a---- 196662 bytes [21:57 11/07/2011] [21:57 11/07/2011]
sqmapi.dll --a---- 144416 bytes [13:02 09/07/2011] [13:02 09/07/2011]
Strings.xml --a---- 13606 bytes [21:57 11/07/2011] [21:57 11/07/2011]
UiInfo.xml --a---- 36180 bytes [21:57 11/07/2011] [21:57 11/07/2011]
watermark.bmp --a---- 104072 bytes [21:57 11/07/2011] [21:57 11/07/2011]

c:\681d81e234914888ea\1025 d------ [04:13 13/10/2011]
eula.rtf --a---- 123035 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 34086 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 16728 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1028 d------ [04:13 13/10/2011]
eula.rtf --a---- 128333 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 27950 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 13656 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1029 d------ [04:13 13/10/2011]
eula.rtf --a---- 101146 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 36822 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17752 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1030 d------ [04:13 13/10/2011]
eula.rtf --a---- 109464 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 36050 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17752 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1031 d------ [04:13 13/10/2011]
eula.rtf --a---- 91719 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 38050 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 18264 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1032 d------ [04:13 13/10/2011]
eula.rtf --a---- 102048 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 38958 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 18776 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1033 d------ [04:13 13/10/2011]
eula.rtf --a---- 138595 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 35802 bytes [15:19 09/07/2011] [15:19 09/07/2011]
SetupResources.dll --a---- 16728 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1035 d------ [04:13 13/10/2011]
eula.rtf --a---- 111176 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 36030 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17752 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1036 d------ [04:13 13/10/2011]
eula.rtf --a---- 133172 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 37832 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 18264 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1037 d------ [04:13 13/10/2011]
eula.rtf --a---- 125351 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 32912 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 16216 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1038 d------ [04:13 13/10/2011]
eula.rtf --a---- 110879 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 37822 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 18264 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1040 d------ [04:13 13/10/2011]
eula.rtf --a---- 124974 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 37192 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17752 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1041 d------ [04:13 13/10/2011]
eula.rtf --a---- 111958 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 31108 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 15192 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1042 d------ [04:13 13/10/2011]
eula.rtf --a---- 149503 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 30194 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 14680 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1043 d------ [04:13 13/10/2011]
eula.rtf --a---- 35285 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 36962 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 18776 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1044 d------ [04:13 13/10/2011]
eula.rtf --a---- 36083 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 36514 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17240 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1045 d------ [04:13 13/10/2011]
eula.rtf --a---- 126541 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 37222 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17752 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1046 d------ [04:13 13/10/2011]
eula.rtf --a---- 109574 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 36738 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17752 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1049 d------ [04:13 13/10/2011]
eula.rtf --a---- 49319 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 37656 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 18264 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1053 d------ [04:13 13/10/2011]
eula.rtf --a---- 125073 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 36020 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17240 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\1055 d------ [04:13 13/10/2011]
eula.rtf --a---- 112947 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 36274 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 17240 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\2052 d------ [04:13 13/10/2011]
eula.rtf --a---- 110754 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 27922 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 13656 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\2070 d------ [04:13 13/10/2011]
eula.rtf --a---- 125196 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 37404 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 18264 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\3076 d------ [04:13 13/10/2011]
eula.rtf --a---- 2060 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 27950 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 13656 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\3082 d------ [04:13 13/10/2011]
eula.rtf --a---- 108174 bytes [21:57 11/07/2011] [21:57 11/07/2011]
LocalizedData.xml --a---- 37314 bytes [22:02 11/07/2011] [22:02 11/07/2011]
SetupResources.dll --a---- 18264 bytes [13:23 09/07/2011] [13:23 09/07/2011]

c:\681d81e234914888ea\Graphics d------ [04:13 13/10/2011]
Print.ico --a---- 1150 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Rotate1.ico --a---- 894 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Rotate2.ico --a---- 894 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Rotate3.ico --a---- 894 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Rotate4.ico --a---- 894 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Rotate5.ico --a---- 894 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Rotate6.ico --a---- 894 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Rotate7.ico --a---- 894 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Rotate8.ico --a---- 894 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Save.ico --a---- 1150 bytes [12:59 09/07/2011] [12:59 09/07/2011]
Setup.ico --a---- 36710 bytes [12:59 09/07/2011] [12:59 09/07/2011]
stop.ico --a---- 10134 bytes [12:59 09/07/2011] [12:59 09/07/2011]
SysReqMet.ico --a---- 1150 bytes [12:59 09/07/2011] [12:59 09/07/2011]
SysReqNotMet.ico --a---- 1150 bytes [12:59 09/07/2011] [12:59 09/07/2011]
warn.ico --a---- 10134 bytes [12:59 09/07/2011] [12:59 09/07/2011]

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users