Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Infaction Need Help!


  • This topic is locked This topic is locked
29 replies to this topic

#1 Draidis

Draidis

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 12 August 2012 - 09:14 PM

Hello!

I recently woke up and turned on my computer one morning to find that my Microsoft Security Essentials (MSE) was for some reason disabled. I could open the program but affect nothing in it. As in I couldn't change tabs, run a scan update it, NOTHING. So I uninstalled and reinstalled it. That made things worse. MSE worked, sort-of, but I can no longer run a windows update or system restores. Right clicking often freezes the thing. Firefox freezes constantly to the point of making it unusable. Running a virus scan discovers a few trojan all named Sirefef something or other but I can't remove them without them just popping back up. Worst of all, as soon as windows boots I get a warning saying that I have 1 min to save my work before windows does an emergency reboot. When it does this reboot there isn't even the normal shutdown processes but it just goes black and strait to the boot screen. I did a little google searching and I noticed that apparently you guys have helped a few individuals with the same problem.

I'm running Win7 64bit. I followed the standard fixes you seem to be posting for everyone to do until the point that you guys said that it was different for everyone so I got FRST64 and here is my FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 10-08-2012 13:56:10
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [613536 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd)
HKLM-x32\...\Run: [GamingKeyboard] D:\Program Files (x86)\Gaming Keyboard\Gaminghid.exe [x]
HKLM-x32\...\Run: [GamingKeyboardOSD] D:\Program Files (x86)\Gaming Keyboard\OSD.exe [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] D:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKU\Kyle\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-10] (Valve Corporation)
HKU\Kyle\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Kyle\...\Run: [rundll32] C:\Users\Kyle\AppData\Local\Temp\rundll32 .exe [2786304 2011-10-23] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

==================== Services (Whitelisted) ======

2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] ()
2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations)
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 asusgsb; C:\Windows\System32\Drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [38248 2010-10-27] (Atheros)
3 ATHDFU; C:\Windows\System32\Drivers\ATHDFU.sys [55336 2010-10-27] (Windows ® Win 7 DDK provider)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [301680 2010-10-27] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [31080 2010-10-27] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [203624 2010-10-27] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [58992 2010-10-27] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [156520 2010-10-27] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [279152 2010-10-27] (Atheros)
1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2011-09-02] (ASUSTeK Computer Inc.)
3 GamingKB; C:\Windows\System32\Drivers\GamingKB.sys [24576 2010-04-21] ()
3 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
3 rzjoystk; C:\Windows\System32\Drivers\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
1 ghemkfzp; \??\C:\Windows\system32\drivers\ghemkfzp.sys [x]
0 mv91xx; C:\Windows\System32\DRIVERS\mv91xx.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-10 12:49 - 2012-08-10 12:49 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jjqscyxm.sys
2012-08-10 12:45 - 2012-08-10 12:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59E773C59A7B8F56
2012-08-10 12:43 - 2012-08-10 12:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.97E8D8AFEF8484BD
2012-08-10 12:41 - 2012-08-10 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66A8DEA8D28B07BF
2012-08-10 12:39 - 2012-08-10 12:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6C833D13BF53844
2012-08-10 12:28 - 2012-08-10 12:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.266B10E9DBE0B272
2012-07-31 16:55 - 2012-07-31 16:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.232792F4ADC089A3
2012-07-31 16:53 - 2012-07-31 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50F9F7427D8A63CA
2012-07-31 16:51 - 2012-07-31 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.967AD0CEA448F19C
2012-07-31 16:42 - 2012-07-31 16:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.014B73A40D9AAEAC
2012-07-31 16:39 - 2012-07-31 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9878F3300CA2CC8
2012-07-31 16:36 - 2012-07-31 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE55A2964C79E7DC
2012-07-31 16:35 - 2012-08-10 13:56 - 00000000 ____D C:\FRST
2012-07-31 16:33 - 2012-07-31 16:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F0A5ABF5C539D23
2012-07-31 16:30 - 2012-07-31 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5867467091EB56A6
2012-07-31 16:27 - 2012-07-31 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE32122F0CCC01
2012-07-31 16:24 - 2012-07-31 16:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D73C97FDAE215EF7
2012-07-31 16:21 - 2012-07-31 16:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52D1BC7A933125A6
2012-07-31 16:02 - 2012-07-31 16:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0537340A6D700558
2012-07-31 15:58 - 2012-07-31 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CC4EC29AAA8FD0D
2012-07-31 15:53 - 2012-07-31 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8BDE313A3D34AD7
2012-07-31 15:47 - 2012-07-31 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65201DD532AFD4FD
2012-07-31 15:44 - 2012-07-31 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AFA0615CE8D8D21
2012-07-31 14:47 - 2012-07-31 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C9257D22D14B9DC
2012-07-31 14:44 - 2012-07-31 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D0EBD4AF0888FE9
2012-07-31 14:41 - 2012-07-31 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1B0CB6B88F5C8D7
2012-07-31 14:38 - 2012-07-31 14:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C5250339C458DC5
2012-07-31 14:35 - 2012-07-31 14:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AD5165A4DFE5D20
2012-07-31 14:29 - 2012-07-31 14:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E26FB322DDC341A
2012-07-31 14:25 - 2012-07-31 14:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED3A8C2FF02201BF
2012-07-31 14:20 - 2012-07-31 14:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A76431D4348BFB3F
2012-07-31 14:16 - 2012-07-31 14:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-31 14:16 - 2012-07-31 14:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-30 21:34 - 2012-07-30 21:34 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-30 21:34 - 2012-07-30 21:34 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-07-30 19:42 - 2012-07-30 21:38 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\calibre
2012-07-26 13:49 - 2012-07-26 13:54 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\redsn0w
2012-07-22 20:02 - 2012-07-22 20:02 - 00001571 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-22 20:02 - 2012-07-22 20:02 - 00000000 ____D C:\Program Files\iTunes
2012-07-22 20:02 - 2012-07-22 20:02 - 00000000 ____D C:\Program Files\iPod
2012-07-19 07:42 - 2012-07-19 07:42 - 00312320 ____A C:\Users\Kyle\AppData\Local\ubsczjcvtv.exe
2012-07-15 23:20 - 2012-07-15 23:20 - 00000000 ____D C:\Users\Kyle\Documents\Rockstar Games
2012-07-15 20:20 - 2012-07-15 20:20 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\OpenOffice.org
2012-07-15 20:12 - 2012-07-15 20:12 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-07-15 20:12 - 2012-07-15 20:12 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-07-13 18:42 - 2012-07-13 18:42 - 00000000 __SHD C:\Users\All Users\SecuROM
2012-07-13 18:40 - 2012-07-13 18:40 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-07-13 18:40 - 2012-07-13 18:40 - 00000000 __RHD C:\Users\Kyle\AppData\Roaming\SecuROM
2012-07-13 18:40 - 2012-07-13 18:40 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-07-13 18:40 - 2012-07-13 18:40 - 00000000 ____D C:\Users\Kyle\AppData\Local\Rockstar Games
2012-07-13 18:40 - 2012-07-13 18:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-07-13 00:55 - 2012-07-13 00:55 - 00000000 ____D C:\Users\Kyle\AppData\Local\BigHugeEngine
2012-07-13 00:55 - 2012-07-13 00:55 - 00000000 ____D C:\Users\All Users\EA Core
2012-07-13 00:24 - 2012-07-13 00:24 - 00000000 ____D C:\Users\Kyle\AppData\Local\Origin
2012-07-13 00:24 - 2012-07-13 00:24 - 00000000 ____D C:\Program Files (x86)\Origin Games
2012-07-13 00:23 - 2012-07-13 00:55 - 00000000 ____D C:\Users\All Users\Electronic Arts
2012-07-13 00:00 - 2012-08-10 12:49 - 00003090 ____A C:\Windows\setupact.log
2012-07-13 00:00 - 2012-07-13 00:00 - 00000000 ____A C:\Windows\setuperr.log
2012-07-12 13:18 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 13:16 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-12 13:16 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-12 13:16 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-12 13:16 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-12 13:16 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-12 13:16 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-12 13:16 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-12 13:16 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-12 13:16 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 13:16 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 13:16 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 13:16 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 13:16 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 13:16 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 13:16 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 13:16 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 13:16 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 13:16 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 13:16 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 13:16 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 13:16 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 13:16 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 13:16 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 13:16 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 13:16 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 13:16 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 13:16 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 13:16 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 13:16 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 13:16 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 13:16 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 13:16 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 13:16 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 13:16 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 13:16 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 13:16 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 13:16 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-12 13:16 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-12 13:16 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-12 13:16 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-12 13:16 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-12 13:16 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-12 13:16 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-12 13:16 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-12 13:16 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-12 13:16 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-12 13:16 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll


============ 3 Months Modified Files ========================

2012-08-10 12:49 - 2012-08-10 12:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.206523156ACD8150
2012-08-10 12:49 - 2012-08-10 12:49 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\jjqscyxm.sys
2012-08-10 12:49 - 2012-07-13 00:00 - 00003090 ____A C:\Windows\setupact.log
2012-08-10 12:49 - 2011-08-30 16:49 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2012-08-10 12:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-10 12:45 - 2012-08-10 12:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59E773C59A7B8F56
2012-08-10 12:43 - 2012-08-10 12:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.97E8D8AFEF8484BD
2012-08-10 12:41 - 2012-08-10 12:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66A8DEA8D28B07BF
2012-08-10 12:39 - 2012-08-10 12:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6C833D13BF53844
2012-08-10 12:28 - 2012-08-10 12:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.266B10E9DBE0B272
2012-07-31 16:55 - 2012-07-31 16:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.232792F4ADC089A3
2012-07-31 16:53 - 2012-07-31 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50F9F7427D8A63CA
2012-07-31 16:51 - 2012-07-31 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.967AD0CEA448F19C
2012-07-31 16:42 - 2012-07-31 16:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.014B73A40D9AAEAC
2012-07-31 16:39 - 2012-07-31 16:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9878F3300CA2CC8
2012-07-31 16:36 - 2012-07-31 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE55A2964C79E7DC
2012-07-31 16:33 - 2012-07-31 16:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8F0A5ABF5C539D23
2012-07-31 16:30 - 2012-07-31 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5867467091EB56A6
2012-07-31 16:28 - 2012-04-11 22:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-31 16:27 - 2012-07-31 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE32122F0CCC01
2012-07-31 16:24 - 2012-07-31 16:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D73C97FDAE215EF7
2012-07-31 16:21 - 2012-07-31 16:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52D1BC7A933125A6
2012-07-31 16:02 - 2012-07-31 16:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0537340A6D700558
2012-07-31 16:02 - 2011-08-30 16:43 - 02100696 ____A C:\Windows\WindowsUpdate.log
2012-07-31 15:58 - 2012-07-31 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CC4EC29AAA8FD0D
2012-07-31 15:53 - 2012-07-31 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8BDE313A3D34AD7
2012-07-31 15:47 - 2012-07-31 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65201DD532AFD4FD
2012-07-31 15:44 - 2012-07-31 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AFA0615CE8D8D21
2012-07-31 14:47 - 2012-07-31 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C9257D22D14B9DC
2012-07-31 14:46 - 2009-07-13 21:08 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-31 14:44 - 2012-07-31 14:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D0EBD4AF0888FE9
2012-07-31 14:41 - 2012-07-31 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1B0CB6B88F5C8D7
2012-07-31 14:38 - 2012-07-31 14:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6C5250339C458DC5
2012-07-31 14:35 - 2012-07-31 14:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AD5165A4DFE5D20
2012-07-31 14:29 - 2012-07-31 14:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E26FB322DDC341A
2012-07-31 14:25 - 2012-07-31 14:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED3A8C2FF02201BF
2012-07-31 14:20 - 2012-07-31 14:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A76431D4348BFB3F
2012-07-31 14:19 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 14:19 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 14:17 - 2011-09-02 11:06 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-30 21:34 - 2012-07-30 21:34 - 00000960 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-27 05:28 - 2012-04-11 22:19 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 05:28 - 2011-09-02 11:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-22 20:16 - 2009-07-13 20:45 - 00294080 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-22 20:02 - 2012-07-22 20:02 - 00001571 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-19 07:42 - 2012-07-19 07:42 - 00312320 ____A C:\Users\Kyle\AppData\Local\ubsczjcvtv.exe
2012-07-16 09:34 - 2011-08-30 16:57 - 00064408 ____A C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-15 20:12 - 2012-07-15 20:12 - 00001168 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
2012-07-13 18:40 - 2012-07-13 18:40 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-07-13 18:39 - 2011-09-02 14:18 - 00309709 ____A C:\Windows\DirectX.log
2012-07-13 18:07 - 2011-09-02 09:40 - 00017504 ____A C:\Windows\PFRO.log
2012-07-13 00:23 - 2012-01-14 14:51 - 00002076 ____A C:\Windows\KB893803v2.log
2012-07-13 00:00 - 2012-07-13 00:00 - 00000000 ____A C:\Windows\setuperr.log
2012-07-12 13:17 - 2011-08-30 17:12 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-30 04:41 - 2012-06-30 04:06 - 00007785 ____A C:\Users\Kyle\Documents\Uninstall STAR WARS The Old Republic.log
2012-06-28 09:03 - 2011-09-02 11:34 - 00002120 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-06-11 19:08 - 2012-07-12 13:18 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 04:02 - 2012-06-09 04:02 - 00037270 ____A C:\Windows\SysWOW64\OggDSUninst.exe
2012-06-09 03:01 - 2012-06-09 03:01 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-09 02:52 - 2012-06-09 02:46 - 00019374 ____A C:\INSTALLHELPER.LOG
2012-06-09 02:52 - 2012-06-09 02:46 - 00008742 ____A C:\alotserviceruntime.log
2012-06-08 21:43 - 2012-07-12 13:16 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-12 13:16 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 05:02 - 2012-06-09 03:52 - 01345024 ____A C:\Windows\System32\ac3filter64.acm
2012-06-07 04:57 - 2012-04-10 19:31 - 01099264 ____A C:\Windows\SysWOW64\ac3filter.acm
2012-06-05 22:06 - 2012-07-12 13:16 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-12 13:16 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-12 13:16 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-12 13:16 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-12 13:16 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-12 13:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 20:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 20:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 20:33 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 20:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 20:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 20:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 20:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 20:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 20:33 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 13:16 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 13:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 13:16 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 13:16 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 13:16 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 13:16 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 13:16 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 13:16 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 13:16 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 13:16 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 13:16 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 13:16 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 13:16 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 13:16 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 13:16 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 13:16 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 13:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 13:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 13:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 13:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 13:16 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 13:16 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 13:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 13:16 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 13:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 13:16 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-12 13:16 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-12 13:16 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-12 13:16 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-12 13:16 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-12 13:16 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-12 13:16 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-12 13:16 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-12 13:16 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-12 13:16 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-21 14:15 - 2012-05-21 14:15 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk


ZeroAccess:
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}\@
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}\L
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}\n
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}\U
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}\L\00000004.@
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}\L\1afb2d56
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}\L\201d3dde
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}\U\00000008.@

ZeroAccess:
C:\Users\Kyle\AppData\Local\{f3926a58-4daa-756f-38a3-6936860b2461}
C:\Users\Kyle\AppData\Local\{f3926a58-4daa-756f-38a3-6936860b2461}\@
C:\Users\Kyle\AppData\Local\{f3926a58-4daa-756f-38a3-6936860b2461}\L
C:\Users\Kyle\AppData\Local\{f3926a58-4daa-756f-38a3-6936860b2461}\U
C:\Users\Kyle\AppData\Local\{f3926a58-4daa-756f-38a3-6936860b2461}\U\00000008.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8168.87 MB
Available physical RAM: 7377.34 MB
Total Pagefile: 8167.02 MB
Available Pagefile: 7373.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.57 GB) (Free:6.62 GB) NTFS
2 Drive d: (HDD) (Fixed) (Total:931.51 GB) (Free:813.44 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:4.84 GB) (Free:1.92 GB) FAT32
4 Drive g: (KOAR 1) (CDROM) (Total:7.42 GB) (Free:0 GB) UDF
9 Drive l: () (Removable) (Total:4.99 GB) (Free:1.99 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: () (Fixed) (Total:181.46 GB) (Free:100.24 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 186 GB 1024 KB
Disk 1 Online 931 GB 0 B
Disk 2 Online 111 GB 0 B *
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 5131 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 2 Primary 4965 MB 31 KB
Partition 1 Primary 181 GB 4965 MB

==================================================================================

Disk: 0
Partition 2
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY FAT32 Partition 4965 MB Healthy

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y NTFS Partition 181 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HDD NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System (partition with boot components) 100 MB 1024 KB
Partition 2 Reserved 128 MB 101 MB
Partition 3 Primary 111 GB 229 MB

==================================================================================

Disk: 2
Partition 1
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT32 Partition 100 MB Healthy Hidden

==================================================================================

Disk: 2
Partition 2
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

==================================================================================

Disk: 2
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 111 GB Healthy

==================================================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 5131 MB 0 B

==================================================================================

Disk: 7
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Last Boot: 2012-07-27 23:52

======================= End Of Log ==========================

Search.txt

Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 13:59:06
Running from L:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Thanks for any and all help you can provide!!!! I really need my computer and this bastard of a virus is killing me! Looking forwards to hearing from you.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 AM

Posted 13 August 2012 - 03:58 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461}
C:\Users\Kyle\AppData\Local\{f3926a58-4daa-756f-38a3-6936860b2461}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Draidis

Draidis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 August 2012 - 03:00 PM

Thanks for getting back to me so fast!

Here is the Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-13 12:56:08 Run:1
Running from L:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{f3926a58-4daa-756f-38a3-6936860b2461} moved successfully.
C:\Users\Kyle\AppData\Local\{f3926a58-4daa-756f-38a3-6936860b2461} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

#4 Draidis

Draidis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 August 2012 - 03:12 PM

My computer is no longer giving me the 1 min before restart warning followed by the subsequent reboot however after about 3 min of running all windows close followed by a system freeze and a black screen. Just keeping you updated :)

Thanks again for helping Gringo!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 AM

Posted 13 August 2012 - 03:13 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Draidis

Draidis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 August 2012 - 05:11 PM

Alright.... so I had a few problems but I think I got it all figured out. I had a problem with my computer freezing before combofix could even get close to doing it's job so I attempted to do it in Safemode. In Safemode there was a conflict with my Microsoft Security Essentials (MSE) which I could not seem to turn off even when it said it was off and I followed all the instructions in the links you provided.

I decided to run it anyways with the conflict in hopes that it might fix my crashing problem in normal mode. The Log from that I will post as CombofixLog1.

It worked and my computer no longer crashes.I ran Combofix again in normal mode in hopes of it doing it's proper job and still encountered that it thought it was conflicting with MSE so i cancelled the scan and uninstalled MSE. When running Combofix after the uninstall it STILL confliced with MSE despite MSE not even being installed on my computer anymore. I decided to let it run in hopes that it might fix that..... and it worked. That will be posed as CombofixLog2.

I decided to run Combofix one more time in hopes of getting a clean, conflict free scan with windows running in normal mode and the log for that I will post as CombofixLog3.

My computer appears to be running properly and clean but I have not reinstalled MSE or attempted to update anything yet as-per your request.

CombofixLog1

ComboFix 12-08-13.01 - Kyle 08/13/2012 14:01:55.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.7298 [GMT -7:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kyle\AppData\Local\Temp\rundll32 .exe
c:\users\Kyle\AppData\Local\ubsczjcvtv.exe
D:\install.exe
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 19:52 . 2012-08-13 19:52 328704 ----a-w- c:\windows\system32\services.exe.68898C5F0A8D423D
2012-08-13 19:50 . 2012-08-13 19:50 328704 ----a-w- c:\windows\system32\services.exe.1DC66328D2FB0892
2012-08-13 19:48 . 2012-08-13 19:48 328704 ----a-w- c:\windows\system32\services.exe.D90D463201A45E58
2012-08-13 19:46 . 2012-08-13 19:46 328704 ----a-w- c:\windows\system32\services.exe.16B8D0592263C1BA
2012-08-13 19:44 . 2012-08-13 19:44 328704 ----a-w- c:\windows\system32\services.exe.64F979FE6AD00481
2012-08-13 19:42 . 2012-08-13 19:42 328704 ----a-w- c:\windows\system32\services.exe.FABEE3850AA7C0EA
2012-08-10 21:15 . 2012-08-10 21:15 328704 ----a-w- c:\windows\system32\services.exe.811B191984F1F90C
2012-08-10 21:13 . 2012-08-10 21:13 328704 ----a-w- c:\windows\system32\services.exe.A2DD5689C04F364D
2012-08-10 21:11 . 2012-08-10 21:11 328704 ----a-w- c:\windows\system32\services.exe.294555F6999E6107
2012-08-10 21:09 . 2012-08-10 21:09 328704 ----a-w- c:\windows\system32\services.exe.B5F51706BCE80B94
2012-08-10 21:07 . 2012-08-10 21:07 328704 ----a-w- c:\windows\system32\services.exe.DE3C5B724811B231
2012-08-10 21:05 . 2012-08-10 21:05 328704 ----a-w- c:\windows\system32\services.exe.BF5FC450EF597390
2012-08-10 21:03 . 2012-08-10 21:03 328704 ----a-w- c:\windows\system32\services.exe.CB9261C006E0BE8A
2012-08-10 20:49 . 2012-08-10 20:49 328704 ----a-w- c:\windows\system32\services.exe.206523156ACD8150
2012-08-10 20:45 . 2012-08-10 20:45 328704 ----a-w- c:\windows\system32\services.exe.59E773C59A7B8F56
2012-08-10 20:43 . 2012-08-10 20:43 328704 ----a-w- c:\windows\system32\services.exe.97E8D8AFEF8484BD
2012-08-10 20:41 . 2012-08-10 20:41 328704 ----a-w- c:\windows\system32\services.exe.66A8DEA8D28B07BF
2012-08-10 20:39 . 2012-08-10 20:39 328704 ----a-w- c:\windows\system32\services.exe.B6C833D13BF53844
2012-08-10 20:28 . 2012-08-10 20:28 328704 ----a-w- c:\windows\system32\services.exe.266B10E9DBE0B272
2012-08-01 00:55 . 2012-08-01 00:55 328704 ----a-w- c:\windows\system32\services.exe.232792F4ADC089A3
2012-08-01 00:53 . 2012-08-01 00:53 328704 ----a-w- c:\windows\system32\services.exe.50F9F7427D8A63CA
2012-08-01 00:51 . 2012-08-01 00:51 328704 ----a-w- c:\windows\system32\services.exe.967AD0CEA448F19C
2012-08-01 00:51 . 2012-08-13 21:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7683786-6590-49E6-AA87-C97F6DD7C197}\offreg.dll
2012-08-01 00:42 . 2012-08-01 00:42 328704 ----a-w- c:\windows\system32\services.exe.014B73A40D9AAEAC
2012-08-01 00:39 . 2012-08-01 00:39 328704 ----a-w- c:\windows\system32\services.exe.E9878F3300CA2CC8
2012-08-01 00:36 . 2012-08-01 00:36 328704 ----a-w- c:\windows\system32\services.exe.DE55A2964C79E7DC
2012-08-01 00:35 . 2012-08-10 21:56 -------- d-----w- C:\FRST
2012-08-01 00:33 . 2012-08-01 00:33 328704 ----a-w- c:\windows\system32\services.exe.8F0A5ABF5C539D23
2012-08-01 00:30 . 2012-08-01 00:30 328704 ----a-w- c:\windows\system32\services.exe.5867467091EB56A6
2012-08-01 00:27 . 2012-08-01 00:27 328704 ----a-w- c:\windows\system32\services.exe.BDCE32122F0CCC01
2012-08-01 00:24 . 2012-08-01 00:24 328704 ----a-w- c:\windows\system32\services.exe.D73C97FDAE215EF7
2012-08-01 00:21 . 2012-08-01 00:21 328704 ----a-w- c:\windows\system32\services.exe.52D1BC7A933125A6
2012-08-01 00:02 . 2012-08-01 00:02 328704 ----a-w- c:\windows\system32\services.exe.0537340A6D700558
2012-07-31 23:58 . 2012-07-31 23:58 328704 ----a-w- c:\windows\system32\services.exe.2CC4EC29AAA8FD0D
2012-07-31 23:53 . 2012-07-31 23:53 328704 ----a-w- c:\windows\system32\services.exe.F8BDE313A3D34AD7
2012-07-31 23:47 . 2012-07-31 23:47 328704 ----a-w- c:\windows\system32\services.exe.65201DD532AFD4FD
2012-07-31 23:44 . 2012-07-31 23:44 328704 ----a-w- c:\windows\system32\services.exe.7AFA0615CE8D8D21
2012-07-31 22:47 . 2012-07-31 22:47 328704 ----a-w- c:\windows\system32\services.exe.1C9257D22D14B9DC
2012-07-31 22:44 . 2012-07-31 22:44 328704 ----a-w- c:\windows\system32\services.exe.2D0EBD4AF0888FE9
2012-07-31 22:41 . 2012-07-31 22:41 328704 ----a-w- c:\windows\system32\services.exe.E1B0CB6B88F5C8D7
2012-07-31 22:38 . 2012-07-31 22:38 328704 ----a-w- c:\windows\system32\services.exe.6C5250339C458DC5
2012-07-31 22:35 . 2012-07-31 22:35 328704 ----a-w- c:\windows\system32\services.exe.2AD5165A4DFE5D20
2012-07-31 22:29 . 2012-07-31 22:29 328704 ----a-w- c:\windows\system32\services.exe.1E26FB322DDC341A
2012-07-31 22:25 . 2012-07-31 22:25 328704 ----a-w- c:\windows\system32\services.exe.ED3A8C2FF02201BF
2012-07-31 22:20 . 2012-07-31 22:20 328704 ----a-w- c:\windows\system32\services.exe.A76431D4348BFB3F
2012-07-31 22:17 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CA1E84D-9CCF-4679-A806-21A434C7B3C3}\gapaengine.dll
2012-07-31 22:17 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7683786-6590-49E6-AA87-C97F6DD7C197}\mpengine.dll
2012-07-31 22:16 . 2012-07-31 22:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-31 22:16 . 2012-07-31 22:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-31 05:34 . 2012-07-31 05:34 -------- d-----w- c:\program files (x86)\Calibre2
2012-07-31 03:42 . 2012-07-31 05:38 -------- d-----w- c:\users\Kyle\AppData\Roaming\calibre
2012-07-26 21:49 . 2012-07-26 21:54 -------- d-----w- c:\users\Kyle\AppData\Roaming\redsn0w
2012-07-23 04:02 . 2012-07-23 04:02 -------- d-----w- c:\program files\iPod
2012-07-23 04:02 . 2012-07-23 04:02 -------- d-----w- c:\program files\iTunes
2012-07-16 04:20 . 2012-07-16 04:20 -------- d-----w- c:\users\Kyle\AppData\Roaming\OpenOffice.org
2012-07-16 04:12 . 2012-07-16 04:12 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 13:28 . 2012-04-12 06:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 13:28 . 2011-09-02 19:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 02:48 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-14 02:48 . 2009-08-18 18:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-14 02:40 . 2012-07-14 02:40 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-12 21:17 . 2011-08-31 01:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 21:18 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 12:02 . 2012-06-09 12:02 37270 ----a-w- c:\windows\SysWow64\OggDSUninst.exe
2012-06-09 05:43 . 2012-07-12 21:16 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 13:02 . 2012-06-09 11:52 1345024 ----a-w- c:\windows\system32\ac3filter64.acm
2012-06-07 12:57 . 2012-04-11 03:31 1099264 ----a-w- c:\windows\SysWow64\ac3filter.acm
2012-06-06 06:06 . 2012-07-12 21:16 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 21:16 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 21:16 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 21:16 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 21:16 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 21:16 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 04:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 04:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 04:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 04:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 04:33 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 04:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 04:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 04:33 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 04:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-12 21:16 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 21:16 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 21:16 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 21:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 21:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 21:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 21:16 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 21:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 21:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 21:16 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 21:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 21:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 21:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 21:16 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 21:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 21:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 21:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 21:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-12 21:16 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-12 21:16 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-12 21:16 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-12 21:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-12 21:16 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-12 21:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-12 21:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-12 21:16 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-12 21:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-10 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
"GamingKeyboard"="d:\program files (x86)\Gaming Keyboard\Gaminghid.exe" [2010-04-21 245760]
"GamingKeyboardOSD"="d:\program files (x86)\Gaming Keyboard\OSD.exe" [2010-04-21 1797120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-09-02 16384]
R1 ghemkfzp;ghemkfzp;c:\windows\system32\drivers\ghemkfzp.sys [x]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 GamingKB;Gaming Keyboard;c:\windows\system32\drivers\GamingKB.sys [2010-04-22 24576]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-15 157184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\1jdp2uu6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2129218757-3739024133-1350816024-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,ab,52,a6,f6,6b,08,23,8c,3f,0a,ca,c0,e3,2e,0e,42,f1,fb,10,54,
4f,1d,ae,36,bb,e0,d4,78,1d,fb,43,d9,bb,55,75,49,f0,eb,1a,d5,10,01,55,1b,b3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\0e\16\00\0c?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-13 14:04:35
ComboFix-quarantined-files.txt 2012-08-13 21:04
.
Pre-Run: 8,404,238,336 bytes free
Post-Run: 8,408,166,400 bytes free
.
- - End Of File - - CB32C9FB45707434D488AF407C34B2BF

CombofixLog2:

ComboFix 12-08-13.01 - Kyle 08/13/2012 14:08:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6848 [GMT -7:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 21:10 . 2012-08-13 21:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-13 19:52 . 2012-08-13 19:52 328704 ----a-w- c:\windows\system32\services.exe.68898C5F0A8D423D
2012-08-13 19:50 . 2012-08-13 19:50 328704 ----a-w- c:\windows\system32\services.exe.1DC66328D2FB0892
2012-08-13 19:48 . 2012-08-13 19:48 328704 ----a-w- c:\windows\system32\services.exe.D90D463201A45E58
2012-08-13 19:46 . 2012-08-13 19:46 328704 ----a-w- c:\windows\system32\services.exe.16B8D0592263C1BA
2012-08-13 19:44 . 2012-08-13 19:44 328704 ----a-w- c:\windows\system32\services.exe.64F979FE6AD00481
2012-08-13 19:42 . 2012-08-13 19:42 328704 ----a-w- c:\windows\system32\services.exe.FABEE3850AA7C0EA
2012-08-10 21:15 . 2012-08-10 21:15 328704 ----a-w- c:\windows\system32\services.exe.811B191984F1F90C
2012-08-10 21:13 . 2012-08-10 21:13 328704 ----a-w- c:\windows\system32\services.exe.A2DD5689C04F364D
2012-08-10 21:11 . 2012-08-10 21:11 328704 ----a-w- c:\windows\system32\services.exe.294555F6999E6107
2012-08-10 21:09 . 2012-08-10 21:09 328704 ----a-w- c:\windows\system32\services.exe.B5F51706BCE80B94
2012-08-10 21:07 . 2012-08-10 21:07 328704 ----a-w- c:\windows\system32\services.exe.DE3C5B724811B231
2012-08-10 21:05 . 2012-08-10 21:05 328704 ----a-w- c:\windows\system32\services.exe.BF5FC450EF597390
2012-08-10 21:03 . 2012-08-10 21:03 328704 ----a-w- c:\windows\system32\services.exe.CB9261C006E0BE8A
2012-08-10 20:49 . 2012-08-10 20:49 328704 ----a-w- c:\windows\system32\services.exe.206523156ACD8150
2012-08-10 20:45 . 2012-08-10 20:45 328704 ----a-w- c:\windows\system32\services.exe.59E773C59A7B8F56
2012-08-10 20:43 . 2012-08-10 20:43 328704 ----a-w- c:\windows\system32\services.exe.97E8D8AFEF8484BD
2012-08-10 20:41 . 2012-08-10 20:41 328704 ----a-w- c:\windows\system32\services.exe.66A8DEA8D28B07BF
2012-08-10 20:39 . 2012-08-10 20:39 328704 ----a-w- c:\windows\system32\services.exe.B6C833D13BF53844
2012-08-10 20:28 . 2012-08-10 20:28 328704 ----a-w- c:\windows\system32\services.exe.266B10E9DBE0B272
2012-08-01 00:55 . 2012-08-01 00:55 328704 ----a-w- c:\windows\system32\services.exe.232792F4ADC089A3
2012-08-01 00:53 . 2012-08-01 00:53 328704 ----a-w- c:\windows\system32\services.exe.50F9F7427D8A63CA
2012-08-01 00:51 . 2012-08-01 00:51 328704 ----a-w- c:\windows\system32\services.exe.967AD0CEA448F19C
2012-08-01 00:42 . 2012-08-01 00:42 328704 ----a-w- c:\windows\system32\services.exe.014B73A40D9AAEAC
2012-08-01 00:39 . 2012-08-01 00:39 328704 ----a-w- c:\windows\system32\services.exe.E9878F3300CA2CC8
2012-08-01 00:36 . 2012-08-01 00:36 328704 ----a-w- c:\windows\system32\services.exe.DE55A2964C79E7DC
2012-08-01 00:35 . 2012-08-10 21:56 -------- d-----w- C:\FRST
2012-08-01 00:33 . 2012-08-01 00:33 328704 ----a-w- c:\windows\system32\services.exe.8F0A5ABF5C539D23
2012-08-01 00:30 . 2012-08-01 00:30 328704 ----a-w- c:\windows\system32\services.exe.5867467091EB56A6
2012-08-01 00:27 . 2012-08-01 00:27 328704 ----a-w- c:\windows\system32\services.exe.BDCE32122F0CCC01
2012-08-01 00:24 . 2012-08-01 00:24 328704 ----a-w- c:\windows\system32\services.exe.D73C97FDAE215EF7
2012-08-01 00:21 . 2012-08-01 00:21 328704 ----a-w- c:\windows\system32\services.exe.52D1BC7A933125A6
2012-08-01 00:02 . 2012-08-01 00:02 328704 ----a-w- c:\windows\system32\services.exe.0537340A6D700558
2012-07-31 23:58 . 2012-07-31 23:58 328704 ----a-w- c:\windows\system32\services.exe.2CC4EC29AAA8FD0D
2012-07-31 23:53 . 2012-07-31 23:53 328704 ----a-w- c:\windows\system32\services.exe.F8BDE313A3D34AD7
2012-07-31 23:47 . 2012-07-31 23:47 328704 ----a-w- c:\windows\system32\services.exe.65201DD532AFD4FD
2012-07-31 23:44 . 2012-07-31 23:44 328704 ----a-w- c:\windows\system32\services.exe.7AFA0615CE8D8D21
2012-07-31 22:47 . 2012-07-31 22:47 328704 ----a-w- c:\windows\system32\services.exe.1C9257D22D14B9DC
2012-07-31 22:44 . 2012-07-31 22:44 328704 ----a-w- c:\windows\system32\services.exe.2D0EBD4AF0888FE9
2012-07-31 22:41 . 2012-07-31 22:41 328704 ----a-w- c:\windows\system32\services.exe.E1B0CB6B88F5C8D7
2012-07-31 22:38 . 2012-07-31 22:38 328704 ----a-w- c:\windows\system32\services.exe.6C5250339C458DC5
2012-07-31 22:35 . 2012-07-31 22:35 328704 ----a-w- c:\windows\system32\services.exe.2AD5165A4DFE5D20
2012-07-31 22:29 . 2012-07-31 22:29 328704 ----a-w- c:\windows\system32\services.exe.1E26FB322DDC341A
2012-07-31 22:25 . 2012-07-31 22:25 328704 ----a-w- c:\windows\system32\services.exe.ED3A8C2FF02201BF
2012-07-31 22:20 . 2012-07-31 22:20 328704 ----a-w- c:\windows\system32\services.exe.A76431D4348BFB3F
2012-07-31 05:34 . 2012-07-31 05:34 -------- d-----w- c:\program files (x86)\Calibre2
2012-07-31 03:42 . 2012-07-31 05:38 -------- d-----w- c:\users\Kyle\AppData\Roaming\calibre
2012-07-26 21:49 . 2012-07-26 21:54 -------- d-----w- c:\users\Kyle\AppData\Roaming\redsn0w
2012-07-23 04:02 . 2012-07-23 04:02 -------- d-----w- c:\program files\iPod
2012-07-23 04:02 . 2012-07-23 04:02 -------- d-----w- c:\program files\iTunes
2012-07-16 04:20 . 2012-07-16 04:20 -------- d-----w- c:\users\Kyle\AppData\Roaming\OpenOffice.org
2012-07-16 04:12 . 2012-07-16 04:12 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 13:28 . 2012-04-12 06:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 13:28 . 2011-09-02 19:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 02:48 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-14 02:48 . 2009-08-18 18:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-14 02:40 . 2012-07-14 02:40 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-12 21:17 . 2011-08-31 01:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 21:18 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 12:02 . 2012-06-09 12:02 37270 ----a-w- c:\windows\SysWow64\OggDSUninst.exe
2012-06-09 05:43 . 2012-07-12 21:16 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 13:02 . 2012-06-09 11:52 1345024 ----a-w- c:\windows\system32\ac3filter64.acm
2012-06-07 12:57 . 2012-04-11 03:31 1099264 ----a-w- c:\windows\SysWow64\ac3filter.acm
2012-06-06 06:06 . 2012-07-12 21:16 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 21:16 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 21:16 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 21:16 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 21:16 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 21:16 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 04:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 04:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 04:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 04:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 04:33 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 04:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 04:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 04:33 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 04:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-12 21:16 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 21:16 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 21:16 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 21:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 21:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 21:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 21:16 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 21:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 21:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 21:16 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 21:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 21:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 21:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 21:16 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 21:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 21:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 21:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 21:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-12 21:16 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-12 21:16 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-12 21:16 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-12 21:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-12 21:16 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-12 21:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-12 21:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-12 21:16 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-12 21:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-13_21.03.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-31 00:51 . 2012-08-13 21:08 37388 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-13 21:08 35112 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-31 00:47 . 2012-08-13 21:08 7274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2129218757-3739024133-1350816024-1000_UserData.bin
+ 2012-08-13 21:11 . 2012-08-13 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-01 00:51 . 2012-08-13 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-01 00:51 . 2012-08-13 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-13 21:11 . 2012-08-13 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-30 10:41 . 2012-08-13 21:07 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-30 10:41 . 2012-08-13 20:56 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-08-01 00:45 278712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-13 21:11 278712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-02 20:08 . 2012-08-13 20:59 968024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
+ 2011-09-02 20:08 . 2012-08-13 21:11 968024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
- 2009-07-14 04:54 . 2012-08-13 20:56 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-13 21:07 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-13 21:07 11681792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-13 20:56 11681792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-02 19:57 . 2012-08-13 20:59 47084752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2129218757-3739024133-1350816024-1000-8192.dat
+ 2011-09-02 19:57 . 2012-08-13 21:11 47084752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2129218757-3739024133-1350816024-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-10 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
"GamingKeyboard"="d:\program files (x86)\Gaming Keyboard\Gaminghid.exe" [2010-04-21 245760]
"GamingKeyboardOSD"="d:\program files (x86)\Gaming Keyboard\OSD.exe" [2010-04-21 1797120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
R1 ghemkfzp;ghemkfzp;c:\windows\system32\drivers\ghemkfzp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-09-02 16384]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 GamingKB;Gaming Keyboard;c:\windows\system32\drivers\GamingKB.sys [2010-04-22 24576]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-15 157184]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\1jdp2uu6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2129218757-3739024133-1350816024-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,ab,52,a6,f6,6b,08,23,8c,3f,0a,ca,c0,e3,2e,0e,42,f1,fb,10,54,
4f,1d,ae,36,bb,e0,d4,78,1d,fb,43,d9,bb,55,75,49,f0,eb,1a,d5,10,01,55,1b,b3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\0e\16\00\0c?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASDR.exe
.
**************************************************************************
.
Completion time: 2012-08-13 14:12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 21:12
ComboFix2.txt 2012-08-13 21:04
.
Pre-Run: 9,803,239,424 bytes free
Post-Run: 5,999,419,392 bytes free
.
- - End Of File - - 7644181F4F67925FCB4C4BD06AB3FE35

ComboffixLog3

ComboFix 12-08-13.01 - Kyle 08/13/2012 14:19:35.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6865 [GMT -7:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 21:21 . 2012-08-13 21:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-13 21:21 . 2012-08-13 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 21:18 . 2012-08-13 21:18 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-08-13 21:18 . 2012-08-13 21:18 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-08-13 21:18 . 2012-08-13 21:18 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-08-13 19:52 . 2012-08-13 19:52 328704 ----a-w- c:\windows\system32\services.exe.68898C5F0A8D423D
2012-08-13 19:50 . 2012-08-13 19:50 328704 ----a-w- c:\windows\system32\services.exe.1DC66328D2FB0892
2012-08-13 19:48 . 2012-08-13 19:48 328704 ----a-w- c:\windows\system32\services.exe.D90D463201A45E58
2012-08-13 19:46 . 2012-08-13 19:46 328704 ----a-w- c:\windows\system32\services.exe.16B8D0592263C1BA
2012-08-13 19:44 . 2012-08-13 19:44 328704 ----a-w- c:\windows\system32\services.exe.64F979FE6AD00481
2012-08-13 19:42 . 2012-08-13 19:42 328704 ----a-w- c:\windows\system32\services.exe.FABEE3850AA7C0EA
2012-08-10 21:15 . 2012-08-10 21:15 328704 ----a-w- c:\windows\system32\services.exe.811B191984F1F90C
2012-08-10 21:13 . 2012-08-10 21:13 328704 ----a-w- c:\windows\system32\services.exe.A2DD5689C04F364D
2012-08-10 21:11 . 2012-08-10 21:11 328704 ----a-w- c:\windows\system32\services.exe.294555F6999E6107
2012-08-10 21:09 . 2012-08-10 21:09 328704 ----a-w- c:\windows\system32\services.exe.B5F51706BCE80B94
2012-08-10 21:07 . 2012-08-10 21:07 328704 ----a-w- c:\windows\system32\services.exe.DE3C5B724811B231
2012-08-10 21:05 . 2012-08-10 21:05 328704 ----a-w- c:\windows\system32\services.exe.BF5FC450EF597390
2012-08-10 21:03 . 2012-08-10 21:03 328704 ----a-w- c:\windows\system32\services.exe.CB9261C006E0BE8A
2012-08-10 20:49 . 2012-08-10 20:49 328704 ----a-w- c:\windows\system32\services.exe.206523156ACD8150
2012-08-10 20:45 . 2012-08-10 20:45 328704 ----a-w- c:\windows\system32\services.exe.59E773C59A7B8F56
2012-08-10 20:43 . 2012-08-10 20:43 328704 ----a-w- c:\windows\system32\services.exe.97E8D8AFEF8484BD
2012-08-10 20:41 . 2012-08-10 20:41 328704 ----a-w- c:\windows\system32\services.exe.66A8DEA8D28B07BF
2012-08-10 20:39 . 2012-08-10 20:39 328704 ----a-w- c:\windows\system32\services.exe.B6C833D13BF53844
2012-08-10 20:28 . 2012-08-10 20:28 328704 ----a-w- c:\windows\system32\services.exe.266B10E9DBE0B272
2012-08-01 00:55 . 2012-08-01 00:55 328704 ----a-w- c:\windows\system32\services.exe.232792F4ADC089A3
2012-08-01 00:53 . 2012-08-01 00:53 328704 ----a-w- c:\windows\system32\services.exe.50F9F7427D8A63CA
2012-08-01 00:51 . 2012-08-01 00:51 328704 ----a-w- c:\windows\system32\services.exe.967AD0CEA448F19C
2012-08-01 00:42 . 2012-08-01 00:42 328704 ----a-w- c:\windows\system32\services.exe.014B73A40D9AAEAC
2012-08-01 00:39 . 2012-08-01 00:39 328704 ----a-w- c:\windows\system32\services.exe.E9878F3300CA2CC8
2012-08-01 00:36 . 2012-08-01 00:36 328704 ----a-w- c:\windows\system32\services.exe.DE55A2964C79E7DC
2012-08-01 00:35 . 2012-08-10 21:56 -------- d-----w- C:\FRST
2012-08-01 00:33 . 2012-08-01 00:33 328704 ----a-w- c:\windows\system32\services.exe.8F0A5ABF5C539D23
2012-08-01 00:30 . 2012-08-01 00:30 328704 ----a-w- c:\windows\system32\services.exe.5867467091EB56A6
2012-08-01 00:27 . 2012-08-01 00:27 328704 ----a-w- c:\windows\system32\services.exe.BDCE32122F0CCC01
2012-08-01 00:24 . 2012-08-01 00:24 328704 ----a-w- c:\windows\system32\services.exe.D73C97FDAE215EF7
2012-08-01 00:21 . 2012-08-01 00:21 328704 ----a-w- c:\windows\system32\services.exe.52D1BC7A933125A6
2012-08-01 00:02 . 2012-08-01 00:02 328704 ----a-w- c:\windows\system32\services.exe.0537340A6D700558
2012-07-31 23:58 . 2012-07-31 23:58 328704 ----a-w- c:\windows\system32\services.exe.2CC4EC29AAA8FD0D
2012-07-31 23:53 . 2012-07-31 23:53 328704 ----a-w- c:\windows\system32\services.exe.F8BDE313A3D34AD7
2012-07-31 23:47 . 2012-07-31 23:47 328704 ----a-w- c:\windows\system32\services.exe.65201DD532AFD4FD
2012-07-31 23:44 . 2012-07-31 23:44 328704 ----a-w- c:\windows\system32\services.exe.7AFA0615CE8D8D21
2012-07-31 22:47 . 2012-07-31 22:47 328704 ----a-w- c:\windows\system32\services.exe.1C9257D22D14B9DC
2012-07-31 22:44 . 2012-07-31 22:44 328704 ----a-w- c:\windows\system32\services.exe.2D0EBD4AF0888FE9
2012-07-31 22:41 . 2012-07-31 22:41 328704 ----a-w- c:\windows\system32\services.exe.E1B0CB6B88F5C8D7
2012-07-31 22:38 . 2012-07-31 22:38 328704 ----a-w- c:\windows\system32\services.exe.6C5250339C458DC5
2012-07-31 22:35 . 2012-07-31 22:35 328704 ----a-w- c:\windows\system32\services.exe.2AD5165A4DFE5D20
2012-07-31 22:29 . 2012-07-31 22:29 328704 ----a-w- c:\windows\system32\services.exe.1E26FB322DDC341A
2012-07-31 22:25 . 2012-07-31 22:25 328704 ----a-w- c:\windows\system32\services.exe.ED3A8C2FF02201BF
2012-07-31 22:20 . 2012-07-31 22:20 328704 ----a-w- c:\windows\system32\services.exe.A76431D4348BFB3F
2012-07-31 05:34 . 2012-07-31 05:34 -------- d-----w- c:\program files (x86)\Calibre2
2012-07-31 03:42 . 2012-07-31 05:38 -------- d-----w- c:\users\Kyle\AppData\Roaming\calibre
2012-07-26 21:49 . 2012-07-26 21:54 -------- d-----w- c:\users\Kyle\AppData\Roaming\redsn0w
2012-07-23 04:02 . 2012-07-23 04:02 -------- d-----w- c:\program files\iPod
2012-07-23 04:02 . 2012-07-23 04:02 -------- d-----w- c:\program files\iTunes
2012-07-16 04:20 . 2012-07-16 04:20 -------- d-----w- c:\users\Kyle\AppData\Roaming\OpenOffice.org
2012-07-16 04:12 . 2012-07-16 04:12 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 13:28 . 2012-04-12 06:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 13:28 . 2011-09-02 19:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 02:48 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-14 02:48 . 2009-08-18 18:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-14 02:40 . 2012-07-14 02:40 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-12 21:17 . 2011-08-31 01:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 21:18 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 12:02 . 2012-06-09 12:02 37270 ----a-w- c:\windows\SysWow64\OggDSUninst.exe
2012-06-09 05:43 . 2012-07-12 21:16 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 13:02 . 2012-06-09 11:52 1345024 ----a-w- c:\windows\system32\ac3filter64.acm
2012-06-07 12:57 . 2012-04-11 03:31 1099264 ----a-w- c:\windows\SysWow64\ac3filter.acm
2012-06-06 06:06 . 2012-07-12 21:16 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 21:16 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 21:16 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 21:16 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 21:16 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 21:16 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 04:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 04:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 04:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 04:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 04:33 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 04:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 04:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 04:33 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 04:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-12 21:16 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 21:16 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 21:16 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 21:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 21:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 21:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 21:16 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 21:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 21:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 21:16 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 21:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 21:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 21:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 21:16 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 21:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 21:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 21:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 21:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-12 21:16 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-12 21:16 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-12 21:16 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-12 21:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-12 21:16 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-12 21:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-12 21:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-12 21:16 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-12 21:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-13_21.03.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-31 00:51 . 2012-08-13 21:19 37858 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-13 21:19 35208 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-31 00:47 . 2012-08-13 21:19 7274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2129218757-3739024133-1350816024-1000_UserData.bin
+ 2012-08-13 21:17 . 2012-08-13 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-01 00:51 . 2012-08-13 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-01 00:51 . 2012-08-13 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-13 21:17 . 2012-08-13 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-30 10:41 . 2012-08-13 21:18 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-30 10:41 . 2012-08-13 20:56 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-08-01 00:45 278712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-13 21:17 278712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-02 20:08 . 2012-08-13 20:59 968024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
+ 2011-09-02 20:08 . 2012-08-13 21:17 968024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
- 2009-07-14 04:54 . 2012-08-13 20:56 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-13 21:18 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-13 21:18 11681792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-13 20:56 11681792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-02 19:57 . 2012-08-13 20:59 47084752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2129218757-3739024133-1350816024-1000-8192.dat
+ 2011-09-02 19:57 . 2012-08-13 21:11 47084752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2129218757-3739024133-1350816024-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-10 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
"GamingKeyboard"="d:\program files (x86)\Gaming Keyboard\Gaminghid.exe" [2010-04-21 245760]
"GamingKeyboardOSD"="d:\program files (x86)\Gaming Keyboard\OSD.exe" [2010-04-21 1797120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
R1 ghemkfzp;ghemkfzp;c:\windows\system32\drivers\ghemkfzp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-09-02 16384]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 GamingKB;Gaming Keyboard;c:\windows\system32\drivers\GamingKB.sys [2010-04-22 24576]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-15 157184]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\1jdp2uu6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2129218757-3739024133-1350816024-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,ab,52,a6,f6,6b,08,23,8c,3f,0a,ca,c0,e3,2e,0e,42,f1,fb,10,54,
4f,1d,ae,36,bb,e0,d4,78,1d,fb,43,d9,bb,55,75,49,f0,eb,1a,d5,10,01,55,1b,b3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\0e\16\00\0c?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-13 14:22:39
ComboFix-quarantined-files.txt 2012-08-13 21:22
ComboFix2.txt 2012-08-13 21:12
ComboFix3.txt 2012-08-13 21:04
.
Pre-Run: 5,768,458,240 bytes free
Post-Run: 5,404,737,536 bytes free
.
- - End Of File - - 5235C2C0918D0CF202909E6733F6E87F

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 AM

Posted 13 August 2012 - 09:13 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Draidis

Draidis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 August 2012 - 09:42 PM

Hi Gringo,

Everything seems to be running great so far, no infected or suspicious files detected.

tdsskiller report:

19:40:20.0812 6644 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:40:20.0812 6644 UEFI system
19:40:21.0412 6644 ============================================================
19:40:21.0412 6644 Current date / time: 2012/08/13 19:40:21.0412
19:40:21.0412 6644 SystemInfo:
19:40:21.0412 6644
19:40:21.0412 6644 OS Version: 6.1.7601 ServicePack: 1.0
19:40:21.0412 6644 Product type: Workstation
19:40:21.0412 6644 ComputerName: NCIX-PC
19:40:21.0412 6644 UserName: Kyle
19:40:21.0412 6644 Windows directory: C:\Windows
19:40:21.0412 6644 System windows directory: C:\Windows
19:40:21.0412 6644 Running under WOW64
19:40:21.0412 6644 Processor architecture: Intel x64
19:40:21.0412 6644 Number of processors: 4
19:40:21.0412 6644 Page size: 0x1000
19:40:21.0412 6644 Boot type: Normal boot
19:40:21.0412 6644 ============================================================
19:40:21.0542 6644 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:40:21.0562 6644 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:40:21.0582 6644 Drive \Device\Harddisk2\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:40:21.0592 6644 ============================================================
19:40:21.0592 6644 \Device\Harddisk0\DR0:
19:40:21.0592 6644 GPT partitions:
19:40:21.0592 6644 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0B353202-3012-4A43-8E9E-C0377802ECD5}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
19:40:21.0592 6644 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D137D898-4AE4-4B30-B2C1-5A8E14A98EDF}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
19:40:21.0592 6644 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E7EE7060-275A-44F0-A1EA-9CDE6A91636D}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xDF22000
19:40:21.0592 6644 MBR partitions:
19:40:21.0592 6644 \Device\Harddisk1\DR1:
19:40:21.0592 6644 MBR partitions:
19:40:21.0592 6644 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:40:21.0592 6644 \Device\Harddisk2\DR2:
19:40:21.0592 6644 MBR partitions:
19:40:21.0592 6644 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x9B2B39, BlocksNum 0x16AEB288
19:40:21.0592 6644 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x9B2AFA
19:40:21.0592 6644 ============================================================
19:40:21.0592 6644 C: <-> \Device\Harddisk0\DR0\Partition2
19:40:21.0612 6644 D: <-> \Device\Harddisk1\DR1\Partition0
19:40:21.0642 6644 E: <-> \Device\Harddisk2\DR2\Partition0
19:40:21.0642 6644 F: <-> \Device\Harddisk2\DR2\Partition1
19:40:21.0642 6644 ============================================================
19:40:21.0642 6644 Initialize success
19:40:21.0642 6644 ============================================================
19:40:23.0195 6700 ============================================================
19:40:23.0195 6700 Scan started
19:40:23.0195 6700 Mode: Manual;
19:40:23.0195 6700 ============================================================
19:40:23.0351 6700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:40:23.0351 6700 1394ohci - ok
19:40:23.0367 6700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:40:23.0367 6700 ACPI - ok
19:40:23.0367 6700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:40:23.0367 6700 AcpiPmi - ok
19:40:23.0382 6700 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:23.0382 6700 AdobeFlashPlayerUpdateSvc - ok
19:40:23.0398 6700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:40:23.0398 6700 adp94xx - ok
19:40:23.0414 6700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:40:23.0414 6700 adpahci - ok
19:40:23.0414 6700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:40:23.0414 6700 adpu320 - ok
19:40:23.0414 6700 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:40:23.0414 6700 AeLookupSvc - ok
19:40:23.0429 6700 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:40:23.0429 6700 AFD - ok
19:40:23.0429 6700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:40:23.0429 6700 agp440 - ok
19:40:23.0445 6700 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:40:23.0445 6700 ALG - ok
19:40:23.0445 6700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:40:23.0445 6700 aliide - ok
19:40:23.0445 6700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:40:23.0445 6700 amdide - ok
19:40:23.0445 6700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:40:23.0445 6700 AmdK8 - ok
19:40:23.0445 6700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:40:23.0445 6700 AmdPPM - ok
19:40:23.0460 6700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:40:23.0460 6700 amdsata - ok
19:40:23.0460 6700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:40:23.0460 6700 amdsbs - ok
19:40:23.0460 6700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:40:23.0460 6700 amdxata - ok
19:40:23.0476 6700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:40:23.0476 6700 AppID - ok
19:40:23.0476 6700 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:40:23.0476 6700 AppIDSvc - ok
19:40:23.0476 6700 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:40:23.0476 6700 Appinfo - ok
19:40:23.0476 6700 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:40:23.0476 6700 Apple Mobile Device - ok
19:40:23.0492 6700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:40:23.0492 6700 arc - ok
19:40:23.0492 6700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:40:23.0492 6700 arcsas - ok
19:40:23.0507 6700 ASDR (4b720cc508b4fb999a7bf0e6d84f73e1) C:\Windows\SysWOW64\ASDR.exe
19:40:23.0507 6700 ASDR - ok
19:40:23.0523 6700 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:40:23.0523 6700 aspnet_state - ok
19:40:23.0523 6700 asusgsb (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
19:40:23.0523 6700 asusgsb - ok
19:40:23.0523 6700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:23.0523 6700 AsyncMac - ok
19:40:23.0523 6700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:40:23.0523 6700 atapi - ok
19:40:23.0523 6700 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
19:40:23.0523 6700 AthBTPort - ok
19:40:23.0523 6700 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
19:40:23.0523 6700 ATHDFU - ok
19:40:23.0538 6700 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:40:23.0538 6700 AtherosSvc - ok
19:40:23.0554 6700 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:40:23.0554 6700 AudioEndpointBuilder - ok
19:40:23.0554 6700 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:40:23.0554 6700 AudioSrv - ok
19:40:23.0570 6700 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:40:23.0570 6700 AxInstSV - ok
19:40:23.0570 6700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:40:23.0585 6700 b06bdrv - ok
19:40:23.0585 6700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:40:23.0585 6700 b57nd60a - ok
19:40:23.0585 6700 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:40:23.0585 6700 BDESVC - ok
19:40:23.0601 6700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:40:23.0601 6700 Beep - ok
19:40:23.0601 6700 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:40:23.0616 6700 BFE - ok
19:40:23.0616 6700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:40:23.0616 6700 blbdrive - ok
19:40:23.0632 6700 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:40:23.0632 6700 Bonjour Service - ok
19:40:23.0632 6700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:40:23.0632 6700 bowser - ok
19:40:23.0632 6700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:40:23.0632 6700 BrFiltLo - ok
19:40:23.0632 6700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:40:23.0632 6700 BrFiltUp - ok
19:40:23.0648 6700 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:40:23.0648 6700 BridgeMP - ok
19:40:23.0648 6700 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:40:23.0648 6700 Browser - ok
19:40:23.0648 6700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:40:23.0648 6700 Brserid - ok
19:40:23.0663 6700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:40:23.0663 6700 BrSerWdm - ok
19:40:23.0663 6700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:40:23.0663 6700 BrUsbMdm - ok
19:40:23.0663 6700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:40:23.0663 6700 BrUsbSer - ok
19:40:23.0663 6700 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
19:40:23.0663 6700 BTATH_A2DP - ok
19:40:23.0663 6700 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
19:40:23.0663 6700 BTATH_BUS - ok
19:40:23.0679 6700 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:40:23.0679 6700 BTATH_HCRP - ok
19:40:23.0679 6700 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:40:23.0679 6700 BTATH_LWFLT - ok
19:40:23.0679 6700 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
19:40:23.0679 6700 BTATH_RCP - ok
19:40:23.0694 6700 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
19:40:23.0694 6700 BtFilter - ok
19:40:23.0694 6700 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:40:23.0694 6700 BthEnum - ok
19:40:23.0694 6700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:40:23.0694 6700 BTHMODEM - ok
19:40:23.0710 6700 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:40:23.0710 6700 BthPan - ok
19:40:23.0710 6700 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:40:23.0726 6700 BTHPORT - ok
19:40:23.0726 6700 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:40:23.0726 6700 bthserv - ok
19:40:23.0726 6700 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:40:23.0726 6700 BTHUSB - ok
19:40:23.0726 6700 catchme - ok
19:40:23.0726 6700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:40:23.0726 6700 cdfs - ok
19:40:23.0741 6700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:40:23.0741 6700 cdrom - ok
19:40:23.0741 6700 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:40:23.0741 6700 CertPropSvc - ok
19:40:23.0741 6700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:40:23.0741 6700 circlass - ok
19:40:23.0757 6700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:40:23.0757 6700 CLFS - ok
19:40:23.0757 6700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:23.0757 6700 clr_optimization_v2.0.50727_32 - ok
19:40:23.0772 6700 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:40:23.0772 6700 clr_optimization_v2.0.50727_64 - ok
19:40:23.0772 6700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:23.0772 6700 clr_optimization_v4.0.30319_32 - ok
19:40:23.0788 6700 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:40:23.0788 6700 clr_optimization_v4.0.30319_64 - ok
19:40:23.0788 6700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:23.0788 6700 CmBatt - ok
19:40:23.0788 6700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:40:23.0788 6700 cmdide - ok
19:40:23.0804 6700 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:40:23.0804 6700 CNG - ok
19:40:23.0804 6700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:40:23.0804 6700 Compbatt - ok
19:40:23.0804 6700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:40:23.0804 6700 CompositeBus - ok
19:40:23.0804 6700 COMSysApp - ok
19:40:23.0804 6700 cpuz135 - ok
19:40:23.0819 6700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:40:23.0819 6700 crcdisk - ok
19:40:23.0819 6700 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:40:23.0819 6700 CryptSvc - ok
19:40:23.0835 6700 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:40:23.0835 6700 DcomLaunch - ok
19:40:23.0850 6700 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:40:23.0850 6700 defragsvc - ok
19:40:23.0850 6700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:40:23.0850 6700 DfsC - ok
19:40:23.0866 6700 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:40:23.0866 6700 Dhcp - ok
19:40:23.0866 6700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:40:23.0866 6700 discache - ok
19:40:23.0866 6700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:40:23.0866 6700 Disk - ok
19:40:23.0882 6700 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:40:23.0882 6700 Dnscache - ok
19:40:23.0882 6700 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:40:23.0882 6700 dot3svc - ok
19:40:23.0882 6700 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:40:23.0882 6700 DPS - ok
19:40:23.0897 6700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:40:23.0897 6700 drmkaud - ok
19:40:23.0913 6700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:40:23.0928 6700 DXGKrnl - ok
19:40:23.0928 6700 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
19:40:23.0928 6700 e1cexpress - ok
19:40:23.0944 6700 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:40:23.0944 6700 EapHost - ok
19:40:23.0991 6700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:40:24.0006 6700 ebdrv - ok
19:40:24.0022 6700 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:40:24.0022 6700 EFS - ok
19:40:24.0038 6700 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:40:24.0038 6700 ehRecvr - ok
19:40:24.0053 6700 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:40:24.0053 6700 ehSched - ok
19:40:24.0053 6700 EIO64 (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
19:40:24.0053 6700 EIO64 - ok
19:40:24.0069 6700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:40:24.0069 6700 elxstor - ok
19:40:24.0069 6700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:40:24.0069 6700 ErrDev - ok
19:40:24.0084 6700 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:40:24.0084 6700 EventSystem - ok
19:40:24.0084 6700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:40:24.0084 6700 exfat - ok
19:40:24.0100 6700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:40:24.0100 6700 fastfat - ok
19:40:24.0116 6700 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:40:24.0116 6700 Fax - ok
19:40:24.0116 6700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:40:24.0116 6700 fdc - ok
19:40:24.0116 6700 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:40:24.0116 6700 fdPHost - ok
19:40:24.0131 6700 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:40:24.0131 6700 FDResPub - ok
19:40:24.0131 6700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:40:24.0131 6700 FileInfo - ok
19:40:24.0131 6700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:40:24.0131 6700 Filetrace - ok
19:40:24.0131 6700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:24.0131 6700 flpydisk - ok
19:40:24.0147 6700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:40:24.0147 6700 FltMgr - ok
19:40:24.0162 6700 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:40:24.0162 6700 FontCache - ok
19:40:24.0178 6700 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:40:24.0178 6700 FontCache3.0.0.0 - ok
19:40:24.0178 6700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:40:24.0178 6700 FsDepends - ok
19:40:24.0178 6700 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:40:24.0178 6700 Fs_Rec - ok
19:40:24.0194 6700 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
19:40:24.0194 6700 Futuremark SystemInfo Service - ok
19:40:24.0194 6700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:40:24.0194 6700 fvevol - ok
19:40:24.0194 6700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:40:24.0194 6700 gagp30kx - ok
19:40:24.0194 6700 GamingKB (1c31f33d680f5edb1a057d997e1da711) C:\Windows\system32\drivers\GamingKB.sys
19:40:24.0194 6700 GamingKB - ok
19:40:24.0209 6700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:40:24.0209 6700 GEARAspiWDM - ok
19:40:24.0209 6700 ghemkfzp - ok
19:40:24.0225 6700 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:40:24.0225 6700 gpsvc - ok
19:40:24.0225 6700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:40:24.0225 6700 hcw85cir - ok
19:40:24.0240 6700 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:40:24.0240 6700 HdAudAddService - ok
19:40:24.0240 6700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:40:24.0240 6700 HDAudBus - ok
19:40:24.0240 6700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:40:24.0240 6700 HidBatt - ok
19:40:24.0256 6700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:40:24.0256 6700 HidBth - ok
19:40:24.0256 6700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:40:24.0256 6700 HidIr - ok
19:40:24.0256 6700 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:40:24.0256 6700 hidserv - ok
19:40:24.0256 6700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:40:24.0256 6700 HidUsb - ok
19:40:24.0256 6700 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:40:24.0256 6700 hkmsvc - ok
19:40:24.0272 6700 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:40:24.0272 6700 HomeGroupListener - ok
19:40:24.0272 6700 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:40:24.0272 6700 HomeGroupProvider - ok
19:40:24.0287 6700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:40:24.0287 6700 HpSAMD - ok
19:40:24.0303 6700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:40:24.0303 6700 HTTP - ok
19:40:24.0303 6700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:40:24.0303 6700 hwpolicy - ok
19:40:24.0318 6700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:40:24.0318 6700 i8042prt - ok
19:40:24.0334 6700 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
19:40:24.0334 6700 iaStor - ok
19:40:24.0334 6700 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:40:24.0334 6700 IAStorDataMgrSvc - ok
19:40:24.0350 6700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:40:24.0350 6700 iaStorV - ok
19:40:24.0350 6700 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:40:24.0350 6700 IDriverT - ok
19:40:24.0381 6700 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:40:24.0381 6700 idsvc - ok
19:40:24.0412 6700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:40:24.0412 6700 iirsp - ok
19:40:24.0428 6700 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:40:24.0428 6700 IKEEXT - ok
19:40:24.0490 6700 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
19:40:24.0490 6700 IntcAzAudAddService - ok
19:40:24.0521 6700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:40:24.0521 6700 intelide - ok
19:40:24.0521 6700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:40:24.0521 6700 intelppm - ok
19:40:24.0537 6700 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
19:40:24.0537 6700 Intel® PROSet Monitoring Service - ok
19:40:24.0537 6700 IOMap (a01c412699b6f21645b2885c2bae4454) C:\Windows\system32\drivers\IOMap64.sys
19:40:24.0537 6700 IOMap - ok
19:40:24.0537 6700 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:40:24.0537 6700 IPBusEnum - ok
19:40:24.0552 6700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:24.0552 6700 IpFilterDriver - ok
19:40:24.0568 6700 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:40:24.0568 6700 iphlpsvc - ok
19:40:24.0568 6700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:40:24.0568 6700 IPMIDRV - ok
19:40:24.0584 6700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:40:24.0584 6700 IPNAT - ok
19:40:24.0599 6700 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
19:40:24.0599 6700 iPod Service - ok
19:40:24.0599 6700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:40:24.0599 6700 IRENUM - ok
19:40:24.0615 6700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:40:24.0615 6700 isapnp - ok
19:40:24.0615 6700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:40:24.0615 6700 iScsiPrt - ok
19:40:24.0630 6700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:24.0630 6700 kbdclass - ok
19:40:24.0630 6700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:24.0630 6700 kbdhid - ok
19:40:24.0630 6700 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:40:24.0630 6700 KeyIso - ok
19:40:24.0630 6700 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:40:24.0630 6700 KSecDD - ok
19:40:24.0646 6700 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:40:24.0646 6700 KSecPkg - ok
19:40:24.0646 6700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:40:24.0646 6700 ksthunk - ok
19:40:24.0662 6700 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:40:24.0662 6700 KtmRm - ok
19:40:24.0677 6700 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:40:24.0677 6700 LanmanServer - ok
19:40:24.0677 6700 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:40:24.0677 6700 LanmanWorkstation - ok
19:40:24.0693 6700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:40:24.0693 6700 lltdio - ok
19:40:24.0693 6700 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:40:24.0693 6700 lltdsvc - ok
19:40:24.0708 6700 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:40:24.0708 6700 lmhosts - ok
19:40:24.0708 6700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:40:24.0708 6700 LSI_FC - ok
19:40:24.0708 6700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:40:24.0708 6700 LSI_SAS - ok
19:40:24.0724 6700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:40:24.0724 6700 LSI_SAS2 - ok
19:40:24.0724 6700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:40:24.0724 6700 LSI_SCSI - ok
19:40:24.0724 6700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:40:24.0724 6700 luafv - ok
19:40:24.0740 6700 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:40:24.0740 6700 Mcx2Svc - ok
19:40:24.0740 6700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:40:24.0740 6700 megasas - ok
19:40:24.0740 6700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:40:24.0740 6700 MegaSR - ok
19:40:24.0755 6700 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:40:24.0755 6700 MEIx64 - ok
19:40:24.0755 6700 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:40:24.0755 6700 MMCSS - ok
19:40:24.0755 6700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:40:24.0755 6700 Modem - ok
19:40:24.0755 6700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:40:24.0755 6700 monitor - ok
19:40:24.0755 6700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:40:24.0755 6700 mouclass - ok
19:40:24.0771 6700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:40:24.0771 6700 mouhid - ok
19:40:24.0771 6700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:40:24.0771 6700 mountmgr - ok
19:40:24.0771 6700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:40:24.0771 6700 mpio - ok
19:40:24.0771 6700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:40:24.0771 6700 mpsdrv - ok
19:40:24.0802 6700 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:40:24.0802 6700 MpsSvc - ok
19:40:24.0818 6700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:40:24.0818 6700 MRxDAV - ok
19:40:24.0818 6700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:24.0818 6700 mrxsmb - ok
19:40:24.0833 6700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:24.0833 6700 mrxsmb10 - ok
19:40:24.0833 6700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:24.0833 6700 mrxsmb20 - ok
19:40:24.0833 6700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:40:24.0833 6700 msahci - ok
19:40:24.0849 6700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:40:24.0849 6700 msdsm - ok
19:40:24.0849 6700 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:40:24.0849 6700 MSDTC - ok
19:40:24.0849 6700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:40:24.0849 6700 Msfs - ok
19:40:24.0864 6700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:40:24.0864 6700 mshidkmdf - ok
19:40:24.0864 6700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:40:24.0864 6700 msisadrv - ok
19:40:24.0864 6700 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:40:24.0864 6700 MSiSCSI - ok
19:40:24.0864 6700 msiserver - ok
19:40:24.0864 6700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:40:24.0864 6700 MSKSSRV - ok
19:40:24.0880 6700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:24.0880 6700 MSPCLOCK - ok
19:40:24.0880 6700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:40:24.0880 6700 MSPQM - ok
19:40:24.0880 6700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:40:24.0896 6700 MsRPC - ok
19:40:24.0896 6700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:40:24.0896 6700 mssmbios - ok
19:40:24.0896 6700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:40:24.0896 6700 MSTEE - ok
19:40:24.0896 6700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:40:24.0896 6700 MTConfig - ok
19:40:24.0896 6700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:40:24.0896 6700 Mup - ok
19:40:24.0911 6700 mv91xx - ok
19:40:24.0927 6700 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:40:24.0927 6700 napagent - ok
19:40:24.0927 6700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:40:24.0927 6700 NativeWifiP - ok
19:40:24.0958 6700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:40:24.0974 6700 NDIS - ok
19:40:24.0974 6700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:40:24.0974 6700 NdisCap - ok
19:40:24.0974 6700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:24.0974 6700 NdisTapi - ok
19:40:24.0974 6700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:24.0974 6700 Ndisuio - ok
19:40:24.0989 6700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:24.0989 6700 NdisWan - ok
19:40:24.0989 6700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:40:24.0989 6700 NDProxy - ok
19:40:24.0989 6700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:40:24.0989 6700 NetBIOS - ok
19:40:25.0005 6700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:40:25.0005 6700 NetBT - ok
19:40:25.0005 6700 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:40:25.0005 6700 Netlogon - ok
19:40:25.0020 6700 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:40:25.0020 6700 Netman - ok
19:40:25.0036 6700 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:25.0036 6700 NetMsmqActivator - ok
19:40:25.0036 6700 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:25.0036 6700 NetPipeActivator - ok
19:40:25.0052 6700 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:40:25.0052 6700 netprofm - ok
19:40:25.0067 6700 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:25.0067 6700 NetTcpActivator - ok
19:40:25.0067 6700 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:25.0067 6700 NetTcpPortSharing - ok
19:40:25.0067 6700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:40:25.0067 6700 nfrd960 - ok
19:40:25.0083 6700 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:40:25.0083 6700 NlaSvc - ok
19:40:25.0083 6700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:40:25.0083 6700 Npfs - ok
19:40:25.0098 6700 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:40:25.0098 6700 nsi - ok
19:40:25.0098 6700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:40:25.0098 6700 nsiproxy - ok
19:40:25.0130 6700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:40:25.0145 6700 Ntfs - ok
19:40:25.0161 6700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:40:25.0161 6700 Null - ok
19:40:25.0176 6700 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:40:25.0176 6700 nusb3hub - ok
19:40:25.0176 6700 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:40:25.0176 6700 nusb3xhc - ok
19:40:25.0192 6700 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
19:40:25.0192 6700 NVHDA - ok
19:40:25.0473 6700 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:40:25.0520 6700 nvlddmkm - ok
19:40:25.0551 6700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:40:25.0551 6700 nvraid - ok
19:40:25.0551 6700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:40:25.0551 6700 nvstor - ok
19:40:25.0598 6700 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
19:40:25.0598 6700 nvsvc - ok
19:40:25.0660 6700 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:40:25.0676 6700 nvUpdatusService - ok
19:40:25.0691 6700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:40:25.0691 6700 nv_agp - ok
19:40:25.0707 6700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:40:25.0707 6700 ohci1394 - ok
19:40:25.0707 6700 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:40:25.0707 6700 p2pimsvc - ok
19:40:25.0722 6700 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:40:25.0722 6700 p2psvc - ok
19:40:25.0738 6700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:40:25.0738 6700 Parport - ok
19:40:25.0738 6700 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:40:25.0738 6700 partmgr - ok
19:40:25.0754 6700 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:40:25.0754 6700 PcaSvc - ok
19:40:25.0754 6700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:40:25.0754 6700 pci - ok
19:40:25.0754 6700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:40:25.0754 6700 pciide - ok
19:40:25.0769 6700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:40:25.0769 6700 pcmcia - ok
19:40:25.0769 6700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:40:25.0769 6700 pcw - ok
19:40:25.0785 6700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:40:25.0785 6700 PEAUTH - ok
19:40:25.0816 6700 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:40:25.0816 6700 PerfHost - ok
19:40:25.0847 6700 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:40:25.0863 6700 pla - ok
19:40:25.0878 6700 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:40:25.0878 6700 PlugPlay - ok
19:40:25.0878 6700 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:40:25.0878 6700 PNRPAutoReg - ok
19:40:25.0894 6700 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:40:25.0894 6700 PNRPsvc - ok
19:40:25.0910 6700 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:40:25.0910 6700 PolicyAgent - ok
19:40:25.0925 6700 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:40:25.0925 6700 Power - ok
19:40:25.0925 6700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:40:25.0925 6700 PptpMiniport - ok
19:40:25.0941 6700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:40:25.0941 6700 Processor - ok
19:40:25.0941 6700 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:40:25.0941 6700 ProfSvc - ok
19:40:25.0941 6700 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:40:25.0941 6700 ProtectedStorage - ok
19:40:25.0956 6700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:40:25.0956 6700 Psched - ok
19:40:25.0988 6700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:40:26.0003 6700 ql2300 - ok
19:40:26.0034 6700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:40:26.0034 6700 ql40xx - ok
19:40:26.0034 6700 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:40:26.0034 6700 QWAVE - ok
19:40:26.0050 6700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:40:26.0050 6700 QWAVEdrv - ok
19:40:26.0050 6700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:40:26.0050 6700 RasAcd - ok
19:40:26.0050 6700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:40:26.0050 6700 RasAgileVpn - ok
19:40:26.0050 6700 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:40:26.0050 6700 RasAuto - ok
19:40:26.0066 6700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:26.0066 6700 Rasl2tp - ok
19:40:26.0081 6700 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:40:26.0081 6700 RasMan - ok
19:40:26.0081 6700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:26.0081 6700 RasPppoe - ok
19:40:26.0097 6700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:40:26.0097 6700 RasSstp - ok
19:40:26.0097 6700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:40:26.0097 6700 rdbss - ok
19:40:26.0112 6700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:40:26.0112 6700 rdpbus - ok
19:40:26.0112 6700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:26.0112 6700 RDPCDD - ok
19:40:26.0112 6700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:40:26.0112 6700 RDPENCDD - ok
19:40:26.0112 6700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:40:26.0112 6700 RDPREFMP - ok
19:40:26.0128 6700 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:40:26.0128 6700 RDPWD - ok
19:40:26.0128 6700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:40:26.0128 6700 rdyboost - ok
19:40:26.0144 6700 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:40:26.0144 6700 RemoteAccess - ok
19:40:26.0144 6700 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:40:26.0144 6700 RemoteRegistry - ok
19:40:26.0159 6700 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:40:26.0159 6700 RFCOMM - ok
19:40:26.0159 6700 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:40:26.0159 6700 RpcEptMapper - ok
19:40:26.0159 6700 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:40:26.0159 6700 RpcLocator - ok
19:40:26.0175 6700 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:40:26.0190 6700 RpcSs - ok
19:40:26.0190 6700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:40:26.0190 6700 rspndr - ok
19:40:26.0190 6700 rzjoystk (b674400273552406f11a02387222cd0f) C:\Windows\system32\DRIVERS\rzjoystk.sys
19:40:26.0190 6700 rzjoystk - ok
19:40:26.0206 6700 RzSynapse (95cbc73e98f4a5ef4366dbb4b4e5d436) C:\Windows\system32\DRIVERS\RzSynapse.sys
19:40:26.0206 6700 RzSynapse - ok
19:40:26.0206 6700 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:40:26.0206 6700 SamSs - ok
19:40:26.0206 6700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:40:26.0206 6700 sbp2port - ok
19:40:26.0222 6700 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:40:26.0222 6700 SCardSvr - ok
19:40:26.0222 6700 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
19:40:26.0222 6700 SCDEmu - ok
19:40:26.0222 6700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:40:26.0222 6700 scfilter - ok
19:40:26.0253 6700 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:40:26.0268 6700 Schedule - ok
19:40:26.0268 6700 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:40:26.0268 6700 SCPolicySvc - ok
19:40:26.0284 6700 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:40:26.0284 6700 SDRSVC - ok
19:40:26.0284 6700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:40:26.0284 6700 secdrv - ok
19:40:26.0284 6700 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:40:26.0284 6700 seclogon - ok
19:40:26.0300 6700 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:40:26.0300 6700 SENS - ok
19:40:26.0300 6700 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:40:26.0300 6700 SensrSvc - ok
19:40:26.0300 6700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:40:26.0300 6700 Serenum - ok
19:40:26.0300 6700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:40:26.0300 6700 Serial - ok
19:40:26.0315 6700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:40:26.0315 6700 sermouse - ok
19:40:26.0315 6700 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:40:26.0315 6700 SessionEnv - ok
19:40:26.0315 6700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:40:26.0315 6700 sffdisk - ok
19:40:26.0331 6700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:40:26.0331 6700 sffp_mmc - ok
19:40:26.0331 6700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:40:26.0331 6700 sffp_sd - ok
19:40:26.0331 6700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:40:26.0331 6700 sfloppy - ok
19:40:26.0346 6700 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:40:26.0346 6700 SharedAccess - ok
19:40:26.0362 6700 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:40:26.0362 6700 ShellHWDetection - ok
19:40:26.0362 6700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:40:26.0362 6700 SiSRaid2 - ok
19:40:26.0378 6700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:40:26.0378 6700 SiSRaid4 - ok
19:40:26.0378 6700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:40:26.0378 6700 Smb - ok
19:40:26.0378 6700 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:40:26.0378 6700 SNMPTRAP - ok
19:40:26.0393 6700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:40:26.0393 6700 spldr - ok
19:40:26.0409 6700 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:40:26.0409 6700 Spooler - ok
19:40:26.0502 6700 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:40:26.0518 6700 sppsvc - ok
19:40:26.0549 6700 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:40:26.0549 6700 sppuinotify - ok
19:40:26.0565 6700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:40:26.0565 6700 srv - ok
19:40:26.0580 6700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:40:26.0580 6700 srv2 - ok
19:40:26.0580 6700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:40:26.0580 6700 srvnet - ok
19:40:26.0596 6700 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:40:26.0596 6700 SSDPSRV - ok
19:40:26.0596 6700 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:40:26.0596 6700 SstpSvc - ok
19:40:26.0596 6700 Steam Client Service - ok
19:40:26.0612 6700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:40:26.0612 6700 stexstor - ok
19:40:26.0627 6700 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:40:26.0627 6700 stisvc - ok
19:40:26.0627 6700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:40:26.0627 6700 swenum - ok
19:40:26.0643 6700 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:40:26.0643 6700 swprv - ok
19:40:26.0690 6700 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:40:26.0705 6700 SysMain - ok
19:40:26.0736 6700 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:40:26.0736 6700 TabletInputService - ok
19:40:26.0736 6700 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:40:26.0736 6700 TapiSrv - ok
19:40:26.0752 6700 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:40:26.0752 6700 TBS - ok
19:40:26.0799 6700 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:40:26.0799 6700 Tcpip - ok
19:40:26.0861 6700 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:40:26.0877 6700 TCPIP6 - ok
19:40:26.0892 6700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:40:26.0892 6700 tcpipreg - ok
19:40:26.0892 6700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:40:26.0892 6700 TDPIPE - ok
19:40:26.0908 6700 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:40:26.0908 6700 TDTCP - ok
19:40:26.0908 6700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:40:26.0908 6700 tdx - ok
19:40:26.0908 6700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:40:26.0908 6700 TermDD - ok
19:40:26.0939 6700 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:40:26.0939 6700 TermService - ok
19:40:26.0939 6700 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:40:26.0939 6700 Themes - ok
19:40:26.0939 6700 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:40:26.0955 6700 THREADORDER - ok
19:40:26.0955 6700 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:40:26.0955 6700 TrkWks - ok
19:40:26.0970 6700 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:40:26.0970 6700 TrustedInstaller - ok
19:40:26.0970 6700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:26.0970 6700 tssecsrv - ok
19:40:26.0970 6700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:40:26.0970 6700 TsUsbFlt - ok
19:40:26.0986 6700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:40:26.0986 6700 tunnel - ok
19:40:26.0986 6700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:40:26.0986 6700 uagp35 - ok
19:40:27.0002 6700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:40:27.0002 6700 udfs - ok
19:40:27.0002 6700 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:40:27.0002 6700 UI0Detect - ok
19:40:27.0002 6700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:40:27.0002 6700 uliagpkx - ok
19:40:27.0017 6700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:40:27.0017 6700 umbus - ok
19:40:27.0017 6700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:40:27.0017 6700 UmPass - ok
19:40:27.0033 6700 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:40:27.0033 6700 upnphost - ok
19:40:27.0033 6700 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:40:27.0033 6700 USBAAPL64 - ok
19:40:27.0033 6700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:40:27.0033 6700 usbccgp - ok
19:40:27.0048 6700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:40:27.0048 6700 usbcir - ok
19:40:27.0048 6700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:40:27.0048 6700 usbehci - ok
19:40:27.0064 6700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:40:27.0064 6700 usbhub - ok
19:40:27.0064 6700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:40:27.0064 6700 usbohci - ok
19:40:27.0064 6700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:40:27.0064 6700 usbprint - ok
19:40:27.0064 6700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:40:27.0064 6700 usbscan - ok
19:40:27.0080 6700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:27.0080 6700 USBSTOR - ok
19:40:27.0080 6700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:40:27.0080 6700 usbuhci - ok
19:40:27.0080 6700 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:40:27.0080 6700 UxSms - ok
19:40:27.0080 6700 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:40:27.0080 6700 VaultSvc - ok
19:40:27.0095 6700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:40:27.0095 6700 vdrvroot - ok
19:40:27.0111 6700 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:40:27.0111 6700 vds - ok
19:40:27.0111 6700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:27.0111 6700 vga - ok
19:40:27.0111 6700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:40:27.0111 6700 VgaSave - ok
19:40:27.0126 6700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:40:27.0126 6700 vhdmp - ok
19:40:27.0126 6700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:40:27.0126 6700 viaide - ok
19:40:27.0126 6700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:40:27.0126 6700 volmgr - ok
19:40:27.0142 6700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:40:27.0142 6700 volmgrx - ok
19:40:27.0158 6700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:40:27.0158 6700 volsnap - ok
19:40:27.0173 6700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:40:27.0173 6700 vsmraid - ok
19:40:27.0220 6700 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:40:27.0220 6700 VSS - ok
19:40:27.0251 6700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:40:27.0251 6700 vwifibus - ok
19:40:27.0267 6700 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:40:27.0267 6700 W32Time - ok
19:40:27.0267 6700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:40:27.0267 6700 WacomPen - ok
19:40:27.0267 6700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:40:27.0267 6700 WANARP - ok
19:40:27.0282 6700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:40:27.0282 6700 Wanarpv6 - ok
19:40:27.0314 6700 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:40:27.0314 6700 WatAdminSvc - ok
19:40:27.0360 6700 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:40:27.0360 6700 wbengine - ok
19:40:27.0392 6700 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:40:27.0392 6700 WbioSrvc - ok
19:40:27.0407 6700 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:40:27.0407 6700 wcncsvc - ok
19:40:27.0407 6700 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:40:27.0407 6700 WcsPlugInService - ok
19:40:27.0423 6700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:40:27.0423 6700 Wd - ok
19:40:27.0438 6700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:40:27.0438 6700 Wdf01000 - ok
19:40:27.0454 6700 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:40:27.0454 6700 WdiServiceHost - ok
19:40:27.0454 6700 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:40:27.0454 6700 WdiSystemHost - ok
19:40:27.0454 6700 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:40:27.0470 6700 WebClient - ok
19:40:27.0485 6700 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:40:27.0485 6700 Wecsvc - ok
19:40:27.0485 6700 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:40:27.0485 6700 wercplsupport - ok
19:40:27.0501 6700 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:40:27.0501 6700 WerSvc - ok
19:40:27.0501 6700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:40:27.0501 6700 WfpLwf - ok
19:40:27.0501 6700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:40:27.0501 6700 WIMMount - ok
19:40:27.0501 6700 WinDefend - ok
19:40:27.0516 6700 WinHttpAutoProxySvc - ok
19:40:27.0532 6700 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:40:27.0532 6700 Winmgmt - ok
19:40:27.0579 6700 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:40:27.0594 6700 WinRM - ok
19:40:27.0626 6700 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:40:27.0626 6700 WinUsb - ok
19:40:27.0641 6700 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:40:27.0641 6700 Wlansvc - ok
19:40:27.0704 6700 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:40:27.0704 6700 wlidsvc - ok
19:40:27.0735 6700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:40:27.0735 6700 WmiAcpi - ok
19:40:27.0750 6700 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:40:27.0750 6700 wmiApSrv - ok
19:40:27.0750 6700 WMPNetworkSvc - ok
19:40:27.0750 6700 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:40:27.0750 6700 WPCSvc - ok
19:40:27.0750 6700 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:40:27.0766 6700 WPDBusEnum - ok
19:40:27.0766 6700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:40:27.0766 6700 ws2ifsl - ok
19:40:27.0766 6700 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:40:27.0766 6700 wscsvc - ok
19:40:27.0766 6700 WSearch - ok
19:40:27.0828 6700 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:40:27.0828 6700 wuauserv - ok
19:40:27.0860 6700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:40:27.0860 6700 WudfPf - ok
19:40:27.0875 6700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:40:27.0875 6700 WUDFRd - ok
19:40:27.0875 6700 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:40:27.0875 6700 wudfsvc - ok
19:40:27.0891 6700 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:40:27.0891 6700 WwanSvc - ok
19:40:27.0891 6700 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
19:40:27.0891 6700 \Device\Harddisk0\DR0 - ok
19:40:27.0906 6700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:40:27.0953 6700 \Device\Harddisk1\DR1 - ok
19:40:27.0953 6700 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk2\DR2
19:40:27.0969 6700 \Device\Harddisk2\DR2 - ok
19:40:27.0984 6700 Boot (0x1200) (0342a24b791ef6a496e9e693546f556a) \Device\Harddisk0\DR0\Partition0
19:40:27.0984 6700 \Device\Harddisk0\DR0\Partition0 - ok
19:40:27.0984 6700 Boot (0x1200) (a1a1cc4ba4ae1c51fc0245e9b1587ffb) \Device\Harddisk0\DR0\Partition1
19:40:27.0984 6700 \Device\Harddisk0\DR0\Partition1 - ok
19:40:27.0984 6700 Boot (0x1200) (60f7ddf4bcad08733eef29d534238f21) \Device\Harddisk0\DR0\Partition2
19:40:27.0984 6700 \Device\Harddisk0\DR0\Partition2 - ok
19:40:27.0984 6700 Boot (0x1200) (31b6baf2ef41127616e796fb7e1680fd) \Device\Harddisk1\DR1\Partition0
19:40:27.0984 6700 \Device\Harddisk1\DR1\Partition0 - ok
19:40:27.0984 6700 Boot (0x1200) (f80bad8f2830add4a21f86d9e55b3424) \Device\Harddisk2\DR2\Partition0
19:40:27.0984 6700 \Device\Harddisk2\DR2\Partition0 - ok
19:40:27.0984 6700 Boot (0x1200) (26016e5ed18c9b6e736eac9f2a289b39) \Device\Harddisk2\DR2\Partition1
19:40:27.0984 6700 \Device\Harddisk2\DR2\Partition1 - ok
19:40:27.0984 6700 ============================================================
19:40:27.0984 6700 Scan finished
19:40:27.0984 6700 ============================================================
19:40:27.0984 6692 Detected object count: 0
19:40:27.0984 6692 Actual detected object count: 0





aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 19:20:18
-----------------------------
19:20:18.633 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:18.633 Number of processors: 4 586 0x2A07
19:20:18.633 ComputerName: NCIX-PC UserName: Kyle
19:20:18.648 Initialze error 1
19:23:18.849 AVAST engine defs: 12081301
19:38:43.752 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:38:43.752 Disk 0 Vendor: OCZ-VERT 2.13 Size: 114473MB BusType: 3
19:38:43.752 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
19:38:43.752 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
19:38:43.752 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
19:38:43.768 Disk 2 Vendor: ST320082 3.AA Size: 190782MB BusType: 3
19:38:43.768 Disk 0 MBR read successfully
19:38:43.768 Disk 0 MBR scan
19:38:43.768 Disk 0 unknown MBR code
19:38:43.768 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
19:38:43.768 Disk 0 scanning C:\Windows\system32\drivers
19:38:43.768 Service scanning
19:38:44.314 Modules scanning
19:38:44.314 Disk 0 trace - called modules:
19:38:44.314 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:38:44.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80091b5060]
19:38:44.314 3 CLASSPNP.SYS[fffff88001d5343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006d4d050]
19:38:44.314 AVAST engine scan C:\Windows
19:38:44.329 AVAST engine scan C:\Windows\system32
19:38:44.329 AVAST engine scan C:\Windows\system32\drivers
19:38:44.329 AVAST engine scan C:\Users\Kyle
19:38:44.329 AVAST engine scan C:\ProgramData
19:38:44.329 Scan finished successfully
19:38:57.273 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
19:38:57.273 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 AM

Posted 14 August 2012 - 01:31 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Draidis

Draidis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 14 August 2012 - 04:37 AM

Hi Gringo,

No problems to report. my computer is working great.
Here is my Combofix report:

ComboFix 12-08-13.01 - Kyle 08/13/2012 20:15:17.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6523 [GMT -7:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
Command switches used :: c:\users\Kyle\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 03:17 . 2012-08-14 03:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-14 03:17 . 2012-08-14 03:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 19:52 . 2012-08-13 19:52 328704 ----a-w- c:\windows\system32\services.exe.68898C5F0A8D423D
2012-08-13 19:50 . 2012-08-13 19:50 328704 ----a-w- c:\windows\system32\services.exe.1DC66328D2FB0892
2012-08-13 19:48 . 2012-08-13 19:48 328704 ----a-w- c:\windows\system32\services.exe.D90D463201A45E58
2012-08-13 19:46 . 2012-08-13 19:46 328704 ----a-w- c:\windows\system32\services.exe.16B8D0592263C1BA
2012-08-13 19:44 . 2012-08-13 19:44 328704 ----a-w- c:\windows\system32\services.exe.64F979FE6AD00481
2012-08-13 19:42 . 2012-08-13 19:42 328704 ----a-w- c:\windows\system32\services.exe.FABEE3850AA7C0EA
2012-08-10 21:15 . 2012-08-10 21:15 328704 ----a-w- c:\windows\system32\services.exe.811B191984F1F90C
2012-08-10 21:13 . 2012-08-10 21:13 328704 ----a-w- c:\windows\system32\services.exe.A2DD5689C04F364D
2012-08-10 21:11 . 2012-08-10 21:11 328704 ----a-w- c:\windows\system32\services.exe.294555F6999E6107
2012-08-10 21:09 . 2012-08-10 21:09 328704 ----a-w- c:\windows\system32\services.exe.B5F51706BCE80B94
2012-08-10 21:07 . 2012-08-10 21:07 328704 ----a-w- c:\windows\system32\services.exe.DE3C5B724811B231
2012-08-10 21:05 . 2012-08-10 21:05 328704 ----a-w- c:\windows\system32\services.exe.BF5FC450EF597390
2012-08-10 21:03 . 2012-08-10 21:03 328704 ----a-w- c:\windows\system32\services.exe.CB9261C006E0BE8A
2012-08-10 20:49 . 2012-08-10 20:49 328704 ----a-w- c:\windows\system32\services.exe.206523156ACD8150
2012-08-10 20:45 . 2012-08-10 20:45 328704 ----a-w- c:\windows\system32\services.exe.59E773C59A7B8F56
2012-08-10 20:43 . 2012-08-10 20:43 328704 ----a-w- c:\windows\system32\services.exe.97E8D8AFEF8484BD
2012-08-10 20:41 . 2012-08-10 20:41 328704 ----a-w- c:\windows\system32\services.exe.66A8DEA8D28B07BF
2012-08-10 20:39 . 2012-08-10 20:39 328704 ----a-w- c:\windows\system32\services.exe.B6C833D13BF53844
2012-08-10 20:28 . 2012-08-10 20:28 328704 ----a-w- c:\windows\system32\services.exe.266B10E9DBE0B272
2012-08-01 00:55 . 2012-08-01 00:55 328704 ----a-w- c:\windows\system32\services.exe.232792F4ADC089A3
2012-08-01 00:53 . 2012-08-01 00:53 328704 ----a-w- c:\windows\system32\services.exe.50F9F7427D8A63CA
2012-08-01 00:51 . 2012-08-01 00:51 328704 ----a-w- c:\windows\system32\services.exe.967AD0CEA448F19C
2012-08-01 00:42 . 2012-08-01 00:42 328704 ----a-w- c:\windows\system32\services.exe.014B73A40D9AAEAC
2012-08-01 00:39 . 2012-08-01 00:39 328704 ----a-w- c:\windows\system32\services.exe.E9878F3300CA2CC8
2012-08-01 00:36 . 2012-08-01 00:36 328704 ----a-w- c:\windows\system32\services.exe.DE55A2964C79E7DC
2012-08-01 00:35 . 2012-08-10 21:56 -------- d-----w- C:\FRST
2012-08-01 00:33 . 2012-08-01 00:33 328704 ----a-w- c:\windows\system32\services.exe.8F0A5ABF5C539D23
2012-08-01 00:30 . 2012-08-01 00:30 328704 ----a-w- c:\windows\system32\services.exe.5867467091EB56A6
2012-08-01 00:27 . 2012-08-01 00:27 328704 ----a-w- c:\windows\system32\services.exe.BDCE32122F0CCC01
2012-08-01 00:24 . 2012-08-01 00:24 328704 ----a-w- c:\windows\system32\services.exe.D73C97FDAE215EF7
2012-08-01 00:21 . 2012-08-01 00:21 328704 ----a-w- c:\windows\system32\services.exe.52D1BC7A933125A6
2012-08-01 00:02 . 2012-08-01 00:02 328704 ----a-w- c:\windows\system32\services.exe.0537340A6D700558
2012-07-31 23:58 . 2012-07-31 23:58 328704 ----a-w- c:\windows\system32\services.exe.2CC4EC29AAA8FD0D
2012-07-31 23:53 . 2012-07-31 23:53 328704 ----a-w- c:\windows\system32\services.exe.F8BDE313A3D34AD7
2012-07-31 23:47 . 2012-07-31 23:47 328704 ----a-w- c:\windows\system32\services.exe.65201DD532AFD4FD
2012-07-31 23:44 . 2012-07-31 23:44 328704 ----a-w- c:\windows\system32\services.exe.7AFA0615CE8D8D21
2012-07-31 22:47 . 2012-07-31 22:47 328704 ----a-w- c:\windows\system32\services.exe.1C9257D22D14B9DC
2012-07-31 22:44 . 2012-07-31 22:44 328704 ----a-w- c:\windows\system32\services.exe.2D0EBD4AF0888FE9
2012-07-31 22:41 . 2012-07-31 22:41 328704 ----a-w- c:\windows\system32\services.exe.E1B0CB6B88F5C8D7
2012-07-31 22:38 . 2012-07-31 22:38 328704 ----a-w- c:\windows\system32\services.exe.6C5250339C458DC5
2012-07-31 22:35 . 2012-07-31 22:35 328704 ----a-w- c:\windows\system32\services.exe.2AD5165A4DFE5D20
2012-07-31 22:29 . 2012-07-31 22:29 328704 ----a-w- c:\windows\system32\services.exe.1E26FB322DDC341A
2012-07-31 22:25 . 2012-07-31 22:25 328704 ----a-w- c:\windows\system32\services.exe.ED3A8C2FF02201BF
2012-07-31 22:20 . 2012-07-31 22:20 328704 ----a-w- c:\windows\system32\services.exe.A76431D4348BFB3F
2012-07-31 05:34 . 2012-07-31 05:34 -------- d-----w- c:\program files (x86)\Calibre2
2012-07-31 03:42 . 2012-07-31 05:38 -------- d-----w- c:\users\Kyle\AppData\Roaming\calibre
2012-07-26 21:49 . 2012-07-26 21:54 -------- d-----w- c:\users\Kyle\AppData\Roaming\redsn0w
2012-07-23 04:02 . 2012-07-23 04:02 -------- d-----w- c:\program files\iPod
2012-07-23 04:02 . 2012-07-23 04:02 -------- d-----w- c:\program files\iTunes
2012-07-16 04:20 . 2012-07-16 04:20 -------- d-----w- c:\users\Kyle\AppData\Roaming\OpenOffice.org
2012-07-16 04:12 . 2012-07-16 04:12 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 22:28 . 2012-04-12 06:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-13 22:28 . 2011-09-02 19:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 02:48 . 2009-08-18 19:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-14 02:48 . 2009-08-18 18:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-14 02:40 . 2012-07-14 02:40 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-12 21:17 . 2011-08-31 01:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 21:18 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 12:02 . 2012-06-09 12:02 37270 ----a-w- c:\windows\SysWow64\OggDSUninst.exe
2012-06-09 05:43 . 2012-07-12 21:16 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 13:02 . 2012-06-09 11:52 1345024 ----a-w- c:\windows\system32\ac3filter64.acm
2012-06-07 12:57 . 2012-04-11 03:31 1099264 ----a-w- c:\windows\SysWow64\ac3filter.acm
2012-06-06 06:06 . 2012-07-12 21:16 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 21:16 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 21:16 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 21:16 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 21:16 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 21:16 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 04:33 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 04:33 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 04:33 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 04:33 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 04:33 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 04:33 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 04:33 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 04:33 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 04:33 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-12 21:16 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 21:16 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 21:16 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 21:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 21:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 21:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 21:16 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 21:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 21:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 21:16 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 21:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 21:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 21:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 21:16 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 21:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 21:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 21:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 21:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-12 21:16 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-12 21:16 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-12 21:16 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-12 21:16 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-12 21:16 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-12 21:16 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-12 21:16 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-12 21:16 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-12 21:16 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-13_21.03.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-31 00:51 . 2012-08-14 02:45 37938 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-14 02:45 35232 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-31 00:34 . 2012-08-13 22:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-31 00:34 . 2012-07-31 12:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-31 00:34 . 2012-08-13 22:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-31 00:34 . 2012-07-31 12:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-31 12:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-13 22:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-31 00:47 . 2012-08-14 02:45 7274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2129218757-3739024133-1350816024-1000_UserData.bin
+ 2012-08-14 02:43 . 2012-08-14 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-01 00:51 . 2012-08-13 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-01 00:51 . 2012-08-13 21:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-14 02:43 . 2012-08-14 02:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-13 22:28 . 2012-08-13 22:28 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe
+ 2012-08-13 21:28 . 2012-08-13 21:28 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
+ 2012-08-13 21:28 . 2012-08-13 21:28 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll
+ 2012-04-12 06:19 . 2012-08-13 22:28 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-12 06:19 . 2012-07-27 13:28 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-07-30 10:41 . 2012-08-13 20:56 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-30 10:41 . 2012-08-14 02:44 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-13 22:28 . 2012-08-13 22:28 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe
+ 2012-08-13 21:28 . 2012-08-13 21:28 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe
+ 2012-08-13 21:28 . 2012-08-13 21:28 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.dll
- 2009-07-14 05:01 . 2012-08-01 00:45 278712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-14 02:43 278712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-02 20:08 . 2012-08-13 20:59 968024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
+ 2011-09-02 20:08 . 2012-08-14 02:43 968024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
+ 2012-08-13 22:28 . 2012-08-13 22:28 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
+ 2012-08-13 22:28 . 2012-08-13 22:28 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
- 2009-07-14 04:54 . 2012-08-13 20:56 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-14 02:44 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-14 02:44 11681792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-13 20:56 11681792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-13 22:28 . 2012-08-13 22:28 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll
+ 2011-09-02 19:57 . 2012-08-14 02:43 47256244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2129218757-3739024133-1350816024-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-10 1353080]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
"GamingKeyboard"="d:\program files (x86)\Gaming Keyboard\Gaminghid.exe" [2010-04-21 245760]
"GamingKeyboardOSD"="d:\program files (x86)\Gaming Keyboard\OSD.exe" [2010-04-21 1797120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"PWRISOVM.EXE"="d:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
R1 ghemkfzp;ghemkfzp;c:\windows\system32\drivers\ghemkfzp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 250056]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-31 1255736]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-09-02 16384]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]
S3 GamingKB;Gaming Keyboard;c:\windows\system32\drivers\GamingKB.sys [2010-04-22 24576]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys [2011-03-24 19968]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-07-15 157184]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\1jdp2uu6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2129218757-3739024133-1350816024-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,ab,52,a6,f6,6b,08,23,8c,3f,0a,ca,c0,e3,2e,0e,42,f1,fb,10,54,
4f,1d,ae,36,bb,e0,d4,78,1d,fb,43,d9,bb,55,75,49,f0,eb,1a,d5,10,01,55,1b,b3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\0e\16\00\0c?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-13 20:18:19
ComboFix-quarantined-files.txt 2012-08-14 03:18
ComboFix2.txt 2012-08-13 21:22
ComboFix3.txt 2012-08-13 21:12
ComboFix4.txt 2012-08-13 21:04
.
Pre-Run: 13,762,973,696 bytes free
Post-Run: 13,828,354,048 bytes free
.
- - End Of File - - 1FA16FE1B9D3EAE5D2CB9C21F8FC1154

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 AM

Posted 14 August 2012 - 12:56 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Draidis

Draidis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 14 August 2012 - 01:36 PM

3DMark 11
AC3Filter 2.4a
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
Apple Application Support
Apple Software Update
ASUS Smart Doctor
calibre
Diablo III
Direct Show Ogg Vorbis Filter (remove only)
DivX Setup
ffdshow v1.2.4422 [2012-04-09]
Futuremark SystemInfo
Gaming Keyboard
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Hero Lab 3.9a
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Kingdoms of Amalur: Reckoning
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Firefox 6.0.1 (x86 en-US)
NVIDIA PhysX
OpenOffice.org 3.4
Origin
PDFCanvas V1.5
PowerISO
QuickTime
Razer Nostromo
Razer Nostromo Firmware Updater
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Star Wars - Battlefront II
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Utility
VC80CRTRedist - 8.0.50727.6195
Vuze
WinRAR 4.01 (32-bit)
WinZip 15.0

#13 Draidis

Draidis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 14 August 2012 - 06:58 PM

Here is an updated version. I am having issues with Adobe Flash crashing so I tried reinstalling it and a few other things but they didn't work and it still frequently crashes in my browser.

3DMark 11
AC3Filter 2.4a
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
Apple Application Support
Apple Software Update
ASUS Smart Doctor
calibre
Diablo III
Direct Show Ogg Vorbis Filter (remove only)
DivX Setup
ffdshow v1.2.4422 [2012-04-09]
Futuremark SystemInfo
Gaming Keyboard
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Hero Lab 3.9a
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Kingdoms of Amalur: Reckoning
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Firefox 6.0.1 (x86 en-US)
NVIDIA PhysX
OpenOffice.org 3.4
Origin
PDFCanvas V1.5
PowerISO
QuickTime
Razer Nostromo
Razer Nostromo Firmware Updater
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Star Wars - Battlefront II
Steam
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Utility
VC80CRTRedist - 8.0.50727.6195
Vuze
WinRAR 4.01 (32-bit)
WinZip 15.0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:43 AM

Posted 14 August 2012 - 08:28 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

XXXX [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Draidis

Draidis
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 14 August 2012 - 10:12 PM

Hi Gringo,

Thanks for the warning about p2p programs, I am well aware of the potential threats of the program and am very careful in what I use it for (I never use if for downloading even slightly untrustworthy or illegal files) but the benefits of the program far out weigh the risk.

Under the "Uninstall some programs" heading you put in XXXX to uninstall. Does that mean there was nothing I needed to remove? Also I updated Adobe Reader and installed Java right before you posted the most recent steps to follow. Should I do it again?

Here is the Malwarebytes' Anti-Malware scan log. No malware was detected.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: NCIX-PC [administrator]

Protection: Enabled

8/14/2012 8:04:52 PM
mbam-log-2012-08-14 (20-04-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217087
Time elapsed: 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here is the HiJackThis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:53 PM, on 8/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
D:\Program Files (x86)\Gaming Keyboard\Gaminghid.exe
D:\Program Files (x86)\Gaming Keyboard\OSD.exe
D:\Program Files (x86)\PowerISO\PWRISOVM.EXE
D:\Program Files (x86)\Gaming Keyboard\Gamingtra.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Vuze\Azureus.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Kyle\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
O4 - HKLM\..\Run: [GamingKeyboard] D:\Program Files (x86)\Gaming Keyboard\Gaminghid.exe
O4 - HKLM\..\Run: [GamingKeyboardOSD] D:\Program Files (x86)\Gaming Keyboard\OSD.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-21-2129218757-3739024133-1350816024-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2129218757-3739024133-1350816024-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10789 bytes


Adobe Flash still crashes in my browser a lot but aside from that everything seems to be working great.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users