Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 johnny6220

johnny6220

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 30 August 2012 - 05:06 PM

Hello All

I also have been infected with a redirect virus (scour.com 63.209.69.107) but it only affects IE9 32bit and not IE9 64bit so I'm thinking that it is caused by one of the add ons in IE9 32bit. I have been doing alot of scans with malware bites, combofix, avira and microsoft security essentials. I have found a couple viruses / trojans and deleted them, but I still am being redirected using google on the 32bit IE9. I have seen that this web site is very informative with knowledgeable staff, so I decided to see if you could help.

Thanks, John

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 30 August 2012 - 09:51 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 johnny6220

johnny6220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 01 September 2012 - 03:14 PM

Hi Gringo. Thanks for the quick reply. So here are the logs that you requested

Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````






.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 16:09:54 on 2012-09-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5610 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWoW64\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\SysWoW64\svchost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\HP Photo Creations\MessageCheck.exe
C:\Windows\system32\notepad.exe
C:\Users\Owner\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Users\Owner\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = 192.168.*.*;<local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: 164.109.25.72
Trusted Zone: 207.130.86.35
Trusted Zone: acura.com
Trusted Zone: acuraclientpurchaseexperience.com
Trusted Zone: acurainfo.programhq.com
Trusted Zone: acuraspinplay.programhq.com
Trusted Zone: ahm-ownerlink.com
Trusted Zone: ahmdealer.com
Trusted Zone: floridakeyswebcams.tv\www
Trusted Zone: honda.com
Trusted Zone: honda.com\www.in
Trusted Zone: honda.vo.llnwd.net
Trusted Zone: hondaadcmd.com
Trusted Zone: hondacars.com
Trusted Zone: hondainfo.programhq.com
Trusted Zone: hondamap.com
Trusted Zone: hondaprofessional.com
Trusted Zone: hondaspinplay.programhq.com
Trusted Zone: hondasso.com
Trusted Zone: jdpa.com
Trusted Zone: jdpower.com
Trusted Zone: mylcchonda.com
Trusted Zone: pcsc.acurasrs.com
Trusted Zone: prospectingacurasrs.com
Trusted Zone: travelhq.com
Trusted Zone: xmradio.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3F4CEBD8-B6DC-4D39-B76C-0DB7A73CEC84} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB-X64: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UBNet\UBNet.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/10/22 00:26:42];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-1 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-8-19 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-8-19 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-2 2228008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250568]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 U6000ALL;HDTV110 TV Box(ALL);C:\Windows\system32\DRIVERS\dmdcap.sys --> C:\Windows\system32\DRIVERS\dmdcap.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-01 10:32:04 -------- d-----w- C:\Users\Owner\AppData\Local\{F26E27AF-A656-4945-9259-EA15ED3C85C1}
2012-09-01 05:26:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8012B95-E405-4696-8DFE-F8C4700461F6}\offreg.dll
2012-09-01 05:25:15 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8012B95-E405-4696-8DFE-F8C4700461F6}\mpengine.dll
2012-08-31 20:28:48 -------- d-----w- C:\Users\Owner\AppData\Local\{6BD07F1B-5945-4430-9253-9C26CDF37C21}
2012-08-31 10:37:14 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-31 01:16:14 -------- d-----w- C:\Users\Owner\AppData\Local\{76C07274-E437-4F2F-A53F-C952A1D530ED}
2012-08-30 20:54:11 4278384 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-30 20:53:48 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-30 10:27:59 -------- d-----w- C:\Users\Owner\AppData\Local\{323A185D-8331-4EBA-A75B-8F51C30933AE}
2012-08-30 05:40:47 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-08-29 12:41:55 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe
2012-08-29 11:30:33 -------- d-----w- C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2012-08-29 11:30:33 -------- d-----w- C:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
2012-08-29 11:30:33 -------- d-----w- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2012-08-29 11:30:33 -------- d-----w- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2012-08-29 11:29:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\Spybot - Search & Destroy
2012-08-29 10:24:24 -------- d-----w- C:\Users\Owner\AppData\Local\{9E74E604-0882-4959-8CDA-79BD64B44ABC}
2012-08-29 03:46:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\ParetoLogic
2012-08-29 03:46:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\DriverCure
2012-08-29 03:46:06 -------- d-----w- C:\ProgramData\ParetoLogic
2012-08-29 03:08:11 332288 ----a-w- C:\Windows\System32\uxtheme.new
2012-08-29 03:07:49 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-08-29 02:59:33 -------- d-----w- C:\ProgramData\RegRun
2012-08-29 02:59:03 2 --shatr- C:\Windows\winstart.bat
2012-08-29 02:58:49 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-08-28 23:11:22 -------- d-----w- C:\Program Files\HitmanPro
2012-08-28 23:11:19 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-28 20:24:00 -------- d-----w- C:\$RECYCLE.BIN
2012-08-28 10:34:39 -------- d-----w- C:\Users\Owner\AppData\Local\{932ED84E-86B6-4F5B-9B4A-E3FF552F517A}
2012-08-27 21:32:11 208216 ----a-w- C:\Windows\System32\drivers\26083606.sys
2012-08-27 21:31:47 208216 ----a-w- C:\Windows\System32\drivers\99462440.sys
2012-08-27 19:53:08 208216 ----a-w- C:\Windows\System32\drivers\92245923.sys
2012-08-27 11:35:29 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-08-27 11:35:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-27 11:35:20 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-27 10:36:27 -------- d-----w- C:\Users\Owner\AppData\Local\{A83DB10A-200C-48E4-83F5-7540AA228C53}
2012-08-27 02:38:43 -------- d--h--w- C:\ProgramData\Common Files
2012-08-27 02:38:43 -------- d-----w- C:\ProgramData\MFAData
2012-08-27 02:28:41 1152 ----a-w- C:\Windows\SysWow64\windrv.sys
2012-08-27 00:51:13 208216 ----a-w- C:\Windows\System32\drivers\70233688.sys
2012-08-27 00:48:27 208216 ----a-w- C:\Windows\System32\drivers\71763626.sys
2012-08-27 00:32:58 208216 ----a-w- C:\Windows\System32\drivers\71561722.sys
2012-08-26 23:30:36 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-26 23:30:35 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-26 23:30:24 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-26 14:05:01 -------- d-----w- C:\Users\Owner\AppData\Local\{A7D0906F-4B27-44EB-ABB7-45FB96C34782}
2012-08-26 01:00:51 208216 ----a-w- C:\Windows\System32\drivers\86614342.sys
2012-08-25 23:02:58 -------- d-----w- C:\Users\Owner\AppData\Local\{E72E4F72-8DEF-4C28-AFBA-B1B2B7502D9C}
2012-08-25 17:42:41 -------- d-----w- C:\Windows\_ISTMP1.DIR
2012-08-25 03:07:15 -------- d-----w- C:\Users\Owner\AppData\Local\{D996A735-AB6B-480D-AE13-81BBBA86852B}
2012-08-24 12:19:22 -------- d-----w- C:\Users\Owner\AppData\Local\{99D88003-E98F-4A82-8B12-B9D9A0311CCA}
2012-08-23 22:51:15 -------- d-----w- C:\Users\Owner\AppData\Local\{397A72BC-4EEC-4170-A0E7-5820B35F47B4}
2012-08-23 10:31:05 -------- d-----w- C:\Users\Owner\AppData\Local\{B8E24E6E-0F3E-4A33-B45E-766A1E786447}
2012-08-23 01:04:48 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-22 20:18:56 -------- d-----w- C:\Users\Owner\AppData\Local\{4714C4F4-BEB4-424B-A7C2-164E05AFB0E1}
2012-08-22 10:25:39 -------- d-----w- C:\Users\Owner\AppData\Local\{4625EFD5-EFC3-4F1E-8848-64BEFFC02478}
2012-08-21 23:01:24 208216 ----a-w- C:\Windows\System32\drivers\14580364.sys
2012-08-21 20:57:43 -------- d-----w- C:\Users\Owner\AppData\Local\{53A9F3A3-68A5-46E3-BA69-69171C54BAC8}
2012-08-21 02:16:58 -------- d-----w- C:\Users\Owner\AppData\Local\{DDA2780B-945E-4EF0-921B-6813D6D7D473}
2012-08-20 21:14:12 208216 ----a-w- C:\Windows\System32\drivers\33644201.sys
2012-08-20 21:10:39 208216 ----a-w- C:\Windows\System32\drivers\49150897.sys
2012-08-20 10:33:47 -------- d-----w- C:\Users\Owner\AppData\Local\{93269956-90DF-4F91-85B6-DB3D576409BB}
2012-08-20 01:40:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\Avira
2012-08-20 01:34:36 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-08-20 01:34:36 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-08-20 01:34:35 -------- d-----w- C:\ProgramData\Avira
2012-08-20 01:34:35 -------- d-----w- C:\Program Files (x86)\Avira
2012-08-19 14:42:44 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-19 14:42:34 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-19 13:59:54 -------- d-----w- C:\Program Files (x86)\HJTHotkey
2012-08-19 03:31:37 -------- d-----w- C:\Users\Owner\AppData\Local\{519CDB84-7E4D-4994-AD5B-E3255C8AD722}
2012-08-18 21:19:25 208216 ----a-w- C:\Windows\System32\drivers\37074312.sys
2012-08-18 21:05:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-18 21:05:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-18 11:21:26 -------- d-----w- C:\Users\Owner\AppData\Local\{6FA0B00C-8CDE-4D1C-999D-539A1F700991}
2012-08-17 17:43:43 -------- d-----w- C:\Users\Owner\AppData\Local\{50DEFBDB-8410-418C-98F8-F414CB958CE1}
2012-08-17 17:43:19 -------- d-----w- C:\Users\Owner\AppData\Local\{A10A6567-0653-4C8E-93F1-3FBC403490B3}
2012-08-17 15:37:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-08-17 15:37:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-17 15:33:52 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-08-17 14:29:21 98816 ----a-w- C:\Windows\sed.exe
2012-08-17 14:29:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-17 14:29:21 256000 ----a-w- C:\Windows\PEV.exe
2012-08-17 14:29:21 208896 ----a-w- C:\Windows\MBR.exe
2012-08-17 12:28:23 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-08-17 12:25:54 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-08-17 12:25:51 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-08-17 12:25:33 -------- d-----w- C:\ProgramData\PC Tools
2012-08-17 12:25:32 -------- d-----w- C:\Users\Owner\AppData\Roaming\TestApp
2012-08-17 03:45:24 -------- d-----w- C:\Users\Owner\AppData\Local\{2C2C1D5C-1847-471D-A3F7-3D326CF9A673}
2012-08-17 03:45:00 -------- d-----w- C:\Users\Owner\AppData\Local\{90974C15-64D1-4900-A2F3-6CDEDD64021D}
2012-08-17 03:24:06 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2012-08-16 19:40:19 -------- d-----w- C:\ProgramData\PLAV
2012-08-16 19:37:52 -------- d-----w- C:\ProgramData\ParetoLogic Anti-Virus PLUS
2012-08-16 18:55:37 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-16 18:03:18 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics
2012-08-16 16:56:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{028C3B8B-41AC-413E-BFEB-6DFA62BD2704}\gapaengine.dll
2012-08-16 16:56:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-16 16:56:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-16 12:59:39 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-16 12:59:39 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-16 12:59:24 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-16 12:59:12 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-16 12:59:12 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-16 12:59:12 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-16 12:59:12 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-16 12:58:49 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 12:58:49 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 12:58:31 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 12:58:29 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-16 11:44:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-16 10:52:50 -------- d-----w- C:\Users\Owner\AppData\Local\{57CD1EC9-AEC5-4AA6-9989-F625CDDA7C1A}
2012-08-16 10:52:26 -------- d-----w- C:\Users\Owner\AppData\Local\{C31AEFFA-7E19-4AFA-9E1E-B4A9E0CCE198}
2012-08-15 10:41:17 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 10:41:13 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 10:29:09 -------- d-----w- C:\Users\Owner\AppData\Local\{75EEE89E-80EA-47F5-834D-A613CAD948EB}
2012-08-15 10:28:46 -------- d-----w- C:\Users\Owner\AppData\Local\{A6E94943-D4ED-4B17-9CDD-EB88B5D369F6}
2012-08-14 19:35:12 -------- d-----w- C:\Users\Owner\AppData\Local\{81E351BD-61BF-4FD7-B99F-0117BA532CF1}
2012-08-14 19:34:49 -------- d-----w- C:\Users\Owner\AppData\Local\{DBA1320C-4EE2-45D5-8F66-D2D7BC250EAA}
2012-08-14 01:46:23 -------- d-----w- C:\Users\Owner\AppData\Local\{111F8A3D-C66E-4427-9EAC-9B68C84074C4}
2012-08-14 01:45:59 -------- d-----w- C:\Users\Owner\AppData\Local\{75309CDE-C301-4368-B048-AC7A9B82524C}
2012-08-13 10:35:32 -------- d-----w- C:\Users\Owner\AppData\Local\{57B1E58A-0FFC-4B97-9EBB-2D1B47D5ED1F}
2012-08-13 10:35:19 -------- d-----w- C:\Users\Owner\AppData\Local\{5FC345F4-784A-42B9-940B-34673FCDEA6A}
2012-08-12 12:37:21 -------- d-----w- C:\Users\Owner\AppData\Local\{4D6CF9FE-823D-4C66-B0BA-2B2E4EED0941}
2012-08-12 12:36:57 -------- d-----w- C:\Users\Owner\AppData\Local\{E9F671F8-0EE7-4708-B6B3-1BB0C1046DB8}
2012-08-11 11:58:26 -------- d-----w- C:\Users\Owner\AppData\Local\{6FB5779A-EFA5-4F15-B870-AB24848E9B15}
2012-08-11 11:58:02 -------- d-----w- C:\Users\Owner\AppData\Local\{B00AFFB8-C5BD-44BC-8DF9-13A910BFC990}
2012-08-11 10:42:05 -------- d-----w- C:\Users\Owner\AppData\Local\{68DF11D7-60B9-4A31-B41D-20D48C872A0D}
2012-08-10 17:00:04 -------- d-----w- C:\Users\Owner\AppData\Local\{E4479816-41B9-437A-BA8F-0A6E4E99E52C}
2012-08-10 16:59:40 -------- d-----w- C:\Users\Owner\AppData\Local\{D6BC8319-727A-4FB5-87AE-AB7441D111E9}
2012-08-10 01:05:14 -------- d-----w- C:\Users\Owner\AppData\Local\{9FD08015-522A-4C1C-ADFA-55C7435B69B2}
2012-08-10 01:04:51 -------- d-----w- C:\Users\Owner\AppData\Local\{A9B99C19-8237-41FE-B309-AB2DC5FE0D4E}
2012-08-09 12:57:47 -------- d-----w- C:\Users\Owner\AppData\Local\{3D7C92D1-F6E7-4290-AD46-D35A646F19C4}
2012-08-09 12:57:23 -------- d-----w- C:\Users\Owner\AppData\Local\{DA343EB5-9769-422D-9DBD-877705A84772}
2012-08-09 00:35:38 -------- d-----w- C:\Users\Owner\AppData\Local\{570D9C0A-621C-4C70-A56E-1DFB35B0D510}
2012-08-09 00:35:15 -------- d-----w- C:\Users\Owner\AppData\Local\{FA8F6E1A-7141-4A22-8DD1-D9E91C148089}
2012-08-08 23:03:44 -------- d-----w- C:\Users\Owner\AppData\Local\{CE4D496D-C405-485D-B6C3-9D7254FBAC9E}
2012-08-08 10:31:04 -------- d-----w- C:\Users\Owner\AppData\Local\{0417932C-1C28-4413-89C9-0D031EAF44A9}
2012-08-08 10:30:41 -------- d-----w- C:\Users\Owner\AppData\Local\{5D6EB68F-9A1F-4928-8B13-337CC4093180}
2012-08-07 18:31:13 -------- d-----w- C:\Users\Owner\AppData\Local\{30BFF545-A4AE-47B7-A20E-2C2869DF54FA}
2012-08-07 18:30:49 -------- d-----w- C:\Users\Owner\AppData\Local\{21763D06-6862-4595-8A13-03A88C7B2BEF}
2012-08-07 00:57:45 -------- d-----w- C:\Users\Owner\AppData\Local\{FC643AE4-F145-4D5A-A2EB-AC9AEB147D3C}
2012-08-07 00:57:21 -------- d-----w- C:\Users\Owner\AppData\Local\{87C93F66-89A8-43CD-B902-60D25B6232C0}
2012-08-06 12:23:48 -------- d-----w- C:\Users\Owner\AppData\Local\{579CA4C9-3E16-4A73-B7A6-4DB71271FDAF}
2012-08-06 12:23:24 -------- d-----w- C:\Users\Owner\AppData\Local\{0AD504E4-26C0-4824-986B-3A38A3A5A934}
2012-08-06 10:30:06 -------- d-----w- C:\Users\Owner\AppData\Local\{3D0A33C6-BFE1-4628-92F8-0282577B0CBB}
2012-08-06 10:29:53 -------- d-----w- C:\Users\Owner\AppData\Local\{432EBF28-6E63-4E72-900F-0AB9DF1A0508}
2012-08-05 12:15:28 -------- d-----w- C:\Users\Owner\AppData\Local\{BEDB6C47-5E21-4ECE-8963-97D1B640D2EE}
2012-08-05 12:15:04 -------- d-----w- C:\Users\Owner\AppData\Local\{29C30D1C-95BA-46E8-99F9-FD8403CAE840}
2012-08-04 23:18:50 -------- d-----w- C:\Users\Owner\AppData\Local\{60F41C9F-AC06-4D5D-9CC2-4416980EA6B6}
2012-08-04 23:18:37 -------- d-----w- C:\Users\Owner\AppData\Local\{2BE7C115-F170-4317-BEB0-325CD14D29B2}
2012-08-04 10:16:38 -------- d-----w- C:\Users\Owner\AppData\Local\{815C362F-5F4C-40E4-8EDB-6A6BAD788A0F}
2012-08-04 10:16:15 -------- d-----w- C:\Users\Owner\AppData\Local\{292EADC2-C261-4DD6-9635-2B6D84C86E6A}
2012-08-03 17:50:11 -------- d-----w- C:\Users\Owner\AppData\Local\{6E035C04-AE41-4A40-B813-378201C64F2B}
2012-08-03 17:49:48 -------- d-----w- C:\Users\Owner\AppData\Local\{DA6A848C-E6EF-4307-9907-8E271777E6C8}
2012-08-03 01:16:55 -------- d-----w- C:\Users\Owner\AppData\Local\{6E2F1820-41E4-42C9-A953-630473F20ECE}
2012-08-03 01:16:32 -------- d-----w- C:\Users\Owner\AppData\Local\{240CF02B-16E9-425C-A20D-572EEE87F7C7}
.
==================== Find3M ====================
.
2012-08-27 21:14:29 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 21:14:29 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-25 18:55:54 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-25 18:55:54 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-23 01:04:30 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-17 02:51:59 6580 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-07-29 19:07:30 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-06-07 00:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-05 07:37:22 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
.
============= FINISH: 16:10:24.62 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 12:49:05 PM
System Uptime: 8/31/2012 4:30:07 PM (24 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET3
Processor: AMD Phenom™ II X4 910 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 530.042 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.887 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP533: 8/27/2012 6:27:41 AM - Removed AVG 2012
RP534: 8/27/2012 6:32:37 AM - Removed AVG 2012
RP535: 8/27/2012 4:03:44 PM - Windows Update
RP536: 8/28/2012 11:01:41 PM - RegRun Virus Scan
RP537: 8/28/2012 11:06:56 PM - RegRun Virus Scan
RP538: 8/28/2012 11:11:42 PM - RegRun Virus Scan
RP539: 8/28/2012 11:13:37 PM - RegRun Virus Scan
RP540: 8/29/2012 6:35:52 AM - RegRun Virus Scan
RP541: 8/29/2012 7:33:29 AM - Spybot-S&D Spyware removal
RP542: 8/31/2012 1:03:10 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-aware 6 Personal
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Quick Photo Book
ArcSoft Print Creations - Slimline Card
Avira Free Antivirus
Bing Bar
Bing Rewards Client Installer
BufferChm
C5200
C5200_Help
Calendar Creator 12
CCleaner
Clone2Go Audio Converter Free Version 1.9.7
Clone2Go Video Converter Free Version 1.9.7
Compatibility Pack for the 2007 Office system
Copy
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 9
CyberLink PowerDVD Copy
CyberLink PowerProducer
D3DX10
Data Lifeguard Diagnostic for Windows 1.22
Destinations
DeviceDiscovery
DocProc
Document Express DjVu Plug-in (autoinstall)
DVDFab 6.0.3.6 (23/07/2009)
Family Tree Maker 2011
Family Tree Maker 7.0
Fax
Free Window Registry Repair
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
HP Photo Creations
HP Product Detection
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
ImageSkill Background Remover 3
Junk Mail filter update
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft Access database engine 2010 (English)
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2011
Microsoft Streets and Trips 2001
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Moto Helper Service
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
Mototools Software Update
MSVC80_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.3
PC Connectivity Solution
Photo Viewer S2.5
PHOTORECOVERY LE
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
Punch! Super Home Suite
Quicken 2009
Quicken WillMaker Plus 2009
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SmartSound Common Data
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
Status
TeamViewer 6
Toolbox
TrayApp
UBNet
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Wireless Software Upgrade Assistant - Samsung
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
Visual Studio 2008 x64 Redistributables
WavePad Sound Editor
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
9/1/2012 3:13:38 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
8/31/2012 4:31:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
8/31/2012 4:30:14 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/28/2012 7:54:22 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/28/2012 7:52:47 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
8/28/2012 7:52:40 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/26/2012 3:40:41 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.
8/26/2012 3:40:39 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.
8/25/2012 4:38:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2012 4:29:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/25/2012 4:23:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2012 4:23:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/25/2012 4:23:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/25/2012 4:22:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/25/2012 4:22:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/25/2012 4:22:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr discache kl1 KLIF MpFilter spldr StarOpen Wanarpv6
8/25/2012 4:06:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Owner-PC\Owner SID (S-1-5-21-3966490604-3525249063-2581321070-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================



I hope I did this properly. Also no issues with the programs. Everything went smooth. Thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 01 September 2012 - 03:30 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Avira Desktop}
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 johnny6220

johnny6220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 01 September 2012 - 04:25 PM

Hello again

I removed "Avira" seeing that I just downloaded it last week attempting to find any malware that Microsoft may not have found. Ran combofix with no problems. Seems to have the same infection that it detected two weeks ago. IE9 32bit still has the google redirect while IE9 64bit does not. Here are the combofix logs



ComboFix 12-08-31.08 - Owner 09/01/2012 16:58:13.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6119 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\windrv.sys
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 21:04 . 2012-09-01 21:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-01 21:04 . 2012-09-01 21:04 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-09-01 21:04 . 2012-09-01 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 20:15 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D08E3CC4-C160-44A0-8191-F8654D5FB88B}\mpengine.dll
2012-08-31 10:37 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 20:54 . 2012-08-30 20:54 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-30 20:53 . 2012-08-30 20:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-30 05:40 . 2012-08-30 05:40 -------- d-----w- c:\windows\Microsoft Antimalware
2012-08-29 12:41 . 2012-08-29 12:42 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2012-08-29 11:30 . 2012-08-29 11:30 -------- d-----w- c:\program files (x86)\SDHelper (Spybot - Search & Destroy)
2012-08-29 11:30 . 2012-08-29 11:30 -------- d-----w- c:\program files (x86)\TeaTimer (Spybot - Search & Destroy)
2012-08-29 11:30 . 2012-08-29 11:30 -------- d-----w- c:\program files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2012-08-29 11:30 . 2012-08-29 11:30 -------- d-----w- c:\program files (x86)\File Scanner Library (Spybot - Search & Destroy)
2012-08-29 11:29 . 2012-08-29 11:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Spybot - Search & Destroy
2012-08-29 03:46 . 2012-08-29 03:46 -------- d-----w- c:\users\Owner\AppData\Roaming\ParetoLogic
2012-08-29 03:46 . 2012-08-29 03:46 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2012-08-29 03:46 . 2012-08-29 03:51 -------- d-----w- c:\programdata\ParetoLogic
2012-08-29 03:08 . 2012-08-29 03:08 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-08-29 03:07 . 2012-08-29 03:07 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-08-29 02:59 . 2012-08-29 10:35 -------- d-----w- c:\programdata\RegRun
2012-08-29 02:59 . 2012-08-29 02:59 2 --shatr- c:\windows\winstart.bat
2012-08-29 02:58 . 2012-08-29 10:38 -------- d-----w- c:\program files (x86)\UnHackMe
2012-08-28 23:11 . 2012-08-28 23:11 -------- d-----w- c:\program files\HitmanPro
2012-08-28 23:11 . 2012-08-28 23:11 -------- d-----w- c:\programdata\HitmanPro
2012-08-27 21:32 . 2012-08-27 21:32 208216 ----a-w- c:\windows\system32\drivers\26083606.sys
2012-08-27 21:31 . 2012-08-27 21:31 208216 ----a-w- c:\windows\system32\drivers\99462440.sys
2012-08-27 19:53 . 2012-08-27 19:53 208216 ----a-w- c:\windows\system32\drivers\92245923.sys
2012-08-27 11:35 . 2012-08-27 11:35 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-08-27 11:35 . 2012-08-27 11:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-27 11:35 . 2012-08-27 11:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-27 02:38 . 2012-08-27 10:33 -------- d-----w- c:\programdata\MFAData
2012-08-27 02:38 . 2012-08-27 02:38 -------- d--h--w- c:\programdata\Common Files
2012-08-27 00:51 . 2012-08-27 00:51 208216 ----a-w- c:\windows\system32\drivers\70233688.sys
2012-08-27 00:48 . 2012-08-27 00:48 208216 ----a-w- c:\windows\system32\drivers\71763626.sys
2012-08-27 00:32 . 2012-08-27 00:32 208216 ----a-w- c:\windows\system32\drivers\71561722.sys
2012-08-26 23:30 . 2012-08-26 23:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-26 23:30 . 2012-08-26 23:30 289768 ----a-w- c:\windows\system32\javaws.exe
2012-08-26 23:30 . 2012-08-26 23:30 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-26 23:30 . 2012-08-26 23:30 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-26 23:30 . 2012-08-26 23:30 189416 ----a-w- c:\windows\system32\javaw.exe
2012-08-26 23:30 . 2012-08-26 23:30 188904 ----a-w- c:\windows\system32\java.exe
2012-08-26 23:30 . 2012-08-26 23:30 -------- d-----w- c:\program files\Java
2012-08-26 01:00 . 2012-08-26 01:00 208216 ----a-w- c:\windows\system32\drivers\86614342.sys
2012-08-25 17:42 . 2012-08-25 17:43 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-08-23 01:04 . 2012-08-23 01:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-21 23:01 . 2012-08-21 23:01 208216 ----a-w- c:\windows\system32\drivers\14580364.sys
2012-08-20 21:14 . 2012-08-20 21:14 208216 ----a-w- c:\windows\system32\drivers\33644201.sys
2012-08-20 21:10 . 2012-08-20 21:10 208216 ----a-w- c:\windows\system32\drivers\49150897.sys
2012-08-19 14:42 . 2012-08-19 14:42 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-19 14:42 . 2012-08-19 14:42 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-19 13:59 . 2012-08-19 14:23 -------- d-----w- c:\program files (x86)\HJTHotkey
2012-08-19 12:54 . 2012-08-19 12:54 -------- d-----w- c:\users\Guest\AppData\Roaming\Motorola
2012-08-18 21:19 . 2012-08-18 21:19 208216 ----a-w- c:\windows\system32\drivers\37074312.sys
2012-08-18 21:05 . 2012-08-18 21:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-18 21:05 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 15:37 . 2012-08-17 15:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-08-17 15:37 . 2012-08-17 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 15:33 . 2012-08-17 15:35 -------- d-----w- c:\programdata\Yahoo!
2012-08-17 15:33 . 2012-08-18 20:22 -------- d-----w- c:\program files (x86)\Yahoo!
2012-08-17 12:28 . 2012-08-17 12:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-08-17 12:25 . 2012-06-22 19:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-17 12:25 . 2012-08-17 12:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-08-17 12:25 . 2012-08-17 12:39 -------- d-----w- c:\programdata\PC Tools
2012-08-17 12:25 . 2012-08-17 12:25 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-08-17 03:24 . 2012-08-17 11:38 -------- d-----w- c:\users\Owner\AppData\Local\Google
2012-08-16 19:40 . 2012-08-16 21:39 -------- d-----w- c:\programdata\PLAV
2012-08-16 19:37 . 2012-08-16 19:37 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-08-16 18:55 . 2012-08-16 18:55 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-16 18:03 . 2012-08-16 18:03 -------- d-----w- c:\users\Owner\AppData\Local\Diagnostics
2012-08-16 16:56 . 2012-08-16 16:56 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{028C3B8B-41AC-413E-BFEB-6DFA62BD2704}\gapaengine.dll
2012-08-16 16:56 . 2012-08-16 16:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-16 16:56 . 2012-08-16 16:56 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-16 12:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-16 12:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-16 12:59 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-16 12:59 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 12:59 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 12:59 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-16 12:59 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-16 12:58 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-16 12:58 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 12:58 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-16 12:58 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 12:58 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-16 11:44 . 2012-08-21 23:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 10:41 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 10:41 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 21:14 . 2012-04-12 10:36 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 21:14 . 2011-06-02 20:10 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 18:55 . 2011-06-06 02:02 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-25 18:55 . 2011-06-06 02:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-23 01:04 . 2010-11-15 17:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-17 02:51 . 2010-10-23 00:04 6580 --sha-w- c:\programdata\KGyGaAvL.sys
2012-08-16 13:04 . 2010-10-20 17:03 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-29 20:17 . 2012-07-29 20:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-09 05:43 . 2012-07-11 10:38 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 10:38 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:38 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:38 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:38 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:38 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:38 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-05 07:37 . 2010-11-27 12:58 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 57300E71DFBB58D8ED0D7B9813E55795 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-08-28_20.24.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-16 12:57 . 2012-09-01 20:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
- 2012-08-16 12:57 . 2012-08-28 20:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-08-17 05:08 . 2012-08-31 15:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-08-17 05:08 . 2012-08-17 11:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-30 23:04 . 2012-08-30 23:04 33792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FED929BC-F2F6-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 10:15 . 2012-09-01 10:15 26624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2F1218D-F41D-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 05:07 . 2012-09-01 05:11 41984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E96C32FC-F3F2-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-30 11:07 . 2012-08-30 11:07 59904 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E8DEBCE1-F292-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 10:15 . 2012-09-01 10:15 77824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E3E86C08-F41D-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 00:06 . 2012-09-01 00:06 86016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E262A18C-F3C8-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-30 10:31 . 2012-08-30 10:31 35328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7E652E1-F28D-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 11:35 . 2012-08-30 11:36 38400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D516117C-F296-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 00:01 . 2012-08-30 00:01 35840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA41DCC4-F235-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-30 10:31 . 2012-08-30 10:31 65024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C9F5ACAA-F28D-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 11:06 . 2012-08-30 11:07 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C71D1340-F292-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 15:25 . 2012-08-29 15:25 23552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF3EAF08-F1ED-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-30 19:05 . 2012-08-30 19:06 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B933B6F0-F2D5-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 04:31 . 2012-08-31 04:38 22528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5DA4B65-F324-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 04:40 . 2012-08-29 04:47 28672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B528D09C-F193-11E1-A95E-00261806CE9F}.dat
+ 2012-08-31 04:31 . 2012-08-31 04:37 38400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B48D0AE4-F324-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 14:24 . 2012-09-01 14:24 50688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2CB3088-F440-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 02:00 . 2012-08-31 02:01 92672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A192961C-F30F-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 02:00 . 2012-08-31 02:01 29696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9ECADAFC-F30F-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 07:00 . 2012-08-31 07:07 25088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C58297C-F339-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 11:27 . 2012-08-29 11:27 57856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74CDBA0C-F1CC-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-30 10:42 . 2012-08-30 10:42 35840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F862930-F28F-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 21:36 . 2012-08-28 21:36 29184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D5B7580-F158-11E1-AB91-00261806CE9F}.dat
+ 2012-09-01 20:48 . 2012-09-01 20:48 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A48FCC4-F476-11E1-93AF-00261806CE9F}.dat
+ 2012-08-30 16:11 . 2012-08-30 16:12 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67A313FC-F2BD-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 04:35 . 2012-09-01 04:40 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64DA61A8-F3EE-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-29 03:41 . 2012-08-29 03:41 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6109C560-F18B-11E1-A95E-00261806CE9F}.dat
+ 2012-08-28 21:43 . 2012-08-28 21:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E59F67C-F159-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 07:20 . 2012-08-31 07:20 26112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{572C35C4-F33C-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 20:34 . 2012-08-31 20:35 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{51D5779C-F3AB-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 05:04 . 2012-08-31 05:09 19456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C71B6B8-F329-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 04:44 . 2012-08-29 04:48 14848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3EEBF350-F194-11E1-A95E-00261806CE9F}.dat
+ 2012-08-31 05:03 . 2012-08-31 05:09 53248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B265879-F329-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 05:03 . 2012-08-31 05:03 33792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B265878-F329-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 18:20 . 2012-08-29 18:20 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{38E3A0A8-F206-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-31 04:06 . 2012-08-31 04:06 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{386B124C-F321-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 12:06 . 2012-08-30 12:07 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2958E1AC-F29B-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 04:43 . 2012-08-29 04:48 14848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{235ACE68-F194-11E1-A95E-00261806CE9F}.dat
+ 2012-08-30 14:50 . 2012-08-30 14:51 61440 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13CA7B7D-F2B2-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 10:32 . 2012-08-30 10:39 25088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0816372C-F28E-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 15:10 . 2012-08-31 15:10 31744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0339FB90-F37E-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 16:36 . 2012-08-31 16:37 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{010F2644-F38A-11E1-8633-00261806CE9F}.dat
- 2012-08-16 14:33 . 2012-08-28 20:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-08-16 14:33 . 2012-09-01 19:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-10-20 17:27 . 2012-09-01 21:08 66488 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-01 21:08 33988 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-20 16:56 . 2012-09-01 20:45 21600 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3966490604-3525249063-2581321070-1000_UserData.bin
- 2010-10-20 19:23 . 2012-08-28 02:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-20 19:23 . 2012-09-01 19:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-17 15:27 . 2012-09-01 19:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-08-17 15:27 . 2012-08-28 02:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-28 02:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-01 19:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-01 20:39 . 2012-09-01 20:39 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{2D33DE65-F475-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 18:29 . 2012-09-01 20:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{01395BFD-F463-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 20:49 . 2012-09-01 20:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{90D78820-F476-11E1-93AF-00261806CE9F}.dat
+ 2012-09-01 20:39 . 2012-09-01 20:39 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{2D33DE66-F475-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-30 23:04 . 2012-08-30 23:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FED929BB-F2F6-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 05:15 . 2012-09-01 05:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB6C287F-F3F3-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-29 07:13 . 2012-08-29 07:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F7DD0B63-F1A8-11E1-A95E-00261806CE9F}.dat
+ 2012-08-28 20:57 . 2012-08-28 20:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ED0AECD3-F152-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 15:09 . 2012-08-31 15:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E9F118FB-F37D-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 05:07 . 2012-09-01 05:11 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E96C32FB-F3F2-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 04:45 . 2012-09-01 04:50 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E487B1EB-F3EF-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 10:15 . 2012-09-01 10:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3E86C07-F41D-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 00:06 . 2012-09-01 00:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E262A18B-F3C8-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 11:27 . 2012-08-31 11:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DF243143-F35E-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 04:41 . 2012-08-29 04:44 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB8FBF5C-F193-11E1-A95E-00261806CE9F}.dat
+ 2012-08-30 18:23 . 2012-08-30 18:23 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAE76590-F2CF-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 11:28 . 2012-08-30 11:28 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D7123893-F295-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 11:35 . 2012-08-30 11:35 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D516117B-F296-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 20:47 . 2012-08-29 20:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0138063-F21A-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-30 00:01 . 2012-08-30 00:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CA41DCC3-F235-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-30 01:05 . 2012-08-30 01:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5D2FEBB-F23E-11E1-ABD7-00261806CE9F}.dat
+ 2012-08-30 10:30 . 2012-08-30 10:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BDFAE6EB-F28D-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 19:05 . 2012-08-30 19:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B933B6EF-F2D5-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 01:49 . 2012-08-29 01:49 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B6E72AA3-F17B-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 04:31 . 2012-08-31 04:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B5DA4B64-F324-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 04:40 . 2012-08-29 04:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B528D09B-F193-11E1-A95E-00261806CE9F}.dat
+ 2012-08-31 04:31 . 2012-08-31 04:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B48D0AE3-F324-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 14:24 . 2012-09-01 14:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B2CB3087-F440-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 08:27 . 2012-08-31 08:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B2755B13-F345-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 10:21 . 2012-08-31 10:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AF1B731B-F355-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 15:24 . 2012-08-29 15:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE13F24F-F1ED-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-29 14:06 . 2012-08-29 14:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACE36290-F1E2-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-31 06:39 . 2012-08-31 06:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC7D4563-F336-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 19:19 . 2012-08-30 19:19 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ABFB2F1F-F2D7-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 02:00 . 2012-08-31 02:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A192961B-F30F-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 02:00 . 2012-08-31 02:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9ECADAFB-F30F-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 19:34 . 2012-08-29 19:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9CD48B1B-F210-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-28 21:59 . 2012-08-28 21:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{990D34BC-F15B-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 11:40 . 2012-08-31 11:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97F57753-F360-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 21:59 . 2012-08-28 21:59 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{952311DB-F15B-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 08:04 . 2012-08-31 08:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8D0385FB-F342-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 07:00 . 2012-08-31 07:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C58297B-F339-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 23:46 . 2012-08-28 23:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8C3FF467-F16A-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 06:02 . 2012-08-31 06:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6EF77623-F331-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 06:02 . 2012-08-31 06:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6E853423-F331-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 22:05 . 2012-08-28 22:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6CC5FB2B-F15C-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 14:01 . 2012-08-31 14:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6BB6170B-F374-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 08:25 . 2012-08-31 08:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6AEE6983-F345-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 11:26 . 2012-08-29 11:27 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A9A17EF-F1CC-11E1-B3F6-00261806CE9F}.dat
+ 2012-09-01 20:48 . 2012-09-01 20:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A48FCC3-F476-11E1-93AF-00261806CE9F}.dat
+ 2012-08-30 16:11 . 2012-08-30 16:11 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{67A313FB-F2BD-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 10:42 . 2012-08-30 10:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6565DC4B-F28F-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 21:36 . 2012-08-28 21:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61561CBB-F158-11E1-AB91-00261806CE9F}.dat
+ 2012-08-30 11:03 . 2012-08-30 11:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6129159B-F292-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 21:43 . 2012-08-28 21:43 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E59F67B-F159-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 07:20 . 2012-08-31 07:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{572C35C3-F33C-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 03:40 . 2012-08-29 03:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{570570A3-F18B-11E1-A95E-00261806CE9F}.dat
+ 2012-08-31 20:34 . 2012-08-31 20:35 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{51D5779B-F3AB-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 08:24 . 2012-08-31 08:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4BDB3643-F345-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 04:06 . 2012-08-31 04:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{386B124B-F321-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 07:48 . 2012-08-31 07:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3545F43B-F340-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 20:30 . 2012-08-28 20:30 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33C01DD7-F14F-11E1-9A82-00261806CE9F}.dat
+ 2012-09-01 04:33 . 2012-09-01 04:35 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33482A5B-F3EE-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 04:34 . 2012-08-31 04:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{311CA95B-F325-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 17:36 . 2012-08-30 17:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A74366B-F2C9-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 12:06 . 2012-08-30 12:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2958E1AB-F29B-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 22:03 . 2012-08-28 22:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{25CC9BCB-F15C-11E1-AB91-00261806CE9F}.dat
+ 2012-08-29 00:19 . 2012-08-29 00:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{25680D1F-F16F-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 04:05 . 2012-08-31 04:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2417948B-F321-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 18:19 . 2012-08-29 18:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1F2806E3-F206-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-29 02:49 . 2012-08-29 02:49 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1CFC5EC3-F184-11E1-AB91-00261806CE9F}.dat
+ 2012-08-30 14:50 . 2012-08-30 14:50 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13CA7B7C-F2B2-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 06:09 . 2012-08-29 06:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{11D9D35B-F1A0-11E1-A95E-00261806CE9F}.dat
+ 2012-08-31 05:02 . 2012-08-31 05:06 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0B51B77B-F329-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 10:32 . 2012-08-30 10:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0816372B-F28E-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 16:36 . 2012-08-31 16:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{010F2643-F38A-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 05:15 . 2012-09-01 05:15 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB6C2880-F3F3-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 15:10 . 2012-08-31 15:10 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8C67210-F37D-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 20:57 . 2012-08-28 20:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F3F26578-F152-11E1-AB91-00261806CE9F}.dat
+ 2012-08-28 20:57 . 2012-08-28 20:57 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED0AECD4-F152-11E1-AB91-00261806CE9F}.dat
+ 2012-08-30 11:07 . 2012-08-30 11:07 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E8DEBCE3-F292-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 00:06 . 2012-09-01 00:06 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E262A18D-F3C8-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-30 18:23 . 2012-08-30 18:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAE76591-F2CF-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 11:28 . 2012-08-30 11:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7123894-F295-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 01:05 . 2012-08-30 01:05 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D1D8D098-F23E-11E1-ABD7-00261806CE9F}.dat
+ 2012-08-30 00:01 . 2012-08-30 00:01 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA41DCC5-F235-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-30 10:31 . 2012-08-30 10:31 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C9F5ACA8-F28D-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 01:49 . 2012-08-29 01:49 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6E72AA4-F17B-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 10:21 . 2012-08-31 10:22 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF1B731C-F355-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 05:06 . 2012-08-31 05:07 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACE16980-F329-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 19:19 . 2012-08-30 19:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ABFB2F20-F2D7-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 21:59 . 2012-08-28 21:59 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9FBACCF8-F15B-11E1-AB91-00261806CE9F}.dat
+ 2012-08-28 21:59 . 2012-08-28 21:59 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{990D34BD-F15B-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 05:06 . 2012-08-31 05:06 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9315F520-F329-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 23:46 . 2012-08-28 23:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C3FF468-F16A-11E1-AB91-00261806CE9F}.dat
+ 2012-08-30 11:04 . 2012-08-30 11:07 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{874537E9-F292-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 10:42 . 2012-08-30 10:42 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F862932-F28F-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 06:02 . 2012-08-31 06:03 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6EF77624-F331-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 06:02 . 2012-08-31 06:03 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6E853424-F331-11E1-8633-00261806CE9F}.dat
+ 2012-08-28 22:05 . 2012-08-28 22:05 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CC5FB2C-F15C-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 14:01 . 2012-08-31 14:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6BB6170C-F374-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 11:26 . 2012-08-29 11:27 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A9A17F1-F1CC-11E1-B3F6-00261806CE9F}.dat
+ 2012-09-01 20:48 . 2012-09-01 20:48 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A48FCC5-F476-11E1-93AF-00261806CE9F}.dat
+ 2012-08-29 03:41 . 2012-08-29 03:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{570570A5-F18B-11E1-A95E-00261806CE9F}.dat
+ 2012-08-31 20:34 . 2012-08-31 20:35 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{51D5779D-F3AB-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-29 07:14 . 2012-08-29 07:15 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3C8300F8-F1A9-11E1-A95E-00261806CE9F}.dat
+ 2012-08-28 20:30 . 2012-08-28 20:30 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33C01DD8-F14F-11E1-9A82-00261806CE9F}.dat
+ 2012-08-31 05:03 . 2012-08-31 05:03 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31F1C738-F329-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 05:09 . 2012-09-01 05:11 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CE0076E-F3F3-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 05:09 . 2012-09-01 05:09 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CE0076C-F3F3-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-29 00:19 . 2012-08-29 00:19 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{25680D21-F16F-11E1-AB91-00261806CE9F}.dat
+ 2012-08-29 00:19 . 2012-08-29 00:19 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{25680D20-F16F-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 04:05 . 2012-08-31 04:05 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2417948C-F321-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 07:14 . 2012-08-29 07:17 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1E4A570A-F1A9-11E1-A95E-00261806CE9F}.dat
+ 2012-08-29 07:14 . 2012-08-29 07:17 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1E4A5709-F1A9-11E1-A95E-00261806CE9F}.dat
+ 2012-08-29 02:49 . 2012-08-29 02:49 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1CFC5EC4-F184-11E1-AB91-00261806CE9F}.dat
+ 2012-08-30 10:33 . 2012-08-30 10:33 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{17CB74A8-F28E-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 04:46 . 2012-09-01 04:47 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F15A578-F3F0-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 04:40 . 2012-08-31 04:40 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{04456C98-F326-11E1-8633-00261806CE9F}.dat
- 2012-08-28 11:54 . 2012-08-28 11:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-01 21:06 . 2012-09-01 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-01 21:06 . 2012-09-01 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-28 11:54 . 2012-08-28 11:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-16 13:02 . 2012-08-28 19:29 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-16 13:02 . 2012-09-01 20:48 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-09-01 20:49 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-01 04:00 . 2012-09-01 20:49 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012090120120902\index.dat
+ 2012-08-31 04:00 . 2012-09-01 03:16 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012083120120901\index.dat
+ 2012-08-30 10:30 . 2012-08-31 03:02 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012083020120831\index.dat
+ 2012-08-29 04:00 . 2012-08-30 01:05 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012082920120830\index.dat
+ 2012-08-28 04:06 . 2012-08-29 03:58 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012082820120829\index.dat
+ 2012-08-29 07:13 . 2012-08-29 07:17 223744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7DD0B64-F1A8-11E1-A95E-00261806CE9F}.dat
+ 2012-08-31 11:27 . 2012-08-31 11:27 152064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF243144-F35E-11E1-8633-00261806CE9F}.dat
+ 2012-08-30 01:06 . 2012-08-30 01:06 204288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DEC0F7E0-F23E-11E1-ABD7-00261806CE9F}.dat
+ 2012-08-29 04:41 . 2012-08-29 04:48 300032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB8FBF5D-F193-11E1-A95E-00261806CE9F}.dat
+ 2012-08-29 20:47 . 2012-08-29 20:48 246784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0138064-F21A-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-29 15:25 . 2012-08-29 15:25 112640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7A4D488-F1ED-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-31 08:27 . 2012-08-31 08:27 163328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2755B14-F345-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 14:06 . 2012-08-29 14:06 152576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACE36291-F1E2-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-31 06:39 . 2012-08-31 06:40 208384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC7D4564-F336-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 11:40 . 2012-08-31 11:40 102912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97F57754-F360-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 08:04 . 2012-08-31 08:05 103424 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D0385FC-F342-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 04:50 . 2012-09-01 04:50 377856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A34FAB0-F3F0-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-31 08:25 . 2012-08-31 08:25 194560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{76F93CA0-F345-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 08:24 . 2012-08-31 08:24 211968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4BDB3644-F345-11E1-8633-00261806CE9F}.dat
+ 2012-08-31 07:48 . 2012-08-31 07:48 130048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3545F43C-F340-11E1-8633-00261806CE9F}.dat
+ 2012-09-01 04:33 . 2012-09-01 04:40 374272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33482A5C-F3EE-11E1-9DC1-00261806CE9F}.dat
+ 2012-08-28 22:03 . 2012-08-28 22:03 462848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32020928-F15C-11E1-AB91-00261806CE9F}.dat
+ 2012-08-31 04:34 . 2012-08-31 04:41 396800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{311CA95C-F325-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 18:20 . 2012-08-29 18:20 118784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{301A0E08-F206-11E1-B3F6-00261806CE9F}.dat
+ 2012-08-30 17:36 . 2012-08-30 17:36 138240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A74366C-F2C9-11E1-8633-00261806CE9F}.dat
+ 2012-08-29 06:09 . 2012-08-29 06:09 766976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11D9D35C-F1A0-11E1-A95E-00261806CE9F}.dat
+ 2012-08-31 05:02 . 2012-08-31 05:08 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B51B77C-F329-11E1-8633-00261806CE9F}.dat
+ 2009-07-14 02:36 . 2012-08-30 00:11 693426 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-16 16:56 693426 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-30 00:11 130498 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-16 16:56 130498 c:\windows\system32\perfc009.dat
+ 2012-08-30 05:51 . 2012-08-30 08:53 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2012-08-30 05:41 . 2012-08-30 08:53 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2009-07-14 05:01 . 2012-09-01 21:05 449196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-28 11:52 449196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-30 05:40 . 2012-08-30 05:40 311296 c:\windows\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin
+ 2012-08-16 13:01 . 2012-09-01 20:49 5898240 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2012-08-17 15:37 . 2012-09-01 20:49 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-23 18:39 . 2012-09-01 20:41 7474380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3966490604-3525249063-2581321070-1000-12288.dat
+ 2012-08-16 11:05 . 2012-09-01 21:05 6831340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-08-30 05:40 . 2012-08-30 14:25 4194304 c:\windows\Microsoft Antimalware\Support\MpWppTracing-08292012-214047-00000003-ffffffff.bin
+ 2012-08-30 05:40 . 2012-08-28 09:49 9310152 c:\windows\Microsoft Antimalware\Definition Updates\{F82D4E77-996D-4EA4-A511-34131971180A}\mpengine.dll
+ 2009-07-14 04:54 . 2012-09-01 20:49 13533184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 03:45 . 2012-09-01 21:05 19078372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3966490604-3525249063-2581321070-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Family Tree Builder Update"="c:\myheritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-25 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PCDSRVC{E20ED3E3-EFD35750-06000000}_0;PCDSRVC{E20ED3E3-EFD35750-06000000}_0 - PCDR Kernel Mode Service Helper Driver;e:\pc-doctor for win pe\pcdsrvc_x64.pkms [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-04-19 15672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\DRIVERS\dmdcap.sys [2007-06-08 276480]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-20 1255736]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-10-07 24560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/10/22 00:26];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 20:59 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-01 203776]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-01 9320448]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-01 306688]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-01-26 82816]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 16:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:14]
.
2012-09-01 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]
.
2012-09-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3966490604-3525249063-2581321070-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3966490604-3525249063-2581321070-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-02-18 82432]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;<local>
Trusted Zone: 164.109.25.72
Trusted Zone: 207.130.86.35
Trusted Zone: acura.com
Trusted Zone: acuraclientpurchaseexperience.com
Trusted Zone: acurainfo.programhq.com
Trusted Zone: acuraspinplay.programhq.com
Trusted Zone: ahm-ownerlink.com
Trusted Zone: ahmdealer.com
Trusted Zone: floridakeyswebcams.tv\www
Trusted Zone: honda.com
Trusted Zone: honda.com\www.in
Trusted Zone: honda.vo.llnwd.net
Trusted Zone: hondaadcmd.com
Trusted Zone: hondacars.com
Trusted Zone: hondainfo.programhq.com
Trusted Zone: hondamap.com
Trusted Zone: hondaprofessional.com
Trusted Zone: hondaspinplay.programhq.com
Trusted Zone: hondasso.com
Trusted Zone: jdpa.com
Trusted Zone: jdpower.com
Trusted Zone: mylcchonda.com
Trusted Zone: pcsc.acurasrs.com
Trusted Zone: prospectingacurasrs.com
Trusted Zone: travelhq.com
Trusted Zone: xmradio.com
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{E20ED3E3-EFD35750-06000000}_0]
"ImagePath"="\??\e:\pc-doctor for win pe\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:68,4c,0c,ce,0f,83,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,8a,e0,45,5b,99,e7,40,85,20,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,8a,e0,45,5b,99,e7,40,85,20,b9,\
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\CyberLink\Common\claud\yberLink\PowerDirector\P* \PDR8]
"AuDsInterface"=dword:00000008
"AuHDMIMode"=dword:00000000
"AuDsDnmx"=dword:00000008
"AuDsDualMono"=dword:00000000
"AuDsDHMode"=dword:00000002
"AuDsDVSMode"=dword:00000005
"AuDsCLHMode"=dword:00000002
"AuDsCLVSMode"=dword:00000002
"AuDsTSOn"=dword:00000001
"AuDsFocusOn"=dword:00000001
"AuDsTBOn"=dword:00000001
"AuDsFocusLevel"=dword:00000005
"AuDsTBLevel"=dword:00000008
"AuDsSpkSize"=dword:00000001
"AuDsDTSS2SpeakWidth"=dword:0000000a
"AuDsDTSS2DialGain"=dword:00000000
"AuDsDTSS2BassRGain"=dword:00000000
"AuDsChanExpand"=dword:00000004
"AuDsPL2Mode"=dword:00000003
"AuDsPL2XPanorama"=dword:00000000
"AuDsPL2XCntrWidth"=dword:00000003
"AuDsMEIMode"=dword:00000014
"AuDsMEIVolFront"=dword:0000001e
"AuDsMEIVolRear"=dword:0000001e
"AuDsMEIVolCenter"=dword:0000001e
"AuDsMEIVolLFE"=dword:0000001e
"AuDsNeo6Mode"=dword:00000000
"AU_DRC_MODE"=dword:00000002
"LFEON"=dword:00000001
"AuDsCntrMix"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\CyberLink\Common\claud\yberLink\PowerDirector\P* *u**x**\PDR8]
"AuDsInterface"=dword:00000008
"AuHDMIMode"=dword:00000000
"AuDsDnmx"=dword:00000008
"AuDsDualMono"=dword:00000000
"AuDsDHMode"=dword:00000002
"AuDsDVSMode"=dword:00000005
"AuDsCLHMode"=dword:00000002
"AuDsCLVSMode"=dword:00000002
"AuDsTSOn"=dword:00000001
"AuDsFocusOn"=dword:00000001
"AuDsTBOn"=dword:00000001
"AuDsFocusLevel"=dword:00000005
"AuDsTBLevel"=dword:00000008
"AuDsSpkSize"=dword:00000001
"AuDsDTSS2SpeakWidth"=dword:0000000a
"AuDsDTSS2DialGain"=dword:00000000
"AuDsDTSS2BassRGain"=dword:00000000
"AuDsChanExpand"=dword:00000004
"AuDsPL2Mode"=dword:00000003
"AuDsPL2XPanorama"=dword:00000000
"AuDsPL2XCntrWidth"=dword:00000003
"AuDsMEIMode"=dword:00000014
"AuDsMEIVolFront"=dword:0000001e
"AuDsMEIVolRear"=dword:0000001e
"AuDsMEIVolCenter"=dword:0000001e
"AuDsMEIVolLFE"=dword:0000001e
"AuDsNeo6Mode"=dword:00000000
"AU_DRC_MODE"=dword:00000002
"LFEON"=dword:00000001
"AuDsCntrMix"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\CyberLink\Common\claud\yberLink\PowerDirector\P* **\PDR8]
"AuDsInterface"=dword:00000008
"AuHDMIMode"=dword:00000000
"AuDsDnmx"=dword:00000008
"AuDsDualMono"=dword:00000000
"AuDsDHMode"=dword:00000002
"AuDsDVSMode"=dword:00000005
"AuDsCLHMode"=dword:00000002
"AuDsCLVSMode"=dword:00000002
"AuDsTSOn"=dword:00000001
"AuDsFocusOn"=dword:00000001
"AuDsTBOn"=dword:00000001
"AuDsFocusLevel"=dword:00000005
"AuDsTBLevel"=dword:00000008
"AuDsSpkSize"=dword:00000001
"AuDsDTSS2SpeakWidth"=dword:0000000a
"AuDsDTSS2DialGain"=dword:00000000
"AuDsDTSS2BassRGain"=dword:00000000
"AuDsChanExpand"=dword:00000004
"AuDsPL2Mode"=dword:00000003
"AuDsPL2XPanorama"=dword:00000000
"AuDsPL2XCntrWidth"=dword:00000003
"AuDsMEIMode"=dword:00000014
"AuDsMEIVolFront"=dword:0000001e
"AuDsMEIVolRear"=dword:0000001e
"AuDsMEIVolCenter"=dword:0000001e
"AuDsMEIVolLFE"=dword:0000001e
"AuDsNeo6Mode"=dword:00000000
"AU_DRC_MODE"=dword:00000002
"LFEON"=dword:00000001
"AuDsCntrMix"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\CyberLink\Common\claud\yberLink\PowerDirector\P* \PDR8]
"AuDsInterface"=dword:00000008
"AuHDMIMode"=dword:00000000
"AuDsDnmx"=dword:00000008
"AuDsDualMono"=dword:00000000
"AuDsDHMode"=dword:00000002
"AuDsDVSMode"=dword:00000005
"AuDsCLHMode"=dword:00000002
"AuDsCLVSMode"=dword:00000002
"AuDsTSOn"=dword:00000001
"AuDsFocusOn"=dword:00000001
"AuDsTBOn"=dword:00000001
"AuDsFocusLevel"=dword:00000005
"AuDsTBLevel"=dword:00000008
"AuDsSpkSize"=dword:00000001
"AuDsDTSS2SpeakWidth"=dword:0000000a
"AuDsDTSS2DialGain"=dword:00000000
"AuDsDTSS2BassRGain"=dword:00000000
"AuDsChanExpand"=dword:00000004
"AuDsPL2Mode"=dword:00000003
"AuDsPL2XPanorama"=dword:00000000
"AuDsPL2XCntrWidth"=dword:00000003
"AuDsMEIMode"=dword:00000014
"AuDsMEIVolFront"=dword:0000001e
"AuDsMEIVolRear"=dword:0000001e
"AuDsMEIVolCenter"=dword:0000001e
"AuDsMEIVolLFE"=dword:0000001e
"AuDsNeo6Mode"=dword:00000000
"AU_DRC_MODE"=dword:00000002
"LFEON"=dword:00000001
"AuDsCntrMix"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-09-01 17:15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-01 21:15
ComboFix2.txt 2012-08-28 20:27
ComboFix3.txt 2012-08-25 20:49
ComboFix4.txt 2012-08-19 17:08
ComboFix5.txt 2012-09-01 20:50
.
Pre-Run: 569,371,889,664 bytes free
Post-Run: 569,572,089,856 bytes free
.
- - End Of File - - 84799F2719B1ED0EFE439B68B4C86332

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 01 September 2012 - 05:54 PM

Greetings

Lets run this now.

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll c:\windows\SysWOW64\user32.dll
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 johnny6220

johnny6220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 01 September 2012 - 06:29 PM

Fantastic Gringo. IE9 32bit does not redirect any more. Blitzblank worked flawlessly and it seemed to take care of the virus. Here's the log.



BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll",

destinationFile = "\??\c:\windows\syswow64\user32.dll"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 01 September 2012 - 07:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 johnny6220

johnny6220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 01 September 2012 - 07:58 PM

Here's the two logs. I'm trying to follow the logic as to the repair, but it's beyond my scope.



20:15:35.0427 3284 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:15:36.0067 3284 ============================================================
20:15:36.0067 3284 Current date / time: 2012/09/01 20:15:36.0067
20:15:36.0067 3284 SystemInfo:
20:15:36.0067 3284
20:15:36.0067 3284 OS Version: 6.1.7601 ServicePack: 1.0
20:15:36.0067 3284 Product type: Workstation
20:15:36.0067 3284 ComputerName: OWNER-PC
20:15:36.0067 3284 UserName: Owner
20:15:36.0067 3284 Windows directory: C:\Windows
20:15:36.0067 3284 System windows directory: C:\Windows
20:15:36.0067 3284 Running under WOW64
20:15:36.0067 3284 Processor architecture: Intel x64
20:15:36.0067 3284 Number of processors: 4
20:15:36.0067 3284 Page size: 0x1000
20:15:36.0067 3284 Boot type: Normal boot
20:15:36.0067 3284 ============================================================
20:15:37.0409 3284 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:15:37.0440 3284 ============================================================
20:15:37.0440 3284 \Device\Harddisk0\DR0:
20:15:37.0440 3284 MBR partitions:
20:15:37.0440 3284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:15:37.0440 3284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72AE3800
20:15:37.0440 3284 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x72B16000, BlocksNum 0x1BF0000
20:15:37.0440 3284 ============================================================
20:15:37.0471 3284 C: <-> \Device\Harddisk0\DR0\Partition2
20:15:37.0518 3284 D: <-> \Device\Harddisk0\DR0\Partition3
20:15:37.0518 3284 ============================================================
20:15:37.0518 3284 Initialize success
20:15:37.0518 3284 ============================================================
20:15:41.0667 2968 ============================================================
20:15:41.0667 2968 Scan started
20:15:41.0667 2968 Mode: Manual;
20:15:41.0667 2968 ============================================================
20:15:43.0633 2968 ================ Scan system memory ========================
20:15:43.0633 2968 System memory - ok
20:15:43.0633 2968 ================ Scan services =============================
20:15:43.0789 2968 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:15:43.0820 2968 !SASCORE - ok
20:15:44.0148 2968 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:15:44.0163 2968 1394ohci - ok
20:15:44.0179 2968 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
20:15:44.0195 2968 61883 - ok
20:15:44.0319 2968 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:15:44.0319 2968 ACDaemon - ok
20:15:44.0366 2968 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:15:44.0382 2968 ACPI - ok
20:15:44.0429 2968 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:15:44.0429 2968 AcpiPmi - ok
20:15:44.0569 2968 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:15:44.0631 2968 AdobeARMservice - ok
20:15:44.0756 2968 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:15:44.0772 2968 AdobeFlashPlayerUpdateSvc - ok
20:15:44.0819 2968 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:15:44.0834 2968 adp94xx - ok
20:15:44.0881 2968 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:15:44.0881 2968 adpahci - ok
20:15:44.0897 2968 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:15:44.0912 2968 adpu320 - ok
20:15:44.0943 2968 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:15:44.0959 2968 AeLookupSvc - ok
20:15:45.0006 2968 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:15:45.0021 2968 AFD - ok
20:15:45.0084 2968 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:15:45.0084 2968 agp440 - ok
20:15:45.0099 2968 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:15:45.0099 2968 ALG - ok
20:15:45.0115 2968 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:15:45.0131 2968 aliide - ok
20:15:45.0146 2968 [ 998021E7C3DE3E97E441ABACE498FFB6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:15:45.0162 2968 AMD External Events Utility - ok
20:15:45.0177 2968 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:15:45.0177 2968 amdide - ok
20:15:45.0193 2968 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:15:45.0193 2968 AmdK8 - ok
20:15:45.0411 2968 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:15:45.0583 2968 amdkmdag - ok
20:15:45.0614 2968 [ 781DAEC0C3E63950CCA53D193582F2E8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:15:45.0614 2968 amdkmdap - ok
20:15:45.0630 2968 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:15:45.0630 2968 AmdPPM - ok
20:15:45.0677 2968 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:15:45.0677 2968 amdsata - ok
20:15:45.0708 2968 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:15:45.0723 2968 amdsbs - ok
20:15:45.0739 2968 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:15:45.0739 2968 amdxata - ok
20:15:45.0833 2968 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
20:15:45.0833 2968 AppHostSvc - ok
20:15:45.0879 2968 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:15:45.0879 2968 AppID - ok
20:15:45.0911 2968 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:15:45.0911 2968 AppIDSvc - ok
20:15:45.0942 2968 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:15:45.0942 2968 Appinfo - ok
20:15:46.0035 2968 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
20:15:46.0035 2968 Apple Mobile Device - ok
20:15:46.0067 2968 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:15:46.0082 2968 arc - ok
20:15:46.0098 2968 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:15:46.0098 2968 arcsas - ok
20:15:46.0223 2968 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:15:46.0223 2968 aspnet_state - ok
20:15:46.0238 2968 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:15:46.0238 2968 AsyncMac - ok
20:15:46.0285 2968 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:15:46.0285 2968 atapi - ok
20:15:46.0363 2968 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:15:46.0425 2968 athr - ok
20:15:46.0613 2968 [ 250D5B746FFF9B7D88591EE60B63B3E4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:15:46.0659 2968 atikmdag - ok
20:15:46.0737 2968 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:15:46.0753 2968 AudioEndpointBuilder - ok
20:15:46.0769 2968 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:15:46.0784 2968 AudioSrv - ok
20:15:46.0815 2968 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
20:15:46.0815 2968 Avc - ok
20:15:46.0862 2968 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:15:46.0862 2968 AxInstSV - ok
20:15:46.0925 2968 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:15:46.0925 2968 b06bdrv - ok
20:15:46.0971 2968 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:15:46.0987 2968 b57nd60a - ok
20:15:47.0065 2968 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:15:47.0065 2968 BBSvc - ok
20:15:47.0096 2968 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:15:47.0096 2968 BDESVC - ok
20:15:47.0127 2968 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:15:47.0127 2968 Beep - ok
20:15:47.0221 2968 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:15:47.0237 2968 BFE - ok
20:15:47.0299 2968 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:15:47.0330 2968 BITS - ok
20:15:47.0346 2968 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:15:47.0346 2968 blbdrive - ok
20:15:47.0424 2968 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:15:47.0439 2968 Bonjour Service - ok
20:15:47.0486 2968 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:15:47.0486 2968 bowser - ok
20:15:47.0502 2968 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:15:47.0502 2968 BrFiltLo - ok
20:15:47.0517 2968 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:15:47.0517 2968 BrFiltUp - ok
20:15:47.0564 2968 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:15:47.0564 2968 BridgeMP - ok
20:15:47.0611 2968 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:15:47.0611 2968 Browser - ok
20:15:47.0627 2968 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:15:47.0627 2968 Brserid - ok
20:15:47.0642 2968 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:15:47.0642 2968 BrSerWdm - ok
20:15:47.0658 2968 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:15:47.0658 2968 BrUsbMdm - ok
20:15:47.0658 2968 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:15:47.0658 2968 BrUsbSer - ok
20:15:47.0673 2968 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:15:47.0673 2968 BTHMODEM - ok
20:15:47.0705 2968 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:15:47.0705 2968 bthserv - ok
20:15:47.0736 2968 catchme - ok
20:15:47.0751 2968 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:15:47.0767 2968 cdfs - ok
20:15:47.0829 2968 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:15:47.0829 2968 cdrom - ok
20:15:47.0861 2968 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:15:47.0861 2968 CertPropSvc - ok
20:15:47.0876 2968 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:15:47.0876 2968 circlass - ok
20:15:47.0939 2968 [ 125327DF629324FAD78D9A95CCD0F425 ] CLBStor C:\Windows\system32\DRIVERS\CLBStor.sys
20:15:47.0939 2968 CLBStor - ok
20:15:47.0970 2968 [ 9C0CD75FEA24E7E0E835EEE7F14406F7 ] CLBUDF C:\Windows\system32\drivers\CLBUDF.sys
20:15:47.0970 2968 CLBUDF - ok
20:15:47.0985 2968 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:15:48.0001 2968 CLFS - ok
20:15:48.0048 2968 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:15:48.0048 2968 clr_optimization_v2.0.50727_32 - ok
20:15:48.0079 2968 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:15:48.0079 2968 clr_optimization_v2.0.50727_64 - ok
20:15:48.0157 2968 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:15:48.0157 2968 clr_optimization_v4.0.30319_32 - ok
20:15:48.0173 2968 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:15:48.0173 2968 clr_optimization_v4.0.30319_64 - ok
20:15:48.0204 2968 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:15:48.0204 2968 CmBatt - ok
20:15:48.0219 2968 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:15:48.0219 2968 cmdide - ok
20:15:48.0282 2968 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:15:48.0297 2968 CNG - ok
20:15:48.0313 2968 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:15:48.0329 2968 Compbatt - ok
20:15:48.0360 2968 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:15:48.0360 2968 CompositeBus - ok
20:15:48.0375 2968 COMSysApp - ok
20:15:48.0375 2968 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:15:48.0375 2968 crcdisk - ok
20:15:48.0422 2968 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:15:48.0422 2968 CryptSvc - ok
20:15:48.0485 2968 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:15:48.0500 2968 DcomLaunch - ok
20:15:48.0531 2968 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:15:48.0547 2968 defragsvc - ok
20:15:48.0594 2968 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:15:48.0594 2968 DfsC - ok
20:15:48.0656 2968 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:15:48.0672 2968 Dhcp - ok
20:15:48.0687 2968 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:15:48.0687 2968 discache - ok
20:15:48.0734 2968 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:15:48.0734 2968 Disk - ok
20:15:48.0781 2968 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:15:48.0781 2968 Dnscache - ok
20:15:48.0828 2968 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:15:48.0843 2968 dot3svc - ok
20:15:48.0859 2968 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:15:48.0875 2968 Dot4 - ok
20:15:48.0921 2968 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
20:15:48.0921 2968 Dot4Print - ok
20:15:48.0937 2968 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:15:48.0937 2968 dot4usb - ok
20:15:49.0015 2968 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:15:49.0046 2968 DPS - ok
20:15:49.0155 2968 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:15:49.0155 2968 drmkaud - ok
20:15:49.0202 2968 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:15:49.0218 2968 DXGKrnl - ok
20:15:49.0233 2968 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:15:49.0233 2968 EapHost - ok
20:15:49.0327 2968 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:15:49.0421 2968 ebdrv - ok
20:15:49.0467 2968 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:15:49.0467 2968 EFS - ok
20:15:49.0514 2968 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:15:49.0530 2968 ehRecvr - ok
20:15:49.0561 2968 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:15:49.0561 2968 ehSched - ok
20:15:49.0592 2968 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:15:49.0592 2968 elxstor - ok
20:15:49.0639 2968 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:15:49.0639 2968 ErrDev - ok
20:15:49.0686 2968 esgiguard - ok
20:15:49.0717 2968 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:15:49.0733 2968 EventSystem - ok
20:15:49.0764 2968 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:15:49.0764 2968 exfat - ok
20:15:49.0795 2968 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:15:49.0795 2968 fastfat - ok
20:15:49.0873 2968 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:15:49.0889 2968 Fax - ok
20:15:49.0904 2968 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:15:49.0920 2968 fdc - ok
20:15:49.0935 2968 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:15:49.0935 2968 fdPHost - ok
20:15:49.0951 2968 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:15:49.0951 2968 FDResPub - ok
20:15:49.0967 2968 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:15:49.0967 2968 FileInfo - ok
20:15:49.0982 2968 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:15:49.0998 2968 Filetrace - ok
20:15:50.0013 2968 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:15:50.0013 2968 flpydisk - ok
20:15:50.0060 2968 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:15:50.0060 2968 FltMgr - ok
20:15:50.0138 2968 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:15:50.0169 2968 FontCache - ok
20:15:50.0232 2968 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:15:50.0247 2968 FontCache3.0.0.0 - ok
20:15:50.0263 2968 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:15:50.0263 2968 FsDepends - ok
20:15:50.0310 2968 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:15:50.0310 2968 Fs_Rec - ok
20:15:50.0341 2968 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:15:50.0357 2968 fvevol - ok
20:15:50.0372 2968 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:15:50.0372 2968 gagp30kx - ok
20:15:50.0419 2968 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:15:50.0419 2968 GEARAspiWDM - ok
20:15:50.0466 2968 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:15:50.0497 2968 gpsvc - ok
20:15:50.0513 2968 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:15:50.0513 2968 hcw85cir - ok
20:15:50.0575 2968 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:15:50.0575 2968 HdAudAddService - ok
20:15:50.0637 2968 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:15:50.0637 2968 HDAudBus - ok
20:15:50.0669 2968 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:15:50.0669 2968 HidBatt - ok
20:15:50.0684 2968 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:15:50.0684 2968 HidBth - ok
20:15:50.0700 2968 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:15:50.0715 2968 HidIr - ok
20:15:50.0731 2968 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:15:50.0747 2968 hidserv - ok
20:15:50.0747 2968 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:15:50.0747 2968 HidUsb - ok
20:15:50.0793 2968 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:15:50.0793 2968 hkmsvc - ok
20:15:50.0840 2968 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:15:50.0840 2968 HomeGroupListener - ok
20:15:50.0887 2968 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:15:50.0903 2968 HomeGroupProvider - ok
20:15:50.0918 2968 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:15:50.0934 2968 HpSAMD - ok
20:15:51.0012 2968 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:15:51.0027 2968 HTTP - ok
20:15:51.0074 2968 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:15:51.0074 2968 hwpolicy - ok
20:15:51.0105 2968 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:15:51.0121 2968 i8042prt - ok
20:15:51.0137 2968 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:15:51.0152 2968 iaStorV - ok
20:15:51.0215 2968 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation

\infocard.exe
20:15:51.0230 2968 idsvc - ok
20:15:51.0246 2968 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:15:51.0246 2968 iirsp - ok
20:15:51.0277 2968 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:15:51.0293 2968 IKEEXT - ok
20:15:51.0386 2968 [ BFBABCB231628A4551DBB10D0EA25D62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:15:51.0386 2968 IntcAzAudAddService - ok
20:15:51.0402 2968 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:15:51.0402 2968 intelide - ok
20:15:51.0417 2968 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:15:51.0433 2968 intelppm - ok
20:15:51.0449 2968 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:15:51.0449 2968 IPBusEnum - ok
20:15:51.0480 2968 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:15:51.0495 2968 IpFilterDriver - ok
20:15:51.0527 2968 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:15:51.0542 2968 iphlpsvc - ok
20:15:51.0573 2968 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:15:51.0589 2968 IPMIDRV - ok
20:15:51.0605 2968 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:15:51.0605 2968 IPNAT - ok
20:15:51.0667 2968 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:15:51.0698 2968 iPod Service - ok
20:15:51.0714 2968 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:15:51.0729 2968 IRENUM - ok
20:15:51.0761 2968 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:15:51.0761 2968 isapnp - ok
20:15:51.0807 2968 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:15:51.0807 2968 iScsiPrt - ok
20:15:51.0839 2968 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:15:51.0839 2968 kbdclass - ok
20:15:51.0901 2968 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:15:51.0901 2968 kbdhid - ok
20:15:51.0917 2968 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:15:51.0917 2968 KeyIso - ok
20:15:51.0979 2968 [ 524503240D2BA280D97E2297102151CE ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
20:15:51.0979 2968 kl1 - ok
20:15:52.0010 2968 [ 6AB7B4B65C5E201CB968DEC20AF10DCB ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:15:52.0010 2968 KLIF - ok
20:15:52.0041 2968 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:15:52.0041 2968 KSecDD - ok
20:15:52.0088 2968 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:15:52.0088 2968 KSecPkg - ok
20:15:52.0104 2968 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:15:52.0104 2968 ksthunk - ok
20:15:52.0135 2968 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:15:52.0151 2968 KtmRm - ok
20:15:52.0197 2968 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:15:52.0197 2968 LanmanServer - ok
20:15:52.0244 2968 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:15:52.0244 2968 LanmanWorkstation - ok
20:15:52.0275 2968 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:15:52.0275 2968 lltdio - ok
20:15:52.0307 2968 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:15:52.0322 2968 lltdsvc - ok
20:15:52.0322 2968 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:15:52.0338 2968 lmhosts - ok
20:15:52.0369 2968 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:15:52.0369 2968 LSI_FC - ok
20:15:52.0385 2968 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:15:52.0385 2968 LSI_SAS - ok
20:15:52.0400 2968 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:15:52.0416 2968 LSI_SAS2 - ok
20:15:52.0431 2968 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:15:52.0431 2968 LSI_SCSI - ok
20:15:52.0447 2968 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:15:52.0447 2968 luafv - ok
20:15:52.0478 2968 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:15:52.0478 2968 Mcx2Svc - ok
20:15:52.0509 2968 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:15:52.0509 2968 megasas - ok
20:15:52.0525 2968 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:15:52.0541 2968 MegaSR - ok
20:15:52.0603 2968 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office

\Office12\GrooveAuditService.exe
20:15:52.0619 2968 Microsoft Office Groove Audit Service - ok
20:15:52.0634 2968 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:15:52.0650 2968 MMCSS - ok
20:15:52.0665 2968 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:15:52.0665 2968 Modem - ok
20:15:52.0697 2968 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:15:52.0697 2968 monitor - ok
20:15:52.0712 2968 motccgp - ok
20:15:52.0712 2968 motccgpfl - ok
20:15:52.0712 2968 MotDev - ok
20:15:52.0728 2968 motmodem - ok
20:15:52.0853 2968 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
20:15:52.0962 2968 MotoHelper - ok
20:15:52.0977 2968 motport - ok
20:15:52.0977 2968 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:15:52.0977 2968 mouclass - ok
20:15:52.0993 2968 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:15:52.0993 2968 mouhid - ok
20:15:53.0040 2968 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:15:53.0040 2968 mountmgr - ok
20:15:53.0118 2968 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:15:53.0118 2968 MpFilter - ok
20:15:53.0165 2968 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:15:53.0180 2968 mpio - ok
20:15:53.0196 2968 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:15:53.0196 2968 mpsdrv - ok
20:15:53.0258 2968 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:15:53.0274 2968 MpsSvc - ok
20:15:53.0321 2968 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:15:53.0321 2968 MRxDAV - ok
20:15:53.0383 2968 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:15:53.0383 2968 mrxsmb - ok
20:15:53.0445 2968 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:15:53.0445 2968 mrxsmb10 - ok
20:15:53.0461 2968 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:15:53.0461 2968 mrxsmb20 - ok
20:15:53.0492 2968 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:15:53.0492 2968 msahci - ok
20:15:53.0523 2968 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:15:53.0523 2968 msdsm - ok
20:15:53.0570 2968 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:15:53.0570 2968 MSDTC - ok
20:15:53.0617 2968 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
20:15:53.0617 2968 MSDV - ok
20:15:53.0633 2968 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:15:53.0648 2968 Msfs - ok
20:15:53.0664 2968 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:15:53.0664 2968 mshidkmdf - ok
20:15:53.0695 2968 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:15:53.0695 2968 msisadrv - ok
20:15:53.0742 2968 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:15:53.0742 2968 MSiSCSI - ok
20:15:53.0757 2968 msiserver - ok
20:15:53.0773 2968 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:15:53.0773 2968 MSKSSRV - ok
20:15:53.0835 2968 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:15:53.0835 2968 MsMpSvc - ok
20:15:53.0851 2968 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:15:53.0851 2968 MSPCLOCK - ok
20:15:53.0867 2968 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:15:53.0867 2968 MSPQM - ok
20:15:53.0898 2968 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:15:53.0898 2968 MsRPC - ok
20:15:53.0913 2968 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:15:53.0913 2968 mssmbios - ok
20:15:53.0945 2968 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:15:53.0945 2968 MSTEE - ok
20:15:53.0960 2968 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:15:53.0960 2968 MTConfig - ok
20:15:53.0991 2968 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:15:53.0991 2968 Mup - ok
20:15:54.0038 2968 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:15:54.0054 2968 napagent - ok
20:15:54.0085 2968 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:15:54.0085 2968 NativeWifiP - ok
20:15:54.0132 2968 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:15:54.0163 2968 NDIS - ok
20:15:54.0179 2968 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:15:54.0179 2968 NdisCap - ok
20:15:54.0210 2968 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:15:54.0210 2968 NdisTapi - ok
20:15:54.0241 2968 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:15:54.0257 2968 Ndisuio - ok
20:15:54.0288 2968 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:15:54.0303 2968 NdisWan - ok
20:15:54.0335 2968 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:15:54.0335 2968 NDProxy - ok
20:15:54.0350 2968 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:15:54.0350 2968 NetBIOS - ok
20:15:54.0397 2968 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:15:54.0413 2968 NetBT - ok
20:15:54.0428 2968 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:15:54.0428 2968 Netlogon - ok
20:15:54.0475 2968 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:15:54.0475 2968 Netman - ok
20:15:54.0522 2968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:54.0522 2968 NetMsmqActivator - ok
20:15:54.0537 2968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:54.0537 2968 NetPipeActivator - ok
20:15:54.0569 2968 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:15:54.0584 2968 netprofm - ok
20:15:54.0600 2968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:54.0600 2968 NetTcpActivator - ok
20:15:54.0600 2968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:15:54.0600 2968 NetTcpPortSharing - ok
20:15:54.0615 2968 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:15:54.0615 2968 nfrd960 - ok
20:15:54.0662 2968 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:15:54.0662 2968 NisDrv - ok
20:15:54.0740 2968 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:15:54.0740 2968 NisSrv - ok
20:15:54.0803 2968 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:15:54.0803 2968 NlaSvc - ok
20:15:54.0834 2968 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:15:54.0834 2968 Npfs - ok
20:15:54.0834 2968 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:15:54.0849 2968 nsi - ok
20:15:54.0865 2968 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:15:54.0865 2968 nsiproxy - ok
20:15:54.0927 2968 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:15:54.0990 2968 Ntfs - ok
20:15:54.0990 2968 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:15:55.0005 2968 Null - ok
20:15:55.0021 2968 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
20:15:55.0037 2968 NVENETFD - ok
20:15:55.0068 2968 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
20:15:55.0068 2968 NVNET - ok
20:15:55.0115 2968 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:15:55.0130 2968 nvraid - ok
20:15:55.0161 2968 [ 78B96EC0352C6BB4788EBC200A2CADBF ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
20:15:55.0161 2968 nvrd64 - ok
20:15:55.0193 2968 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
20:15:55.0193 2968 nvsmu - ok
20:15:55.0208 2968 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:15:55.0224 2968 nvstor - ok
20:15:55.0255 2968 [ 4D9ABA962D7ECE81866F96D5F69FB2B8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
20:15:55.0271 2968 nvstor64 - ok
20:15:55.0286 2968 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:15:55.0286 2968 nv_agp - ok
20:15:55.0380 2968 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:15:55.0395 2968 odserv - ok
20:15:55.0442 2968 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:15:55.0442 2968 ohci1394 - ok
20:15:55.0489 2968 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:15:55.0505 2968 ose - ok
20:15:55.0536 2968 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:15:55.0551 2968 p2pimsvc - ok
20:15:55.0567 2968 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:15:55.0583 2968 p2psvc - ok
20:15:55.0598 2968 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:15:55.0614 2968 Parport - ok
20:15:55.0645 2968 Partizan - ok
20:15:55.0676 2968 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:15:55.0692 2968 partmgr - ok
20:15:55.0707 2968 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:15:55.0707 2968 PcaSvc - ok
20:15:55.0770 2968 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:15:55.0770 2968 pccsmcfd - ok
20:15:55.0770 2968 PCDSRVC{E20ED3E3-EFD35750-06000000}_0 - ok
20:15:55.0801 2968 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:15:55.0817 2968 pci - ok
20:15:55.0863 2968 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:15:55.0863 2968 pciide - ok
20:15:55.0879 2968 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:15:55.0895 2968 pcmcia - ok
20:15:55.0957 2968 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
20:15:55.0957 2968 pcouffin - ok
20:15:55.0973 2968 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:15:55.0973 2968 pcw - ok
20:15:56.0004 2968 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:15:56.0019 2968 PEAUTH - ok
20:15:56.0129 2968 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:15:56.0129 2968 PerfHost - ok
20:15:56.0222 2968 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:15:56.0269 2968 pla - ok
20:15:56.0316 2968 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:15:56.0331 2968 PlugPlay - ok
20:15:56.0363 2968 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:15:56.0363 2968 PNRPAutoReg - ok
20:15:56.0394 2968 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:15:56.0409 2968 PNRPsvc - ok
20:15:56.0441 2968 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:15:56.0456 2968 PolicyAgent - ok
20:15:56.0503 2968 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:15:56.0503 2968 Power - ok
20:15:56.0565 2968 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:15:56.0565 2968 PptpMiniport - ok
20:15:56.0581 2968 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:15:56.0597 2968 Processor - ok
20:15:56.0628 2968 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:15:56.0643 2968 ProfSvc - ok
20:15:56.0659 2968 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:15:56.0659 2968 ProtectedStorage - ok
20:15:56.0721 2968 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
20:15:56.0737 2968 ProtexisLicensing - ok
20:15:56.0784 2968 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:15:56.0784 2968 Psched - ok
20:15:56.0846 2968 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
20:15:56.0909 2968 PSI_SVC_2 - ok
20:15:56.0971 2968 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:15:57.0018 2968 ql2300 - ok
20:15:57.0049 2968 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:15:57.0049 2968 ql40xx - ok
20:15:57.0080 2968 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:15:57.0096 2968 QWAVE - ok
20:15:57.0111 2968 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:15:57.0111 2968 QWAVEdrv - ok
20:15:57.0143 2968 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:15:57.0143 2968 RasAcd - ok
20:15:57.0174 2968 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:15:57.0174 2968 RasAgileVpn - ok
20:15:57.0189 2968 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:15:57.0189 2968 RasAuto - ok
20:15:57.0205 2968 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:15:57.0221 2968 Rasl2tp - ok
20:15:57.0252 2968 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:15:57.0267 2968 RasMan - ok
20:15:57.0283 2968 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:15:57.0283 2968 RasPppoe - ok
20:15:57.0299 2968 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:15:57.0299 2968 RasSstp - ok
20:15:57.0314 2968 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:15:57.0314 2968 rdbss - ok
20:15:57.0330 2968 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:15:57.0330 2968 rdpbus - ok
20:15:57.0345 2968 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:15:57.0345 2968 RDPCDD - ok
20:15:57.0361 2968 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:15:57.0361 2968 RDPENCDD - ok
20:15:57.0377 2968 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:15:57.0377 2968 RDPREFMP - ok
20:15:57.0408 2968 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:15:57.0423 2968 RDPWD - ok
20:15:57.0470 2968 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:15:57.0470 2968 rdyboost - ok
20:15:57.0517 2968 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:15:57.0517 2968 RemoteAccess - ok
20:15:57.0533 2968 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:15:57.0548 2968 RemoteRegistry - ok
20:15:57.0579 2968 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:15:57.0579 2968 RpcEptMapper - ok
20:15:57.0595 2968 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:15:57.0595 2968 RpcLocator - ok
20:15:57.0626 2968 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
20:15:57.0626 2968 RpcSs - ok
20:15:57.0642 2968 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:15:57.0642 2968 rspndr - ok
20:15:57.0657 2968 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:15:57.0657 2968 SamSs - ok
20:15:57.0720 2968 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:15:57.0720 2968 SASDIFSV - ok
20:15:57.0735 2968 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:15:57.0735 2968 SASKUTIL - ok
20:15:57.0782 2968 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:15:57.0782 2968 sbp2port - ok
20:15:57.0798 2968 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:15:57.0813 2968 SCardSvr - ok
20:15:57.0845 2968 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:15:57.0845 2968 scfilter - ok
20:15:57.0876 2968 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:15:57.0891 2968 Schedule - ok
20:15:57.0923 2968 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:15:57.0923 2968 SCPolicySvc - ok
20:15:57.0954 2968 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:15:57.0969 2968 SDRSVC - ok
20:15:58.0032 2968 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:15:58.0047 2968 SeaPort - ok
20:15:58.0063 2968 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:15:58.0063 2968 secdrv - ok
20:15:58.0110 2968 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:15:58.0110 2968 seclogon - ok
20:15:58.0141 2968 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:15:58.0141 2968 SENS - ok
20:15:58.0157 2968 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:15:58.0157 2968 SensrSvc - ok
20:15:58.0172 2968 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:15:58.0172 2968 Serenum - ok
20:15:58.0203 2968 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:15:58.0203 2968 Serial - ok
20:15:58.0250 2968 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:15:58.0250 2968 sermouse - ok
20:15:58.0297 2968 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:15:58.0297 2968 SessionEnv - ok
20:15:58.0344 2968 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:15:58.0344 2968 sffdisk - ok
20:15:58.0359 2968 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:15:58.0359 2968 sffp_mmc - ok
20:15:58.0375 2968 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:15:58.0391 2968 sffp_sd - ok
20:15:58.0391 2968 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:15:58.0406 2968 sfloppy - ok
20:15:58.0437 2968 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:15:58.0437 2968 SharedAccess - ok
20:15:58.0469 2968 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:15:58.0469 2968 ShellHWDetection - ok
20:15:58.0484 2968 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:15:58.0484 2968 SiSRaid2 - ok
20:15:58.0515 2968 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:15:58.0515 2968 SiSRaid4 - ok
20:15:58.0547 2968 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:15:58.0547 2968 Smb - ok
20:15:58.0593 2968 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:15:58.0593 2968 SNMPTRAP - ok
20:15:58.0609 2968 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:15:58.0609 2968 spldr - ok
20:15:58.0640 2968 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:15:58.0640 2968 Spooler - ok
20:15:58.0765 2968 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:15:58.0859 2968 sppsvc - ok
20:15:58.0874 2968 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:15:58.0874 2968 sppuinotify - ok
20:15:58.0921 2968 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:15:58.0937 2968 srv - ok
20:15:58.0968 2968 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:15:58.0968 2968 srv2 - ok
20:15:58.0999 2968 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:15:58.0999 2968 srvnet - ok
20:15:59.0046 2968 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
20:15:59.0061 2968 sscdbus - ok
20:15:59.0108 2968 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:15:59.0108 2968 sscdmdfl - ok
20:15:59.0155 2968 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
20:15:59.0186 2968 sscdmdm - ok
20:15:59.0311 2968 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
20:15:59.0358 2968 sscdserd - ok
20:15:59.0420 2968 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:15:59.0436 2968 SSDPSRV - ok
20:15:59.0451 2968 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:15:59.0467 2968 SstpSvc - ok
20:15:59.0498 2968 StarOpen - ok
20:15:59.0514 2968 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:15:59.0529 2968 stexstor - ok
20:15:59.0576 2968 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:15:59.0607 2968 stisvc - ok
20:15:59.0654 2968 [ 6525EE4B66CD3BA7A7E8122900FF23F1 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
20:15:59.0670 2968 SWDUMon - ok
20:15:59.0717 2968 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:15:59.0717 2968 swenum - ok
20:15:59.0748 2968 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:15:59.0763 2968 swprv - ok
20:15:59.0841 2968 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:15:59.0919 2968 SysMain - ok
20:15:59.0966 2968 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:15:59.0966 2968 TabletInputService - ok
20:16:00.0013 2968 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:16:00.0029 2968 TapiSrv - ok
20:16:00.0044 2968 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:16:00.0044 2968 TBS - ok
20:16:00.0138 2968 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:16:00.0200 2968 Tcpip - ok
20:16:00.0247 2968 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:16:00.0278 2968 TCPIP6 - ok
20:16:00.0309 2968 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:16:00.0309 2968 tcpipreg - ok
20:16:00.0341 2968 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:16:00.0341 2968 TDPIPE - ok
20:16:00.0387 2968 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:16:00.0387 2968 TDTCP - ok
20:16:00.0450 2968 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:16:00.0450 2968 tdx - ok
20:16:00.0606 2968 [ 839E88DB24D2D8F05B72E12B175951CA ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
20:16:00.0621 2968 TeamViewer6 - ok
20:16:00.0668 2968 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:16:00.0668 2968 TermDD - ok
20:16:00.0715 2968 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:16:00.0746 2968 TermService - ok
20:16:00.0746 2968 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:16:00.0762 2968 Themes - ok
20:16:00.0777 2968 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:16:00.0777 2968 THREADORDER - ok
20:16:00.0793 2968 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:16:00.0809 2968 TrkWks - ok
20:16:00.0855 2968 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:16:00.0855 2968 TrustedInstaller - ok
20:16:00.0902 2968 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:16:00.0918 2968 tssecsrv - ok
20:16:00.0965 2968 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:16:00.0965 2968 TsUsbFlt - ok
20:16:00.0996 2968 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:16:00.0996 2968 tunnel - ok
20:16:01.0027 2968 [ 7F8AD76415FB7476096FEF6B92D428CA ] U6000ALL C:\Windows\system32\DRIVERS\dmdcap.sys
20:16:01.0043 2968 U6000ALL - ok
20:16:01.0074 2968 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:16:01.0074 2968 uagp35 - ok
20:16:01.0121 2968 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:16:01.0136 2968 udfs - ok
20:16:01.0167 2968 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:16:01.0167 2968 UI0Detect - ok
20:16:01.0183 2968 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:16:01.0183 2968 uliagpkx - ok
20:16:01.0245 2968 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:16:01.0245 2968 umbus - ok
20:16:01.0261 2968 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:16:01.0277 2968 UmPass - ok
20:16:01.0308 2968 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:16:01.0308 2968 upnphost - ok
20:16:01.0370 2968 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:16:01.0370 2968 usbaudio - ok
20:16:01.0417 2968 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:16:01.0417 2968 usbccgp - ok
20:16:01.0464 2968 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:16:01.0479 2968 usbcir - ok
20:16:01.0495 2968 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:16:01.0511 2968 usbehci - ok
20:16:01.0557 2968 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:16:01.0557 2968 usbhub - ok
20:16:01.0573 2968 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:16:01.0573 2968 usbohci - ok
20:16:01.0620 2968 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:16:01.0620 2968 usbprint - ok
20:16:01.0635 2968 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:16:01.0635 2968 usbscan - ok
20:16:01.0651 2968 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:16:01.0667 2968 USBSTOR - ok
20:16:01.0698 2968 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:16:01.0698 2968 usbuhci - ok
20:16:01.0713 2968 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:16:01.0729 2968 UxSms - ok
20:16:01.0745 2968 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:16:01.0745 2968 VaultSvc - ok
20:16:01.0791 2968 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:16:01.0791 2968 vdrvroot - ok
20:16:01.0854 2968 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:16:01.0869 2968 vds - ok
20:16:01.0885 2968 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:16:01.0901 2968 vga - ok
20:16:01.0901 2968 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:16:01.0901 2968 VgaSave - ok
20:16:01.0916 2968 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:16:01.0916 2968 vhdmp - ok
20:16:01.0947 2968 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:16:01.0947 2968 viaide - ok
20:16:01.0963 2968 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:16:01.0963 2968 volmgr - ok
20:16:02.0010 2968 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:16:02.0025 2968 volmgrx - ok
20:16:02.0041 2968 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:16:02.0057 2968 volsnap - ok
20:16:02.0088 2968 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:16:02.0088 2968 vsmraid - ok
20:16:02.0166 2968 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:16:02.0197 2968 VSS - ok
20:16:02.0213 2968 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:16:02.0228 2968 vwifibus - ok
20:16:02.0244 2968 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:16:02.0244 2968 vwififlt - ok
20:16:02.0275 2968 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:16:02.0291 2968 W32Time - ok
20:16:02.0384 2968 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
20:16:02.0400 2968 W3SVC - ok
20:16:02.0431 2968 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:16:02.0431 2968 WacomPen - ok
20:16:02.0447 2968 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:16:02.0447 2968 WANARP - ok
20:16:02.0462 2968 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:16:02.0462 2968 Wanarpv6 - ok
20:16:02.0493 2968 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
20:16:02.0493 2968 WAS - ok
20:16:02.0587 2968 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:16:02.0634 2968 WatAdminSvc - ok
20:16:02.0696 2968 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:16:02.0743 2968 wbengine - ok
20:16:02.0774 2968 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:16:02.0774 2968 WbioSrvc - ok
20:16:02.0821 2968 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:16:02.0837 2968 wcncsvc - ok
20:16:02.0852 2968 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:16:02.0852 2968 WcsPlugInService - ok
20:16:02.0868 2968 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:16:02.0868 2968 Wd - ok
20:16:02.0899 2968 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:16:02.0915 2968 Wdf01000 - ok
20:16:02.0930 2968 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:16:02.0930 2968 WdiServiceHost - ok
20:16:02.0946 2968 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:16:02.0946 2968 WdiSystemHost - ok
20:16:02.0961 2968 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:16:02.0961 2968 WebClient - ok
20:16:02.0977 2968 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:16:02.0977 2968 Wecsvc - ok
20:16:02.0977 2968 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:16:02.0993 2968 wercplsupport - ok
20:16:03.0008 2968 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:16:03.0008 2968 WerSvc - ok
20:16:03.0024 2968 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:16:03.0024 2968 WfpLwf - ok
20:16:03.0039 2968 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:16:03.0039 2968 WIMMount - ok
20:16:03.0055 2968 WinDefend - ok
20:16:03.0071 2968 WinHttpAutoProxySvc - ok
20:16:03.0117 2968 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:16:03.0117 2968 Winmgmt - ok
20:16:03.0211 2968 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:16:03.0289 2968 WinRM - ok
20:16:03.0336 2968 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:16:03.0383 2968 Wlansvc - ok
20:16:03.0523 2968 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:16:03.0539 2968 wlidsvc - ok
20:16:03.0585 2968 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:16:03.0585 2968 WmiAcpi - ok
20:16:03.0601 2968 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:16:03.0601 2968 wmiApSrv - ok
20:16:03.0617 2968 WMPNetworkSvc - ok
20:16:03.0632 2968 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:16:03.0632 2968 WPCSvc - ok
20:16:03.0679 2968 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:16:03.0695 2968 WPDBusEnum - ok
20:16:03.0726 2968 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:16:03.0726 2968 ws2ifsl - ok
20:16:03.0741 2968 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:16:03.0741 2968 wscsvc - ok
20:16:03.0757 2968 WSearch - ok
20:16:03.0851 2968 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:16:03.0944 2968 wuauserv - ok
20:16:03.0991 2968 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:16:03.0991 2968 WudfPf - ok
20:16:04.0022 2968 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:16:04.0022 2968 WUDFRd - ok
20:16:04.0069 2968 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:16:04.0085 2968 wudfsvc - ok
20:16:04.0100 2968 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:16:04.0116 2968 WwanSvc - ok
20:16:04.0241 2968 [ 74983ADDCA2D9618512C088D856D6615 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
20:16:04.0241 2968 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
20:16:04.0241 2968 ================ Scan global ===============================
20:16:04.0256 2968 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:16:04.0303 2968 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:16:04.0319 2968 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:16:04.0350 2968 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:16:04.0381 2968 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:16:04.0397 2968 [Global] - ok
20:16:04.0397 2968 ================ Scan MBR ==================================
20:16:04.0443 2968 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:16:04.0818 2968 \Device\Harddisk0\DR0 - ok
20:16:04.0818 2968 ================ Scan VBR ==================================
20:16:04.0833 2968 [ D633CE18DF757CD03911E6A5A17547BF ] \Device\Harddisk0\DR0\Partition1
20:16:04.0833 2968 \Device\Harddisk0\DR0\Partition1 - ok
20:16:04.0865 2968 [ 7BFF67D2C8BE459CBE03388ECC17953F ] \Device\Harddisk0\DR0\Partition2
20:16:04.0865 2968 \Device\Harddisk0\DR0\Partition2 - ok
20:16:04.0896 2968 [ 1E797B4E5BA48E4F829E17F8F240D0B5 ] \Device\Harddisk0\DR0\Partition3
20:16:04.0896 2968 \Device\Harddisk0\DR0\Partition3 - ok
20:16:04.0896 2968 ============================================================
20:16:04.0896 2968 Scan finished
20:16:04.0896 2968 ============================================================
20:16:04.0911 1696 Detected object count: 0
20:16:04.0911 1696 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 20:19:10
-----------------------------
20:19:10.043 OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:10.043 Number of processors: 4 586 0x402
20:19:10.043 ComputerName: OWNER-PC UserName: Owner
20:19:13.740 Initialize success
20:20:01.098 AVAST engine defs: 12090101
20:20:04.686 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
20:20:04.686 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
20:20:04.717 Disk 0 MBR read successfully
20:20:04.717 Disk 0 MBR scan
20:20:04.732 Disk 0 Windows 7 default MBR code
20:20:04.748 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:20:04.810 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 939463 MB offset 206848
20:20:04.857 Disk 0 Partition 3 00 0C FAT32 LBA NTFS 14304 MB offset 1924227072
20:20:04.998 Disk 0 scanning C:\Windows\system32\drivers
20:20:27.477 Service scanning
20:20:46.182 Service PCDSRVC{E20ED3E3-EFD35750-06000000}_0 E:\PC-Doctor for Win PE\pcdsrvc_x64.pkms **LOCKED** 21
20:20:59.816 Modules scanning
20:20:59.832 Disk 0 trace - called modules:
20:20:59.863 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
20:20:59.863 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076d6060]
20:20:59.878 3 CLASSPNP.SYS[fffff88000d6c43f] -> nt!IofCallDriver -> [0xfffffa800680a7a0]
20:20:59.878 5 ACPI.sys[fffff88000f627a1] -> nt!IofCallDriver -> \Device\00000065[0xfffffa800680a060]
20:21:03.888 AVAST engine scan C:\Windows
20:21:12.062 AVAST engine scan C:\Windows\system32
20:26:05.920 AVAST engine scan C:\Windows\system32\drivers
20:26:33.267 AVAST engine scan C:\Users\Owner
20:49:33.709 AVAST engine scan C:\ProgramData
20:55:39.499 Scan finished successfully
20:56:02.883 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\Computer Clean Up\Gringo\MBR.dat"
20:56:02.930 The log file has been saved successfully to "C:\Users\Owner\Desktop\Computer Clean Up\Gringo\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 01 September 2012 - 08:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 johnny6220

johnny6220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 01 September 2012 - 08:55 PM

Thanks again Gringo. Had no problems and the redirect virus seems to be gone. Computer also seems to be running faster.

Here's the combofix log


ComboFix 12-08-31.08 - Owner 09/01/2012 21:32:30.8.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5485 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 01:38 . 2012-09-02 01:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-02 01:38 . 2012-09-02 01:38 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-09-02 01:38 . 2012-09-02 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 00:15 . 2012-09-02 00:15 208216 ----a-w- c:\windows\system32\drivers\35757849.sys
2012-09-01 22:09 . 2012-09-01 22:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-09-01 21:20 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7080110-3D1E-4909-80BC-CB113F1F5A48}\mpengine.dll
2012-08-31 10:37 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 20:54 . 2012-08-30 20:54 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-30 20:53 . 2012-08-30 20:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-30 05:40 . 2012-08-30 05:40 -------- d-----w- c:\windows\Microsoft Antimalware
2012-08-29 12:41 . 2012-08-29 12:42 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2012-08-29 11:30 . 2012-08-29 11:30 -------- d-----w- c:\program files (x86)\SDHelper (Spybot - Search & Destroy)
2012-08-29 11:30 . 2012-08-29 11:30 -------- d-----w- c:\program files (x86)\TeaTimer (Spybot - Search & Destroy)
2012-08-29 11:30 . 2012-08-29 11:30 -------- d-----w- c:\program files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2012-08-29 11:30 . 2012-08-29 11:30 -------- d-----w- c:\program files (x86)\File Scanner Library (Spybot - Search & Destroy)
2012-08-29 11:29 . 2012-08-29 11:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Spybot - Search & Destroy
2012-08-29 03:46 . 2012-08-29 03:46 -------- d-----w- c:\users\Owner\AppData\Roaming\ParetoLogic
2012-08-29 03:46 . 2012-08-29 03:46 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2012-08-29 03:46 . 2012-08-29 03:51 -------- d-----w- c:\programdata\ParetoLogic
2012-08-29 03:08 . 2012-08-29 03:08 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-08-29 03:07 . 2012-08-29 03:07 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-08-29 02:59 . 2012-08-29 10:35 -------- d-----w- c:\programdata\RegRun
2012-08-29 02:59 . 2012-08-29 02:59 2 --shatr- c:\windows\winstart.bat
2012-08-29 02:58 . 2012-08-29 10:38 -------- d-----w- c:\program files (x86)\UnHackMe
2012-08-28 23:11 . 2012-08-28 23:11 -------- d-----w- c:\program files\HitmanPro
2012-08-28 23:11 . 2012-08-28 23:11 -------- d-----w- c:\programdata\HitmanPro
2012-08-27 21:32 . 2012-08-27 21:32 208216 ----a-w- c:\windows\system32\drivers\26083606.sys
2012-08-27 21:31 . 2012-08-27 21:31 208216 ----a-w- c:\windows\system32\drivers\99462440.sys
2012-08-27 19:53 . 2012-08-27 19:53 208216 ----a-w- c:\windows\system32\drivers\92245923.sys
2012-08-27 11:35 . 2012-08-27 11:35 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-08-27 11:35 . 2012-08-27 11:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-27 11:35 . 2012-08-27 11:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-27 02:38 . 2012-08-27 10:33 -------- d-----w- c:\programdata\MFAData
2012-08-27 02:38 . 2012-08-27 02:38 -------- d--h--w- c:\programdata\Common Files
2012-08-27 00:51 . 2012-08-27 00:51 208216 ----a-w- c:\windows\system32\drivers\70233688.sys
2012-08-27 00:48 . 2012-08-27 00:48 208216 ----a-w- c:\windows\system32\drivers\71763626.sys
2012-08-27 00:32 . 2012-08-27 00:32 208216 ----a-w- c:\windows\system32\drivers\71561722.sys
2012-08-26 23:30 . 2012-08-26 23:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-26 23:30 . 2012-08-26 23:30 289768 ----a-w- c:\windows\system32\javaws.exe
2012-08-26 23:30 . 2012-08-26 23:30 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-26 23:30 . 2012-08-26 23:30 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-26 23:30 . 2012-08-26 23:30 189416 ----a-w- c:\windows\system32\javaw.exe
2012-08-26 23:30 . 2012-08-26 23:30 188904 ----a-w- c:\windows\system32\java.exe
2012-08-26 23:30 . 2012-08-26 23:30 -------- d-----w- c:\program files\Java
2012-08-26 01:00 . 2012-08-26 01:00 208216 ----a-w- c:\windows\system32\drivers\86614342.sys
2012-08-25 17:42 . 2012-08-25 17:43 -------- d-----w- c:\windows\_ISTMP1.DIR
2012-08-23 01:04 . 2012-08-23 01:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-21 23:01 . 2012-08-21 23:01 208216 ----a-w- c:\windows\system32\drivers\14580364.sys
2012-08-20 21:14 . 2012-08-20 21:14 208216 ----a-w- c:\windows\system32\drivers\33644201.sys
2012-08-20 21:10 . 2012-08-20 21:10 208216 ----a-w- c:\windows\system32\drivers\49150897.sys
2012-08-19 14:42 . 2012-08-19 14:42 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-19 14:42 . 2012-08-19 14:42 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-19 13:59 . 2012-08-19 14:23 -------- d-----w- c:\program files (x86)\HJTHotkey
2012-08-19 12:54 . 2012-08-19 12:54 -------- d-----w- c:\users\Guest\AppData\Roaming\Motorola
2012-08-18 21:19 . 2012-08-18 21:19 208216 ----a-w- c:\windows\system32\drivers\37074312.sys
2012-08-18 21:05 . 2012-08-18 21:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-18 21:05 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 15:37 . 2012-08-17 15:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-08-17 15:37 . 2012-08-17 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-08-17 15:33 . 2012-08-17 15:35 -------- d-----w- c:\programdata\Yahoo!
2012-08-17 15:33 . 2012-08-18 20:22 -------- d-----w- c:\program files (x86)\Yahoo!
2012-08-17 12:28 . 2012-08-17 12:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-08-17 12:25 . 2012-06-22 19:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-17 12:25 . 2012-08-17 12:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-08-17 12:25 . 2012-08-17 12:39 -------- d-----w- c:\programdata\PC Tools
2012-08-17 12:25 . 2012-08-17 12:25 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-08-17 03:24 . 2012-08-17 11:38 -------- d-----w- c:\users\Owner\AppData\Local\Google
2012-08-16 19:40 . 2012-08-16 21:39 -------- d-----w- c:\programdata\PLAV
2012-08-16 19:37 . 2012-08-16 19:37 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-08-16 18:55 . 2012-08-16 18:55 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-16 18:03 . 2012-08-16 18:03 -------- d-----w- c:\users\Owner\AppData\Local\Diagnostics
2012-08-16 16:56 . 2012-08-16 16:56 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{028C3B8B-41AC-413E-BFEB-6DFA62BD2704}\gapaengine.dll
2012-08-16 16:56 . 2012-08-16 16:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-16 16:56 . 2012-08-16 16:56 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-16 12:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-16 12:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-16 12:59 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-16 12:59 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 12:59 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 12:59 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-16 12:59 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-16 12:58 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-16 12:58 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 12:58 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-16 12:58 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 12:58 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-16 11:44 . 2012-08-21 23:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-15 10:41 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 10:41 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 23:22 . 2011-04-28 11:54 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-09-01 21:58 . 2011-08-17 09:40 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-01 21:58 . 2011-08-17 09:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-27 21:14 . 2012-04-12 10:36 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 21:14 . 2011-06-02 20:10 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-25 18:55 . 2011-06-06 02:02 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-25 18:55 . 2011-06-06 02:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-23 01:04 . 2010-11-15 17:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-17 02:51 . 2010-10-23 00:04 6580 --sha-w- c:\programdata\KGyGaAvL.sys
2012-08-16 13:04 . 2010-10-20 17:03 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-29 20:17 . 2012-07-29 20:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-09 05:43 . 2012-07-11 10:38 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 10:38 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:38 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:38 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:38 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:38 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:38 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-05 07:37 . 2010-11-27 12:58 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-01_21.07.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-16 12:57 . 2012-09-01 20:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-08-16 12:57 . 2012-09-01 23:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2010-10-20 17:27 . 2012-09-02 01:41 66832 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-09-01 21:08 33988 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-02 01:41 33988 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-20 16:56 . 2012-09-02 01:41 21844 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3966490604-3525249063-2581321070-1000_UserData.bin
+ 2010-10-20 19:23 . 2012-09-01 21:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-20 19:23 . 2012-09-01 19:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-17 15:27 . 2012-09-01 19:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-17 15:27 . 2012-09-01 21:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-01 21:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-01 19:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-01 23:17 . 2012-09-01 23:17 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{2483A019-F48B-11E1-A5C0-00261806CE9F}.dat
+ 2012-09-01 18:29 . 2012-09-01 23:20 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{01395BFD-F463-11E1-9DC1-00261806CE9F}.dat
- 2012-09-01 18:29 . 2012-09-01 20:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{01395BFD-F463-11E1-9DC1-00261806CE9F}.dat
+ 2012-09-01 23:20 . 2012-09-01 23:20 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{8F244D50-F48B-11E1-A5C0-00261806CE9F}.dat
+ 2012-09-01 23:17 . 2012-09-01 23:17 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{2483A01A-F48B-11E1-A5C0-00261806CE9F}.dat
+ 2012-09-01 21:46 . 2012-09-01 21:47 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8B5C677B-F47E-11E1-A5C0-00261806CE9F}.dat
+ 2012-09-01 21:47 . 2012-09-01 21:47 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{933C847B-F47E-11E1-A5C0-00261806CE9F}.dat
+ 2012-09-01 21:47 . 2012-09-01 21:47 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{933C8479-F47E-11E1-A5C0-00261806CE9F}.dat
+ 2012-09-01 21:47 . 2012-09-01 21:47 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B5C6780-F47E-11E1-A5C0-00261806CE9F}.dat
+ 2012-09-01 21:47 . 2012-09-01 21:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B5C677F-F47E-11E1-A5C0-00261806CE9F}.dat
+ 2012-09-01 21:47 . 2012-09-01 21:47 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B5C677D-F47E-11E1-A5C0-00261806CE9F}.dat
- 2012-09-01 21:06 . 2012-09-01 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-02 01:39 . 2012-09-02 01:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-02 01:39 . 2012-09-02 01:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-01 21:06 . 2012-09-01 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-16 13:02 . 2012-09-01 20:48 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-16 13:02 . 2012-09-01 22:31 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-09-01 20:49 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-01 23:19 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-01 04:00 . 2012-09-01 23:19 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012090120120902\index.dat
- 2009-07-14 05:01 . 2012-09-01 21:05 449196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-02 01:38 449196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-16 13:01 . 2012-09-01 23:19 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2012-08-17 15:37 . 2012-09-01 20:49 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-17 15:37 . 2012-09-01 23:19 2850816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-23 18:39 . 2012-09-02 01:38 7474380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3966490604-3525249063-2581321070-1000-12288.dat
- 2010-10-23 18:39 . 2012-09-01 20:41 7474380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3966490604-3525249063-2581321070-1000-12288.dat
+ 2012-08-16 11:05 . 2012-09-01 23:21 6831340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-08-16 11:05 . 2012-09-01 21:05 6831340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-09-01 23:19 13533184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-01 20:49 13533184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-22 03:45 . 2012-09-02 01:38 19078372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3966490604-3525249063-2581321070-1000-8192.dat
- 2010-10-22 03:45 . 2012-09-01 21:05 19078372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3966490604-3525249063-2581321070-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Family Tree Builder Update"="c:\myheritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-25 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PCDSRVC{E20ED3E3-EFD35750-06000000}_0;PCDSRVC{E20ED3E3-EFD35750-06000000}_0 - PCDR Kernel Mode Service Helper Driver;e:\pc-doctor for win pe\pcdsrvc_x64.pkms [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-04-19 15672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\DRIVERS\dmdcap.sys [2007-06-08 276480]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-20 1255736]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-10-07 24560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/10/22 00:26];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 20:59 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-01 203776]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-01 9320448]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-01 306688]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-01-26 82816]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 16:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:14]
.
2012-09-02 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]
.
2012-09-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3966490604-3525249063-2581321070-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-08-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3966490604-3525249063-2581321070-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-02-18 82432]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;<local>
Trusted Zone: 164.109.25.72
Trusted Zone: 207.130.86.35
Trusted Zone: acura.com
Trusted Zone: acuraclientpurchaseexperience.com
Trusted Zone: acurainfo.programhq.com
Trusted Zone: acuraspinplay.programhq.com
Trusted Zone: ahm-ownerlink.com
Trusted Zone: ahmdealer.com
Trusted Zone: floridakeyswebcams.tv\www
Trusted Zone: honda.com
Trusted Zone: honda.com\www.in
Trusted Zone: honda.vo.llnwd.net
Trusted Zone: hondaadcmd.com
Trusted Zone: hondacars.com
Trusted Zone: hondainfo.programhq.com
Trusted Zone: hondamap.com
Trusted Zone: hondaprofessional.com
Trusted Zone: hondaspinplay.programhq.com
Trusted Zone: hondasso.com
Trusted Zone: jdpa.com
Trusted Zone: jdpower.com
Trusted Zone: mylcchonda.com
Trusted Zone: pcsc.acurasrs.com
Trusted Zone: prospectingacurasrs.com
Trusted Zone: travelhq.com
Trusted Zone: xmradio.com
TCP: DhcpNameServer = 192.168.2.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{E20ED3E3-EFD35750-06000000}_0]
"ImagePath"="\??\e:\pc-doctor for win pe\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:68,4c,0c,ce,0f,83,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,8a,e0,45,5b,99,e7,40,85,20,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,8a,e0,45,5b,99,e7,40,85,20,b9,\
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\CyberLink\Common\claud\yberLink\PowerDirector\P* \PDR8]
"AuDsInterface"=dword:00000008
"AuHDMIMode"=dword:00000000
"AuDsDnmx"=dword:00000008
"AuDsDualMono"=dword:00000000
"AuDsDHMode"=dword:00000002
"AuDsDVSMode"=dword:00000005
"AuDsCLHMode"=dword:00000002
"AuDsCLVSMode"=dword:00000002
"AuDsTSOn"=dword:00000001
"AuDsFocusOn"=dword:00000001
"AuDsTBOn"=dword:00000001
"AuDsFocusLevel"=dword:00000005
"AuDsTBLevel"=dword:00000008
"AuDsSpkSize"=dword:00000001
"AuDsDTSS2SpeakWidth"=dword:0000000a
"AuDsDTSS2DialGain"=dword:00000000
"AuDsDTSS2BassRGain"=dword:00000000
"AuDsChanExpand"=dword:00000004
"AuDsPL2Mode"=dword:00000003
"AuDsPL2XPanorama"=dword:00000000
"AuDsPL2XCntrWidth"=dword:00000003
"AuDsMEIMode"=dword:00000014
"AuDsMEIVolFront"=dword:0000001e
"AuDsMEIVolRear"=dword:0000001e
"AuDsMEIVolCenter"=dword:0000001e
"AuDsMEIVolLFE"=dword:0000001e
"AuDsNeo6Mode"=dword:00000000
"AU_DRC_MODE"=dword:00000002
"LFEON"=dword:00000001
"AuDsCntrMix"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\CyberLink\Common\claud\yberLink\PowerDirector\P* *u**x**\PDR8]
"AuDsInterface"=dword:00000008
"AuHDMIMode"=dword:00000000
"AuDsDnmx"=dword:00000008
"AuDsDualMono"=dword:00000000
"AuDsDHMode"=dword:00000002
"AuDsDVSMode"=dword:00000005
"AuDsCLHMode"=dword:00000002
"AuDsCLVSMode"=dword:00000002
"AuDsTSOn"=dword:00000001
"AuDsFocusOn"=dword:00000001
"AuDsTBOn"=dword:00000001
"AuDsFocusLevel"=dword:00000005
"AuDsTBLevel"=dword:00000008
"AuDsSpkSize"=dword:00000001
"AuDsDTSS2SpeakWidth"=dword:0000000a
"AuDsDTSS2DialGain"=dword:00000000
"AuDsDTSS2BassRGain"=dword:00000000
"AuDsChanExpand"=dword:00000004
"AuDsPL2Mode"=dword:00000003
"AuDsPL2XPanorama"=dword:00000000
"AuDsPL2XCntrWidth"=dword:00000003
"AuDsMEIMode"=dword:00000014
"AuDsMEIVolFront"=dword:0000001e
"AuDsMEIVolRear"=dword:0000001e
"AuDsMEIVolCenter"=dword:0000001e
"AuDsMEIVolLFE"=dword:0000001e
"AuDsNeo6Mode"=dword:00000000
"AU_DRC_MODE"=dword:00000002
"LFEON"=dword:00000001
"AuDsCntrMix"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\CyberLink\Common\claud\yberLink\PowerDirector\P* **\PDR8]
"AuDsInterface"=dword:00000008
"AuHDMIMode"=dword:00000000
"AuDsDnmx"=dword:00000008
"AuDsDualMono"=dword:00000000
"AuDsDHMode"=dword:00000002
"AuDsDVSMode"=dword:00000005
"AuDsCLHMode"=dword:00000002
"AuDsCLVSMode"=dword:00000002
"AuDsTSOn"=dword:00000001
"AuDsFocusOn"=dword:00000001
"AuDsTBOn"=dword:00000001
"AuDsFocusLevel"=dword:00000005
"AuDsTBLevel"=dword:00000008
"AuDsSpkSize"=dword:00000001
"AuDsDTSS2SpeakWidth"=dword:0000000a
"AuDsDTSS2DialGain"=dword:00000000
"AuDsDTSS2BassRGain"=dword:00000000
"AuDsChanExpand"=dword:00000004
"AuDsPL2Mode"=dword:00000003
"AuDsPL2XPanorama"=dword:00000000
"AuDsPL2XCntrWidth"=dword:00000003
"AuDsMEIMode"=dword:00000014
"AuDsMEIVolFront"=dword:0000001e
"AuDsMEIVolRear"=dword:0000001e
"AuDsMEIVolCenter"=dword:0000001e
"AuDsMEIVolLFE"=dword:0000001e
"AuDsNeo6Mode"=dword:00000000
"AU_DRC_MODE"=dword:00000002
"LFEON"=dword:00000001
"AuDsCntrMix"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\CyberLink\Common\claud\yberLink\PowerDirector\P* \PDR8]
"AuDsInterface"=dword:00000008
"AuHDMIMode"=dword:00000000
"AuDsDnmx"=dword:00000008
"AuDsDualMono"=dword:00000000
"AuDsDHMode"=dword:00000002
"AuDsDVSMode"=dword:00000005
"AuDsCLHMode"=dword:00000002
"AuDsCLVSMode"=dword:00000002
"AuDsTSOn"=dword:00000001
"AuDsFocusOn"=dword:00000001
"AuDsTBOn"=dword:00000001
"AuDsFocusLevel"=dword:00000005
"AuDsTBLevel"=dword:00000008
"AuDsSpkSize"=dword:00000001
"AuDsDTSS2SpeakWidth"=dword:0000000a
"AuDsDTSS2DialGain"=dword:00000000
"AuDsDTSS2BassRGain"=dword:00000000
"AuDsChanExpand"=dword:00000004
"AuDsPL2Mode"=dword:00000003
"AuDsPL2XPanorama"=dword:00000000
"AuDsPL2XCntrWidth"=dword:00000003
"AuDsMEIMode"=dword:00000014
"AuDsMEIVolFront"=dword:0000001e
"AuDsMEIVolRear"=dword:0000001e
"AuDsMEIVolCenter"=dword:0000001e
"AuDsMEIVolLFE"=dword:0000001e
"AuDsNeo6Mode"=dword:00000000
"AU_DRC_MODE"=dword:00000002
"LFEON"=dword:00000001
"AuDsCntrMix"=dword:00000000
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3966490604-3525249063-2581321070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-09-01 21:47:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 01:47
ComboFix2.txt 2012-09-01 21:15
ComboFix3.txt 2012-08-28 20:27
ComboFix4.txt 2012-08-25 20:49
ComboFix5.txt 2012-09-02 01:29
.
Pre-Run: 569,495,666,688 bytes free
Post-Run: 569,342,971,904 bytes free
.
- - End Of File - - A0554883F81DE88841B0FCC46B042C0D

#12 johnny6220

johnny6220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 01 September 2012 - 09:44 PM

Gringo, I'll catch you tomorrow. Let me know what you want me to do next and I'll post what ever you need tomorrow

Thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 01 September 2012 - 10:21 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 johnny6220

johnny6220
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 02 September 2012 - 05:05 AM

Gringo,

All programs worked with no problems. Malwarebytes did not have a "Show Results" tab, but I did save both logs. Tried both IE browsers and had no "redirection of web pages when searched with Google". Should I allow "Java Add On" ???


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

9/2/2012 5:48:40 AM
mbam-log-2012-09-02 (05-48-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240900
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:56:11 AM, on 9/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\HP Photo Creations\MessageCheck.exe
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: UBNet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UBNet\UBNet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UBNet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UBNet\UBNet.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.164.109.25.72
O15 - Trusted Zone: *.207.130.86.35
O15 - Trusted Zone: *.acura.com
O15 - Trusted Zone: *.acuraclientpurchaseexperience.com
O15 - Trusted Zone: *.acurainfo.programhq.com
O15 - Trusted Zone: *.acuraspinplay.programhq.com
O15 - Trusted Zone: *.ahm-ownerlink.com
O15 - Trusted Zone: *.ahmdealer.com
O15 - Trusted Zone: http://www.floridakeyswebcams.tv
O15 - Trusted Zone: *.honda.com
O15 - Trusted Zone: *.honda.vo.llnwd.net
O15 - Trusted Zone: *.hondaadcmd.com
O15 - Trusted Zone: *.hondacars.com
O15 - Trusted Zone: *.hondainfo.programhq.com
O15 - Trusted Zone: *.hondamap.com
O15 - Trusted Zone: *.hondaprofessional.com
O15 - Trusted Zone: *.hondaspinplay.programhq.com
O15 - Trusted Zone: *.hondasso.com
O15 - Trusted Zone: *.jdpa.com
O15 - Trusted Zone: *.jdpower.com
O15 - Trusted Zone: *.mylcchonda.com
O15 - Trusted Zone: *.pcsc.acurasrs.com
O15 - Trusted Zone: *.prospectingacurasrs.com
O15 - Trusted Zone: *.travelhq.com
O15 - Trusted Zone: *.xmradio.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.in.honda.com/Rraaapps/RRAAsec/Codebase/RRAAINAX/RYXAINAX_LandscapePrintingActiveX.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11675 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 PM

Posted 02 September 2012 - 10:14 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users