Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer is Infected with Zero-Access - Anti-Virus can't delete


  • This topic is locked This topic is locked
22 replies to this topic

#1 Ifiok Jr.

Ifiok Jr.

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 September 2012 - 07:18 AM

I'm not sure how to remove this Zero Access Virus. It appeared after downloading an infected copy of Freerecorder 6 and even after uninstalling I can't seem to shake it from the system.

Really appreciate your help! :thumbsup:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Ifiok Jr at 10:52:53 on 2012-09-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.911 [GMT 1:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
c:\xampp\apache\bin\httpd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\ProgramData\msnmsgre48.exe
C:\Users\Ifiok Jr\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Users\Ifiok Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iner.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Ifiok Jr\AppData\Local\Temp\AppLaunch\AppLaunch.exe
C:\xampp\apache\bin\httpd.exe
c:\xampp\mysql\bin\mysqld.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ifiok Jr\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uSearch Page =
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120909021102.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [Google Update] "C:\Users\Ifiok Jr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [nmshs] rundll32.exe "C:\Users\Ifiok Jr\AppData\Roaming\nmshs.dll",FIsSpaceW
uRun: [userad] "C:\Windows\System32\rundll32.exe" "C:\Users\Ifiok Jr\AppData\Roaming\userad.dll",Member_Set
uRun: [msnmsgre] "C:\ProgramData\msnmsgre48.exe"
uRunOnce: [Uninstall C:\Users\Ifiok Jr\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ifiok Jr\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\IFIOKJ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ifiok Jr\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\IFIOKJ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\IFIOKJ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
StartupFolder: C:\Users\Ifiok Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iner.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{99C072BF-B08B-49A2-8CA0-7B4E8727891A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{99C072BF-B08B-49A2-8CA0-7B4E8727891A}\078696C6960737 : DhcpNameServer = 192.168.1.2
TCP: Interfaces\{99C072BF-B08B-49A2-8CA0-7B4E8727891A}\442716974556B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99C072BF-B08B-49A2-8CA0-7B4E8727891A}\4505D2C494E4B4F5437303734454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99C072BF-B08B-49A2-8CA0-7B4E8727891A}\4505D2C494E4B4F5549333532443 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99C072BF-B08B-49A2-8CA0-7B4E8727891A}\4514C4B44514C4B4D2033303732483 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{99C072BF-B08B-49A2-8CA0-7B4E8727891A}\54D607962756F46674F646 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120909021102.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 184.175.106.54 www.meugh.co.uk
Hosts: 184.175.106.160 www.kickjump.org
Hosts: 184.175.106.161 www.streamcoventry.com
Hosts: 184.175.106.161 streamcoventry.com
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-5-18 14904]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
.
=============== Created Last 30 ================
.
2012-09-09 18:59:03 668160 ----a-w- C:\Users\Ifiok Jr\AppData\Roaming\03994.exe
2012-09-09 18:58:47 668160 ----a-w- C:\Users\Ifiok Jr\AppData\Roaming\81747.exe
2012-09-09 01:11:27 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-09-09 01:11:01 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-09-09 01:11:00 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-09-09 01:10:53 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-09-09 01:10:53 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-09-09 01:10:53 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-09-09 01:10:53 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-09-09 01:10:53 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-09-09 01:10:44 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-09-09 01:10:43 -------- d-----w- C:\Program Files\McAfee.com
2012-09-09 01:10:42 -------- d-----w- C:\Program Files\McAfee
2012-09-09 01:10:37 -------- d-----w- C:\Program Files (x86)\McAfee
2012-09-09 00:26:45 177144 ----a-w- C:\Windows\System32\mfevtps.exe
2012-09-07 17:25:44 668160 ----a-w- C:\Users\Ifiok Jr\AppData\Roaming\61288.exe
2012-09-07 17:25:38 668160 ----a-w- C:\Users\Ifiok Jr\AppData\Roaming\13373.exe
2012-09-07 17:25:20 668160 ----a-w- C:\Users\Ifiok Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iner.exe
2012-09-07 17:25:15 668160 ----a-w- C:\Users\Ifiok Jr\AppData\Roaming\03516.exe
2012-09-07 17:05:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-07 16:59:49 54272 --sh--r- C:\ProgramData\msnmsgre48.exe
2012-09-07 16:59:08 -------- d-sh--w- C:\Users\Ifiok Jr\AppData\Roaming\msnmsgr
2012-09-07 14:46:57 -------- d-----w- C:\Users\Ifiok Jr\AppData\Local\{A4D5EDEE-F8FA-11E1-8270-B8AC6F996F26}
2012-09-07 14:46:53 678400 ----a-w- C:\Users\Ifiok Jr\AppData\Roaming\userad.dll
2012-09-07 14:46:04 168960 ----a-w- C:\Users\Ifiok Jr\AppData\Roaming\nmshs.dll
2012-08-31 13:47:57 -------- d-----w- C:\Users\Ifiok Jr\AppData\Local\Freecorder 6 Video
2012-08-31 13:45:16 -------- d-----w- C:\Users\Ifiok Jr\AppData\Roaming\Freecorder 6 Video
2012-08-31 13:45:10 -------- d-----w- C:\Users\Ifiok Jr\AppData\Local\Jaksta_Technologies_Pty_L
2012-08-31 12:29:29 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-08-31 12:29:26 -------- d-----r- C:\Users\Ifiok Jr\SkyDrive
2012-08-31 12:28:52 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-08-31 09:14:31 -------- d-----w- C:\Users\Ifiok Jr\kickjumpmerchandise
2012-08-27 02:33:59 -------- d-----w- C:\Users\Ifiok Jr\AppData\Roaming\Applian FLV and Media Player
2012-08-26 09:00:34 -------- d-----w- C:\Program Files (x86)\Applian Technologies
2012-08-26 08:58:08 -------- d-----w- C:\ProgramData\Tarma Installer
2012-08-21 20:35:00 -------- d-----w- C:\Python25
2012-08-17 15:07:03 -------- d-----w- C:\Program Files (x86)\Evernote
2012-08-16 06:28:45 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-15 17:10:10 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 17:10:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 17:10:03 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 17:10:02 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 17:10:02 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 17:10:02 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 17:09:04 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 17:09:04 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 17:09:04 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 17:09:00 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 17:08:57 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-13 12:35:32 5115584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-08-15 16:01:47 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 16:01:47 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 15:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-22 06:38:16 335784 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-06-22 06:36:12 752672 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-06-22 06:34:00 169320 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
.
============= FINISH: 10:56:01.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 11 September 2012 - 07:47 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ifiok Jr.

Ifiok Jr.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 September 2012 - 10:32 AM

Wow, thanks for the awesomely quick reply!

I've run Combofix - and I think it uninstalled every program on my system :whistle: - so no Chrome, IE, Firefox. I'm now posting from another computer to hand you the log information.

Also although I could disable the antivirus and spyware, I wasn't able to disable the firewall. It kept defaulting to ON even after switched off. I ran ComboFlix regardless.

Oh and the computer is running really quickly at least for now, but I won't be able to check anything really until I've reinstalled the lost programs.
------

ComboFix 12-09-11.01 - Ifiok Jr 11/09/2012 14:31:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1066 [GMT 1:00]
Running from: c:\users\Ifiok Jr\Downloads\ComboFix.exe
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$88a696b1bc9927c8b7d67b8478cd2dcf\@
c:\$recycle.bin\S-1-5-18\$88a696b1bc9927c8b7d67b8478cd2dcf\n
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\FullRemove.exe
c:\programdata\msnmsgre48.exe
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\_ctypes.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\_elementtree.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\_hashlib.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\_socket.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\_ssl.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\pyexpat.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\pysqlite2._sqlite.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\python26.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\pythoncom26.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\PyWinTypes26.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\select.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\unicodedata.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\win32api.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\win32com.shell.shell.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\win32crypt.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\win32event.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\win32file.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\win32inet.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\win32pdh.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\win32process.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\windows._cacheinvalidation.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wx._controls_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wx._core_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wx._gdi_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wx._html2.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wx._misc_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wx._windows_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wx._wizard.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wxbase293u_net_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wxbase293u_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wxmsw293u_adv_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wxmsw293u_core_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wxmsw293u_html_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI22722\wxmsw293u_webview_vc.dll
c:\users\Ifiok Jr\AppData\Roaming\03516.exe
c:\users\Ifiok Jr\AppData\Roaming\03994.exe
c:\users\Ifiok Jr\AppData\Roaming\13373.exe
c:\users\Ifiok Jr\AppData\Roaming\61288.exe
c:\users\Ifiok Jr\AppData\Roaming\81747.exe
c:\users\Ifiok Jr\AppData\Roaming\msnmsgr
c:\users\Ifiok Jr\AppData\Roaming\nmshs.dll
c:\users\Ifiok Jr\AppData\Roaming\userad.dll
c:\users\Ifiok Jr\Documents\CyberLink.1129b_GM3_Trial_VDE111213-02.tmp
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\_ctypes.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\_elementtree.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\_hashlib.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\_socket.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\_ssl.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\pyexpat.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\pysqlite2._sqlite.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\python26.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\pythoncom26.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\PyWinTypes26.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\select.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\unicodedata.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\win32api.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\win32com.shell.shell.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\win32crypt.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\win32event.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\win32file.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\win32inet.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\win32pdh.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\win32process.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\windows._cacheinvalidation.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wx._controls_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wx._core_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wx._gdi_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wx._html2.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wx._misc_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wx._windows_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wx._wizard.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wxbase293u_net_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wxbase293u_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wxmsw293u_adv_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wxmsw293u_core_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wxmsw293u_html_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI22722\wxmsw293u_webview_vc.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))))
.
.
2012-09-09 01:11 . 2012-02-22 12:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-09-09 01:11 . 2012-09-09 01:11 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-09-09 01:10 . 2012-02-22 12:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-09-09 01:10 . 2012-02-22 12:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-09-09 01:10 . 2012-02-22 12:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-09-09 01:10 . 2012-02-22 12:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-09-09 01:10 . 2012-02-22 12:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-09-09 01:10 . 2012-09-09 01:11 -------- d-----w- c:\program files\Common Files\McAfee
2012-09-09 01:10 . 2012-09-09 01:12 -------- d-----w- c:\program files\McAfee
2012-09-09 01:10 . 2012-09-09 17:51 -------- d-----w- c:\program files (x86)\McAfee
2012-09-09 00:26 . 2012-06-22 06:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-07 17:25 . 2012-09-07 17:25 668160 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iner.exe
2012-09-07 17:05 . 2012-09-07 17:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-07 14:46 . 2012-09-07 14:46 -------- d-----w- c:\users\Ifiok Jr\AppData\Local\{A4D5EDEE-F8FA-11E1-8270-B8AC6F996F26}
2012-08-31 13:47 . 2012-08-31 13:47 -------- d-----w- c:\users\Ifiok Jr\AppData\Local\Freecorder 6 Video
2012-08-31 13:45 . 2012-08-31 13:45 -------- d-----w- c:\users\Ifiok Jr\AppData\Roaming\Freecorder 6 Video
2012-08-31 13:45 . 2012-09-08 11:18 -------- d-----w- c:\users\Ifiok Jr\AppData\Local\Jaksta_Technologies_Pty_L
2012-08-31 12:29 . 2012-08-31 12:29 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-08-31 12:29 . 2012-09-08 21:53 -------- d-----r- c:\users\Ifiok Jr\SkyDrive
2012-08-31 12:28 . 2012-08-31 12:28 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-08-31 09:14 . 2012-08-31 09:15 -------- d-----w- c:\users\Ifiok Jr\kickjumpmerchandise
2012-08-27 02:33 . 2012-09-09 03:17 -------- d-----w- c:\users\Ifiok Jr\AppData\Roaming\Applian FLV and Media Player
2012-08-26 09:00 . 2012-08-27 02:29 -------- d-----w- c:\program files (x86)\Applian Technologies
2012-08-26 08:58 . 2012-08-28 15:51 -------- d-----w- c:\programdata\Tarma Installer
2012-08-21 20:35 . 2012-08-21 20:36 -------- d-----w- C:\Python25
2012-08-17 15:07 . 2012-08-17 15:07 -------- d-----w- c:\program files (x86)\Evernote
2012-08-16 06:28 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 17:10 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 17:10 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 17:10 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 17:10 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 17:10 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 17:10 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 17:09 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 17:09 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 17:09 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 17:09 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 17:09 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 17:08 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 12:35 . 2012-08-13 12:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 02:17 . 2012-01-31 09:24 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 16:01 . 2012-04-26 18:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 16:01 . 2011-12-06 04:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-22 06:38 . 2012-06-22 06:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-22 06:36 . 2010-05-18 16:53 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-22 06:34 . 2012-06-22 06:34 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2010-01-05 170624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"O2DA"="c:\program files (x86)\O2 Assistant\bin\sprtcmd.exe" [2010-02-05 206120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
.
c:\users\Ifiok Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2012-8-14 391520]
iner.exe [2012-9-7 668160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files (x86)\O2 Assistant\bin\sprtsvc.exe [2010-02-05 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files (x86)\O2 Assistant\bin\tgsrvc.exe [2010-02-05 185640]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 246224]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-13 144896]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CFWIDS
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 16:01]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 16:26]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 16:26]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603772896-3166256720-2809648617-1000Core.job
- c:\users\Ifiok Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 19:36]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603772896-3166256720-2809648617-1000UA.job
- c:\users\Ifiok Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 410136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-nmshs - c:\users\Ifiok Jr\AppData\Roaming\nmshs.dll
Wow6432Node-HKCU-Run-userad - c:\users\Ifiok Jr\AppData\Roaming\userad.dll
Wow6432Node-HKCU-Run-msnmsgre - c:\programdata\msnmsgre48.exe
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
Toolbar-Locked - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Asus_ULSeries_ScreenSaver - c:\windows\system32\Asus_ULSeries_ScreenSaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\windows\SysWOW64\rundll32.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2012-09-11 16:14:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-11 15:14
.
Pre-Run: 13,692,067,840 bytes free
Post-Run: 14,405,156,864 bytes free
.
- - End Of File - - 0EE457A7258184504C8E8800B1F9A19A

Edited by Ifiok Jr., 11 September 2012 - 10:35 AM.


#4 Ifiok Jr.

Ifiok Jr.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 September 2012 - 10:37 AM

Also this error keeps popping up for every program/folder/icon that I trey to open [excluding anti-virus software].

"Illegal operation attempted on a registry key that has been marked for deletion."

I'm assuming that's normal! :P

[EDIT]
Okay just read through your original post and am restarting the computer.
...AND....
YEP Everything is loading again!

My bad! :thumbsup:

Edited by Ifiok Jr., 11 September 2012 - 10:49 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 11 September 2012 - 12:28 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Ifiok Jr.

Ifiok Jr.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 September 2012 - 12:43 PM

From TDSSKILLER - Nothing Found, will post the other in a minute.


18:41:52.0223 6604 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:41:54.0228 6604 ============================================================
18:41:54.0228 6604 Current date / time: 2012/09/11 18:41:54.0228
18:41:54.0228 6604 SystemInfo:
18:41:54.0228 6604
18:41:54.0228 6604 OS Version: 6.1.7601 ServicePack: 1.0
18:41:54.0228 6604 Product type: Workstation
18:41:54.0229 6604 ComputerName: IFIOKJR-PC
18:41:54.0229 6604 UserName: Ifiok Jr
18:41:54.0229 6604 Windows directory: C:\Windows
18:41:54.0229 6604 System windows directory: C:\Windows
18:41:54.0229 6604 Running under WOW64
18:41:54.0229 6604 Processor architecture: Intel x64
18:41:54.0230 6604 Number of processors: 2
18:41:54.0230 6604 Page size: 0x1000
18:41:54.0230 6604 Boot type: Normal boot
18:41:54.0230 6604 ============================================================
18:41:55.0166 6604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:41:55.0177 6604 ============================================================
18:41:55.0177 6604 \Device\Harddisk0\DR0:
18:41:55.0177 6604 MBR partitions:
18:41:55.0177 6604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21333B7, BlocksNum 0x950A600
18:41:55.0189 6604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB63D9F6, BlocksNum 0x19DEFCCB
18:41:55.0189 6604 ============================================================
18:41:55.0229 6604 C: <-> \Device\Harddisk0\DR0\Partition1
18:41:55.0258 6604 D: <-> \Device\Harddisk0\DR0\Partition2
18:41:55.0258 6604 ============================================================
18:41:55.0259 6604 Initialize success
18:41:55.0259 6604 ============================================================
18:42:02.0221 6428 ============================================================
18:42:02.0221 6428 Scan started
18:42:02.0221 6428 Mode: Manual;
18:42:02.0221 6428 ============================================================
18:42:02.0757 6428 ================ Scan system memory ========================
18:42:02.0757 6428 System memory - ok
18:42:02.0758 6428 ================ Scan services =============================
18:42:02.0944 6428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:42:02.0950 6428 1394ohci - ok
18:42:03.0029 6428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:42:03.0035 6428 ACPI - ok
18:42:03.0089 6428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:42:03.0091 6428 AcpiPmi - ok
18:42:03.0224 6428 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:42:03.0228 6428 AdobeFlashPlayerUpdateSvc - ok
18:42:03.0306 6428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:42:03.0314 6428 adp94xx - ok
18:42:03.0338 6428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:42:03.0344 6428 adpahci - ok
18:42:03.0376 6428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:42:03.0380 6428 adpu320 - ok
18:42:03.0418 6428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:42:03.0420 6428 AeLookupSvc - ok
18:42:03.0459 6428 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe
18:42:03.0546 6428 AFBAgent - ok
18:42:03.0604 6428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:42:03.0611 6428 AFD - ok
18:42:03.0661 6428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:42:03.0664 6428 agp440 - ok
18:42:03.0707 6428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:42:03.0715 6428 ALG - ok
18:42:03.0771 6428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:42:03.0778 6428 aliide - ok
18:42:03.0816 6428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:42:03.0819 6428 amdide - ok
18:42:03.0860 6428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:42:03.0862 6428 AmdK8 - ok
18:42:03.0871 6428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:42:03.0873 6428 AmdPPM - ok
18:42:03.0929 6428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:42:03.0932 6428 amdsata - ok
18:42:03.0973 6428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:42:03.0977 6428 amdsbs - ok
18:42:04.0001 6428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:42:04.0004 6428 amdxata - ok
18:42:04.0061 6428 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
18:42:04.0063 6428 AmUStor - ok
18:42:04.0109 6428 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
18:42:04.0111 6428 androidusb - ok
18:42:04.0231 6428 [ F41E453A90EF19217CEE1675F5256EE7 ] Apache2.2 c:\xampp\apache\bin\httpd.exe
18:42:04.0234 6428 Apache2.2 - ok
18:42:04.0301 6428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:42:04.0303 6428 AppID - ok
18:42:04.0355 6428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:42:04.0361 6428 AppIDSvc - ok
18:42:04.0414 6428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:42:04.0416 6428 Appinfo - ok
18:42:04.0558 6428 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:42:04.0654 6428 Apple Mobile Device - ok
18:42:04.0764 6428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:42:04.0767 6428 arc - ok
18:42:04.0776 6428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:42:04.0779 6428 arcsas - ok
18:42:04.0883 6428 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
18:42:04.0979 6428 ASLDRService - ok
18:42:05.0053 6428 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
18:42:05.0055 6428 ASMMAP64 - ok
18:42:05.0184 6428 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:42:05.0315 6428 aspnet_state - ok
18:42:05.0345 6428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:05.0347 6428 AsyncMac - ok
18:42:05.0398 6428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:42:05.0400 6428 atapi - ok
18:42:05.0462 6428 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:42:05.0484 6428 athr - ok
18:42:05.0514 6428 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
18:42:05.0515 6428 ATKGFNEXSrv - ok
18:42:05.0584 6428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:42:05.0667 6428 AudioEndpointBuilder - ok
18:42:05.0681 6428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:42:05.0688 6428 AudioSrv - ok
18:42:05.0740 6428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:42:05.0743 6428 AxInstSV - ok
18:42:05.0795 6428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:42:05.0803 6428 b06bdrv - ok
18:42:05.0850 6428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:42:05.0860 6428 b57nd60a - ok
18:42:05.0897 6428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:42:05.0904 6428 BDESVC - ok
18:42:05.0938 6428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:42:05.0940 6428 Beep - ok
18:42:06.0011 6428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:42:06.0021 6428 BFE - ok
18:42:06.0091 6428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:42:06.0151 6428 BITS - ok
18:42:06.0187 6428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:42:06.0189 6428 blbdrive - ok
18:42:06.0270 6428 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:42:06.0278 6428 Bonjour Service - ok
18:42:06.0335 6428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:42:06.0338 6428 bowser - ok
18:42:06.0385 6428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:42:06.0388 6428 BrFiltLo - ok
18:42:06.0398 6428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:42:06.0404 6428 BrFiltUp - ok
18:42:06.0435 6428 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:42:06.0442 6428 BridgeMP - ok
18:42:06.0474 6428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:42:06.0531 6428 Browser - ok
18:42:06.0553 6428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:42:06.0559 6428 Brserid - ok
18:42:06.0567 6428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:42:06.0569 6428 BrSerWdm - ok
18:42:06.0576 6428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:42:06.0578 6428 BrUsbMdm - ok
18:42:06.0585 6428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:42:06.0587 6428 BrUsbSer - ok
18:42:06.0625 6428 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:42:06.0628 6428 BthEnum - ok
18:42:06.0655 6428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:42:06.0657 6428 BTHMODEM - ok
18:42:06.0674 6428 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:42:06.0676 6428 BthPan - ok
18:42:06.0721 6428 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:42:06.0729 6428 BTHPORT - ok
18:42:06.0760 6428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:42:06.0766 6428 bthserv - ok
18:42:06.0797 6428 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:42:06.0800 6428 BTHUSB - ok
18:42:06.0841 6428 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:42:06.0844 6428 btwaudio - ok
18:42:06.0867 6428 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:42:06.0871 6428 btwavdt - ok
18:42:06.0943 6428 [ 1E08DC82525282E34AD66FFBA0782565 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:42:07.0045 6428 btwdins - ok
18:42:07.0090 6428 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
18:42:07.0092 6428 btwl2cap - ok
18:42:07.0110 6428 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:42:07.0112 6428 btwrchid - ok
18:42:07.0120 6428 catchme - ok
18:42:07.0151 6428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:42:07.0154 6428 cdfs - ok
18:42:07.0212 6428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:42:07.0216 6428 cdrom - ok
18:42:07.0267 6428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:42:07.0270 6428 CertPropSvc - ok
18:42:07.0304 6428 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
18:42:07.0307 6428 cfwids - ok
18:42:07.0354 6428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:42:07.0356 6428 circlass - ok
18:42:07.0403 6428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:42:07.0412 6428 CLFS - ok
18:42:07.0493 6428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:07.0560 6428 clr_optimization_v2.0.50727_32 - ok
18:42:07.0603 6428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:07.0611 6428 clr_optimization_v2.0.50727_64 - ok
18:42:07.0710 6428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:07.0943 6428 clr_optimization_v4.0.30319_32 - ok
18:42:07.0980 6428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:42:08.0148 6428 clr_optimization_v4.0.30319_64 - ok
18:42:08.0188 6428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:42:08.0190 6428 CmBatt - ok
18:42:08.0226 6428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:42:08.0227 6428 cmdide - ok
18:42:08.0270 6428 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:42:08.0277 6428 CNG - ok
18:42:08.0313 6428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:42:08.0315 6428 Compbatt - ok
18:42:08.0380 6428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:42:08.0383 6428 CompositeBus - ok
18:42:08.0394 6428 COMSysApp - ok
18:42:08.0420 6428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:42:08.0422 6428 crcdisk - ok
18:42:08.0469 6428 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:42:08.0526 6428 CryptSvc - ok
18:42:08.0573 6428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:42:08.0593 6428 DcomLaunch - ok
18:42:08.0627 6428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:42:08.0632 6428 defragsvc - ok
18:42:08.0679 6428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:42:08.0682 6428 DfsC - ok
18:42:08.0740 6428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:42:08.0800 6428 Dhcp - ok
18:42:08.0833 6428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:42:08.0834 6428 discache - ok
18:42:08.0878 6428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:42:08.0880 6428 Disk - ok
18:42:08.0908 6428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:42:08.0965 6428 Dnscache - ok
18:42:09.0019 6428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:42:09.0023 6428 dot3svc - ok
18:42:09.0065 6428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:42:09.0069 6428 DPS - ok
18:42:09.0108 6428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:42:09.0110 6428 drmkaud - ok
18:42:09.0167 6428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:42:09.0181 6428 DXGKrnl - ok
18:42:09.0219 6428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:42:09.0222 6428 EapHost - ok
18:42:09.0337 6428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:42:09.0447 6428 ebdrv - ok
18:42:09.0493 6428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:42:09.0584 6428 EFS - ok
18:42:09.0656 6428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:42:09.0748 6428 ehRecvr - ok
18:42:09.0780 6428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:42:09.0786 6428 ehSched - ok
18:42:09.0864 6428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:42:09.0873 6428 elxstor - ok
18:42:09.0896 6428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:42:09.0897 6428 ErrDev - ok
18:42:09.0942 6428 [ 06C94BE9D9E1E6411429433A64A76936 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
18:42:09.0945 6428 ETD - ok
18:42:10.0011 6428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:42:10.0021 6428 EventSystem - ok
18:42:10.0087 6428 [ 8ADACFFAD67394C711698EA074CE3BAB ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
18:42:10.0091 6428 ewusbnet - ok
18:42:10.0134 6428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:42:10.0138 6428 exfat - ok
18:42:10.0167 6428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:42:10.0171 6428 fastfat - ok
18:42:10.0257 6428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:42:10.0345 6428 Fax - ok
18:42:10.0385 6428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:42:10.0386 6428 fdc - ok
18:42:10.0419 6428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:42:10.0421 6428 fdPHost - ok
18:42:10.0441 6428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:42:10.0443 6428 FDResPub - ok
18:42:10.0456 6428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:42:10.0459 6428 FileInfo - ok
18:42:10.0475 6428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:42:10.0477 6428 Filetrace - ok
18:42:10.0543 6428 [ C623057D3905323F760A8B3C8523C072 ] FileZilla Server C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
18:42:10.0550 6428 FileZilla Server - ok
18:42:10.0587 6428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:10.0589 6428 flpydisk - ok
18:42:10.0636 6428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:42:10.0641 6428 FltMgr - ok
18:42:10.0709 6428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:42:10.0730 6428 FontCache - ok
18:42:10.0794 6428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:10.0877 6428 FontCache3.0.0.0 - ok
18:42:10.0916 6428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:42:10.0918 6428 FsDepends - ok
18:42:10.0962 6428 [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:42:10.0964 6428 fssfltr - ok
18:42:11.0024 6428 [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:42:11.0126 6428 fsssvc - ok
18:42:11.0170 6428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:42:11.0249 6428 Fs_Rec - ok
18:42:11.0302 6428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:42:11.0306 6428 fvevol - ok
18:42:11.0345 6428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:42:11.0348 6428 gagp30kx - ok
18:42:11.0392 6428 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:42:11.0394 6428 GEARAspiWDM - ok
18:42:11.0447 6428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:42:11.0457 6428 gpsvc - ok
18:42:11.0521 6428 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:42:11.0523 6428 gupdate - ok
18:42:11.0543 6428 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:42:11.0547 6428 gupdatem - ok
18:42:11.0577 6428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:42:11.0579 6428 hcw85cir - ok
18:42:11.0643 6428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:42:11.0649 6428 HdAudAddService - ok
18:42:11.0704 6428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:42:11.0707 6428 HDAudBus - ok
18:42:11.0726 6428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:42:11.0739 6428 HidBatt - ok
18:42:11.0748 6428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:42:11.0751 6428 HidBth - ok
18:42:11.0798 6428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:42:11.0800 6428 HidIr - ok
18:42:11.0827 6428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:42:11.0834 6428 hidserv - ok
18:42:11.0879 6428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:42:11.0881 6428 HidUsb - ok
18:42:11.0923 6428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:42:11.0982 6428 hkmsvc - ok
18:42:12.0031 6428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:42:12.0090 6428 HomeGroupListener - ok
18:42:12.0134 6428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:42:12.0139 6428 HomeGroupProvider - ok
18:42:12.0183 6428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:42:12.0185 6428 HpSAMD - ok
18:42:12.0260 6428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:42:12.0275 6428 HTTP - ok
18:42:12.0338 6428 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:42:12.0342 6428 hwdatacard - ok
18:42:12.0381 6428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:42:12.0382 6428 hwpolicy - ok
18:42:12.0457 6428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:42:12.0460 6428 i8042prt - ok
18:42:12.0500 6428 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:42:12.0504 6428 iaStor - ok
18:42:12.0545 6428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:42:12.0552 6428 iaStorV - ok
18:42:12.0643 6428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:12.0737 6428 idsvc - ok
18:42:13.0018 6428 [ 6CBFC48E5C663EA8493AE3E75A6BF511 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:42:13.0241 6428 igfx - ok
18:42:13.0284 6428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:42:13.0286 6428 iirsp - ok
18:42:13.0356 6428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:42:13.0426 6428 IKEEXT - ok
18:42:13.0548 6428 [ 5BA1779E2C84FDE2A5E201FFF9C42C9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:42:13.0626 6428 IntcAzAudAddService - ok
18:42:13.0682 6428 [ B3B15F6C195299982C8CC8EE0FB945FA ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
18:42:13.0685 6428 IntcHdmiAddService - ok
18:42:13.0715 6428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:42:13.0716 6428 intelide - ok
18:42:13.0758 6428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:42:13.0764 6428 intelppm - ok
18:42:13.0825 6428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:42:13.0828 6428 IPBusEnum - ok
18:42:13.0896 6428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:13.0899 6428 IpFilterDriver - ok
18:42:13.0971 6428 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:42:13.0982 6428 iphlpsvc - ok
18:42:14.0027 6428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:42:14.0030 6428 IPMIDRV - ok
18:42:14.0098 6428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:42:14.0101 6428 IPNAT - ok
18:42:14.0193 6428 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:42:14.0298 6428 iPod Service - ok
18:42:14.0352 6428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:42:14.0354 6428 IRENUM - ok
18:42:14.0380 6428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:42:14.0382 6428 isapnp - ok
18:42:14.0428 6428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:42:14.0513 6428 iScsiPrt - ok
18:42:14.0547 6428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:14.0550 6428 kbdclass - ok
18:42:14.0589 6428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:14.0591 6428 kbdhid - ok
18:42:14.0625 6428 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
18:42:14.0629 6428 kbfiltr - ok
18:42:14.0649 6428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:42:14.0652 6428 KeyIso - ok
18:42:14.0693 6428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:42:14.0696 6428 KSecDD - ok
18:42:14.0729 6428 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:42:14.0733 6428 KSecPkg - ok
18:42:14.0847 6428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:42:14.0849 6428 ksthunk - ok
18:42:14.0888 6428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:42:14.0903 6428 KtmRm - ok
18:42:14.0935 6428 [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:42:14.0937 6428 L1C - ok
18:42:14.0995 6428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:42:15.0056 6428 LanmanServer - ok
18:42:15.0095 6428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:42:15.0154 6428 LanmanWorkstation - ok
18:42:15.0203 6428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:42:15.0205 6428 lltdio - ok
18:42:15.0242 6428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:42:15.0253 6428 lltdsvc - ok
18:42:15.0268 6428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:42:15.0277 6428 lmhosts - ok
18:42:15.0328 6428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:42:15.0331 6428 LSI_FC - ok
18:42:15.0338 6428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:42:15.0341 6428 LSI_SAS - ok
18:42:15.0349 6428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:42:15.0352 6428 LSI_SAS2 - ok
18:42:15.0360 6428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:42:15.0365 6428 LSI_SCSI - ok
18:42:15.0396 6428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:42:15.0399 6428 luafv - ok
18:42:15.0516 6428 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:42:15.0521 6428 McAfee SiteAdvisor Service - ok
18:42:15.0586 6428 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
18:42:15.0592 6428 mcdbus - ok
18:42:15.0616 6428 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:42:15.0619 6428 McMPFSvc - ok
18:42:15.0642 6428 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:42:15.0645 6428 mcmscsvc - ok
18:42:15.0654 6428 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:42:15.0657 6428 McNaiAnn - ok
18:42:15.0726 6428 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:42:15.0729 6428 McNASvc - ok
18:42:15.0864 6428 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
18:42:15.0876 6428 McODS - ok
18:42:15.0970 6428 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:42:15.0974 6428 McProxy - ok
18:42:16.0032 6428 [ 597C77235621E7DDD32A68574FDE6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:42:16.0035 6428 McShield - ok
18:42:16.0087 6428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:42:16.0148 6428 Mcx2Svc - ok
18:42:16.0174 6428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:42:16.0175 6428 megasas - ok
18:42:16.0230 6428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:42:16.0238 6428 MegaSR - ok
18:42:16.0286 6428 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
18:42:16.0289 6428 mfeapfk - ok
18:42:16.0331 6428 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
18:42:16.0335 6428 mfeavfk - ok
18:42:16.0389 6428 mfeavfk01 - ok
18:42:16.0411 6428 [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:42:16.0489 6428 mfefire - ok
18:42:16.0530 6428 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
18:42:16.0538 6428 mfefirek - ok
18:42:16.0585 6428 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
18:42:16.0596 6428 mfehidk - ok
18:42:16.0637 6428 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
18:42:16.0639 6428 mfenlfk - ok
18:42:16.0673 6428 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
18:42:16.0675 6428 mferkdet - ok
18:42:16.0743 6428 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Windows\system32\mfevtps.exe
18:42:16.0746 6428 mfevtp - ok
18:42:16.0777 6428 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
18:42:16.0783 6428 mfewfpk - ok
18:42:16.0907 6428 Microsoft SharePoint Workspace Audit Service - ok
18:42:16.0946 6428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:42:16.0949 6428 MMCSS - ok
18:42:16.0965 6428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:42:16.0967 6428 Modem - ok
18:42:16.0991 6428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:42:16.0993 6428 monitor - ok
18:42:17.0043 6428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:42:17.0045 6428 mouclass - ok
18:42:17.0065 6428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:42:17.0067 6428 mouhid - ok
18:42:17.0105 6428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:42:17.0107 6428 mountmgr - ok
18:42:17.0150 6428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:42:17.0154 6428 mpio - ok
18:42:17.0195 6428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:42:17.0197 6428 mpsdrv - ok
18:42:17.0290 6428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:42:17.0309 6428 MpsSvc - ok
18:42:17.0352 6428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:42:17.0355 6428 MRxDAV - ok
18:42:17.0395 6428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:17.0398 6428 mrxsmb - ok
18:42:17.0423 6428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:17.0428 6428 mrxsmb10 - ok
18:42:17.0442 6428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:17.0445 6428 mrxsmb20 - ok
18:42:17.0483 6428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:42:17.0485 6428 msahci - ok
18:42:17.0584 6428 [ AAAC4B494DE45836121A40AEC980B631 ] MsDepSvc C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
18:42:17.0671 6428 MsDepSvc - ok
18:42:17.0719 6428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:42:17.0724 6428 msdsm - ok
18:42:17.0752 6428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:42:17.0763 6428 MSDTC - ok
18:42:17.0833 6428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:42:17.0836 6428 Msfs - ok
18:42:17.0856 6428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:42:17.0857 6428 mshidkmdf - ok
18:42:17.0895 6428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:42:17.0897 6428 msisadrv - ok
18:42:17.0932 6428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:42:17.0942 6428 MSiSCSI - ok
18:42:17.0948 6428 msiserver - ok
18:42:17.0977 6428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:42:17.0995 6428 MSKSSRV - ok
18:42:18.0001 6428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:18.0003 6428 MSPCLOCK - ok
18:42:18.0010 6428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:42:18.0012 6428 MSPQM - ok
18:42:18.0073 6428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:42:18.0079 6428 MsRPC - ok
18:42:18.0131 6428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:42:18.0133 6428 mssmbios - ok
18:42:18.0187 6428 MSSQL$SQLEXPRESS - ok
18:42:18.0294 6428 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:42:18.0383 6428 MSSQLServerADHelper100 - ok
18:42:18.0420 6428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:42:18.0422 6428 MSTEE - ok
18:42:18.0429 6428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:42:18.0431 6428 MTConfig - ok
18:42:18.0468 6428 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
18:42:18.0470 6428 MTsensor - ok
18:42:18.0497 6428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:42:18.0499 6428 Mup - ok
18:42:18.0618 6428 mysql - ok
18:42:18.0671 6428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:42:18.0680 6428 napagent - ok
18:42:18.0729 6428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:42:18.0734 6428 NativeWifiP - ok
18:42:18.0820 6428 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:42:18.0834 6428 NDIS - ok
18:42:18.0862 6428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:18.0864 6428 NdisCap - ok
18:42:18.0898 6428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:18.0904 6428 NdisTapi - ok
18:42:18.0948 6428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:18.0951 6428 Ndisuio - ok
18:42:19.0002 6428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:19.0005 6428 NdisWan - ok
18:42:19.0046 6428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:42:19.0048 6428 NDProxy - ok
18:42:19.0076 6428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:42:19.0078 6428 NetBIOS - ok
18:42:19.0129 6428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:42:19.0135 6428 NetBT - ok
18:42:19.0182 6428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:42:19.0185 6428 Netlogon - ok
18:42:19.0225 6428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:42:19.0237 6428 Netman - ok
18:42:19.0299 6428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:42:19.0450 6428 NetMsmqActivator - ok
18:42:19.0456 6428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:42:19.0538 6428 NetPipeActivator - ok
18:42:19.0568 6428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:42:19.0573 6428 netprofm - ok
18:42:19.0599 6428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:42:19.0682 6428 NetTcpActivator - ok
18:42:19.0688 6428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:42:19.0772 6428 NetTcpPortSharing - ok
18:42:19.0834 6428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:42:19.0837 6428 nfrd960 - ok
18:42:19.0899 6428 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:42:19.0905 6428 NlaSvc - ok
18:42:19.0959 6428 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
18:42:19.0961 6428 NPF - ok
18:42:19.0990 6428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:42:19.0992 6428 Npfs - ok
18:42:20.0027 6428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:42:20.0034 6428 nsi - ok
18:42:20.0055 6428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:42:20.0056 6428 nsiproxy - ok
18:42:20.0140 6428 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:42:20.0165 6428 Ntfs - ok
18:42:20.0193 6428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:42:20.0195 6428 Null - ok
18:42:20.0253 6428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:42:20.0257 6428 nvraid - ok
18:42:20.0274 6428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:42:20.0278 6428 nvstor - ok
18:42:20.0314 6428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:42:20.0317 6428 nv_agp - ok
18:42:20.0352 6428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:42:20.0354 6428 ohci1394 - ok
18:42:20.0449 6428 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:20.0546 6428 ose - ok
18:42:20.0755 6428 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:21.0119 6428 osppsvc - ok
18:42:21.0172 6428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:42:21.0179 6428 p2pimsvc - ok
18:42:21.0207 6428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:42:21.0224 6428 p2psvc - ok
18:42:21.0254 6428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:42:21.0261 6428 Parport - ok
18:42:21.0296 6428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:42:21.0298 6428 partmgr - ok
18:42:21.0325 6428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:42:21.0336 6428 PcaSvc - ok
18:42:21.0358 6428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:42:21.0362 6428 pci - ok
18:42:21.0396 6428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:42:21.0397 6428 pciide - ok
18:42:21.0425 6428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:42:21.0443 6428 pcmcia - ok
18:42:21.0455 6428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:42:21.0457 6428 pcw - ok
18:42:21.0488 6428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:42:21.0498 6428 PEAUTH - ok
18:42:21.0573 6428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:42:21.0576 6428 PerfHost - ok
18:42:21.0667 6428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:42:21.0692 6428 pla - ok
18:42:21.0743 6428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:42:21.0754 6428 PlugPlay - ok
18:42:21.0826 6428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:42:21.0842 6428 PNRPAutoReg - ok
18:42:21.0872 6428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:42:21.0877 6428 PNRPsvc - ok
18:42:21.0939 6428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:42:21.0952 6428 PolicyAgent - ok
18:42:22.0006 6428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:42:22.0011 6428 Power - ok
18:42:22.0060 6428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:42:22.0063 6428 PptpMiniport - ok
18:42:22.0097 6428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:42:22.0100 6428 Processor - ok
18:42:22.0142 6428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:42:22.0147 6428 ProfSvc - ok
18:42:22.0171 6428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:42:22.0175 6428 ProtectedStorage - ok
18:42:22.0217 6428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:42:22.0219 6428 Psched - ok
18:42:22.0298 6428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:42:22.0318 6428 ql2300 - ok
18:42:22.0341 6428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:42:22.0344 6428 ql40xx - ok
18:42:22.0371 6428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:42:22.0379 6428 QWAVE - ok
18:42:22.0395 6428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:42:22.0396 6428 QWAVEdrv - ok
18:42:22.0519 6428 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:42:22.0525 6428 RapiMgr - ok
18:42:22.0545 6428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:42:22.0547 6428 RasAcd - ok
18:42:22.0594 6428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:42:22.0596 6428 RasAgileVpn - ok
18:42:22.0625 6428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:42:22.0636 6428 RasAuto - ok
18:42:22.0677 6428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:22.0680 6428 Rasl2tp - ok
18:42:22.0733 6428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:42:22.0744 6428 RasMan - ok
18:42:22.0780 6428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:22.0783 6428 RasPppoe - ok
18:42:22.0849 6428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:42:22.0852 6428 RasSstp - ok
18:42:22.0879 6428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:42:22.0885 6428 rdbss - ok
18:42:22.0910 6428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:42:22.0912 6428 rdpbus - ok
18:42:22.0929 6428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:22.0930 6428 RDPCDD - ok
18:42:22.0949 6428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:42:22.0950 6428 RDPENCDD - ok
18:42:22.0967 6428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:42:22.0968 6428 RDPREFMP - ok
18:42:23.0008 6428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:42:23.0013 6428 RDPWD - ok
18:42:23.0074 6428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:42:23.0078 6428 rdyboost - ok
18:42:23.0126 6428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:42:23.0135 6428 RemoteAccess - ok
18:42:23.0175 6428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:42:23.0187 6428 RemoteRegistry - ok
18:42:23.0228 6428 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:42:23.0232 6428 RFCOMM - ok
18:42:23.0269 6428 [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:42:23.0271 6428 RimUsb - ok
18:42:23.0309 6428 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:42:23.0311 6428 RimVSerPort - ok
18:42:23.0367 6428 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
18:42:23.0369 6428 ROOTMODEM - ok
18:42:23.0406 6428 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
18:42:23.0507 6428 rpcapd - ok
18:42:23.0537 6428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:42:23.0540 6428 RpcEptMapper - ok
18:42:23.0572 6428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:42:23.0581 6428 RpcLocator - ok
18:42:23.0629 6428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:42:23.0636 6428 RpcSs - ok
18:42:23.0681 6428 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
18:42:23.0687 6428 RsFx0103 - ok
18:42:23.0726 6428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:42:23.0729 6428 rspndr - ok
18:42:23.0749 6428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:42:23.0751 6428 SamSs - ok
18:42:23.0829 6428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:42:23.0834 6428 sbp2port - ok
18:42:23.0876 6428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:42:23.0884 6428 SCardSvr - ok
18:42:23.0932 6428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:42:23.0935 6428 scfilter - ok
18:42:24.0005 6428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:42:24.0021 6428 Schedule - ok
18:42:24.0079 6428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:42:24.0081 6428 SCPolicySvc - ok
18:42:24.0132 6428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:42:24.0190 6428 SDRSVC - ok
18:42:24.0222 6428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:42:24.0223 6428 secdrv - ok
18:42:24.0272 6428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:42:24.0330 6428 seclogon - ok
18:42:24.0360 6428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:42:24.0364 6428 SENS - ok
18:42:24.0377 6428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:42:24.0382 6428 SensrSvc - ok
18:42:24.0404 6428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:42:24.0407 6428 Serenum - ok
18:42:24.0442 6428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:42:24.0444 6428 Serial - ok
18:42:24.0480 6428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:42:24.0481 6428 sermouse - ok
18:42:24.0535 6428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:42:24.0594 6428 SessionEnv - ok
18:42:24.0642 6428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:42:24.0644 6428 sffdisk - ok
18:42:24.0693 6428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:42:24.0696 6428 sffp_mmc - ok
18:42:24.0719 6428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:42:24.0790 6428 sffp_sd - ok
18:42:24.0820 6428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:42:24.0822 6428 sfloppy - ok
18:42:24.0899 6428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:42:24.0909 6428 SharedAccess - ok
18:42:24.0967 6428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:42:24.0974 6428 ShellHWDetection - ok
18:42:24.0999 6428 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
18:42:25.0001 6428 SiSGbeLH - ok
18:42:25.0029 6428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:42:25.0032 6428 SiSRaid2 - ok
18:42:25.0041 6428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:42:25.0043 6428 SiSRaid4 - ok
18:42:25.0281 6428 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:42:25.0308 6428 Skype C2C Service - ok
18:42:25.0389 6428 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:42:25.0394 6428 SkypeUpdate - ok
18:42:25.0429 6428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:42:25.0433 6428 Smb - ok
18:42:25.0491 6428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:42:25.0502 6428 SNMPTRAP - ok
18:42:25.0597 6428 [ A415C67B40DFB903ACCC1D40FBEE3269 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:42:25.0633 6428 SNP2UVC - ok
18:42:25.0675 6428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:42:25.0677 6428 spldr - ok
18:42:25.0724 6428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:42:25.0731 6428 Spooler - ok
18:42:25.0874 6428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:42:25.0992 6428 sppsvc - ok
18:42:26.0022 6428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:42:26.0032 6428 sppuinotify - ok
18:42:26.0071 6428 [ 9BE42E99BBD5461F1F94FE39FEE2E6F5 ] sprtsvc_O2DA C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
18:42:26.0198 6428 sprtsvc_O2DA - ok
18:42:26.0370 6428 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:42:26.0469 6428 SQLAgent$SQLEXPRESS - ok
18:42:26.0507 6428 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:42:26.0595 6428 SQLBrowser - ok
18:42:26.0678 6428 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:42:26.0756 6428 SQLWriter - ok
18:42:26.0831 6428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:42:26.0842 6428 srv - ok
18:42:26.0872 6428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:42:26.0879 6428 srv2 - ok
18:42:26.0907 6428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:42:26.0980 6428 srvnet - ok
18:42:27.0071 6428 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
18:42:27.0075 6428 ssadbus - ok
18:42:27.0127 6428 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:42:27.0129 6428 ssadmdfl - ok
18:42:27.0148 6428 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
18:42:27.0152 6428 ssadmdm - ok
18:42:27.0196 6428 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
18:42:27.0200 6428 ssadserd - ok
18:42:27.0243 6428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:42:27.0248 6428 SSDPSRV - ok
18:42:27.0266 6428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:42:27.0270 6428 SstpSvc - ok
18:42:27.0302 6428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:42:27.0304 6428 stexstor - ok
18:42:27.0356 6428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:42:27.0427 6428 stisvc - ok
18:42:27.0475 6428 [ 518EEB2043B66E733489A715852BF839 ] SupportSoft RemoteAssist C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
18:42:27.0633 6428 SupportSoft RemoteAssist - ok
18:42:27.0675 6428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:42:27.0678 6428 swenum - ok
18:42:27.0728 6428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:42:27.0737 6428 swprv - ok
18:42:27.0828 6428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:42:27.0853 6428 SysMain - ok
18:42:27.0900 6428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:42:27.0959 6428 TabletInputService - ok
18:42:27.0987 6428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:42:28.0045 6428 TapiSrv - ok
18:42:28.0071 6428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:42:28.0074 6428 TBS - ok
18:42:28.0161 6428 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:42:28.0188 6428 Tcpip - ok
18:42:28.0267 6428 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:42:28.0286 6428 TCPIP6 - ok
18:42:28.0341 6428 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:42:28.0344 6428 tcpipreg - ok
18:42:28.0384 6428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:42:28.0386 6428 TDPIPE - ok
18:42:28.0436 6428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:42:28.0439 6428 TDTCP - ok
18:42:28.0486 6428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:42:28.0489 6428 tdx - ok
18:42:28.0528 6428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:42:28.0530 6428 TermDD - ok
18:42:28.0566 6428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:42:28.0579 6428 TermService - ok
18:42:28.0602 6428 [ C4E3BBCBA4E10A34E31C26A0CF933E32 ] tgsrvc_O2DA C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
18:42:28.0725 6428 tgsrvc_O2DA - ok
18:42:28.0754 6428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:42:28.0769 6428 Themes - ok
18:42:28.0814 6428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:42:28.0818 6428 THREADORDER - ok
18:42:28.0837 6428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:42:28.0849 6428 TrkWks - ok
18:42:28.0902 6428 [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
18:42:29.0002 6428 truecrypt - ok
18:42:29.0064 6428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:42:29.0069 6428 TrustedInstaller - ok
18:42:29.0119 6428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:29.0121 6428 tssecsrv - ok
18:42:29.0182 6428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:42:29.0186 6428 TsUsbFlt - ok
18:42:29.0249 6428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:42:29.0252 6428 tunnel - ok
18:42:29.0285 6428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:42:29.0287 6428 uagp35 - ok
18:42:29.0334 6428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:42:29.0342 6428 udfs - ok
18:42:29.0380 6428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:42:29.0390 6428 UI0Detect - ok
18:42:29.0409 6428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:42:29.0411 6428 uliagpkx - ok
18:42:29.0468 6428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:42:29.0470 6428 umbus - ok
18:42:29.0497 6428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:42:29.0499 6428 UmPass - ok
18:42:29.0522 6428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:42:29.0534 6428 upnphost - ok
18:42:29.0579 6428 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:42:29.0581 6428 USBAAPL64 - ok
18:42:29.0635 6428 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:42:29.0638 6428 usbaudio - ok
18:42:29.0688 6428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:29.0693 6428 usbccgp - ok
18:42:29.0746 6428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:42:29.0749 6428 usbcir - ok
18:42:29.0773 6428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:42:29.0777 6428 usbehci - ok
18:42:29.0845 6428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:42:29.0853 6428 usbhub - ok
18:42:29.0878 6428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:42:29.0880 6428 usbohci - ok
18:42:29.0914 6428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:42:29.0916 6428 usbprint - ok
18:42:29.0958 6428 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:42:29.0960 6428 usbscan - ok
18:42:29.0979 6428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:29.0981 6428 USBSTOR - ok
18:42:30.0027 6428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:42:30.0029 6428 usbuhci - ok
18:42:30.0087 6428 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:42:30.0091 6428 usbvideo - ok
18:42:30.0117 6428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:42:30.0123 6428 UxSms - ok
18:42:30.0139 6428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:42:30.0142 6428 VaultSvc - ok
18:42:30.0173 6428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:42:30.0175 6428 vdrvroot - ok
18:42:30.0244 6428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:42:30.0258 6428 vds - ok
18:42:30.0293 6428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:30.0295 6428 vga - ok
18:42:30.0314 6428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:42:30.0316 6428 VgaSave - ok
18:42:30.0359 6428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:42:30.0363 6428 vhdmp - ok
18:42:30.0396 6428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:42:30.0398 6428 viaide - ok
18:42:30.0417 6428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:42:30.0422 6428 volmgr - ok
18:42:30.0468 6428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:42:30.0476 6428 volmgrx - ok
18:42:30.0535 6428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:42:30.0540 6428 volsnap - ok
18:42:30.0583 6428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:42:30.0598 6428 vsmraid - ok
18:42:30.0689 6428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:42:30.0717 6428 VSS - ok
18:42:30.0742 6428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:42:30.0744 6428 vwifibus - ok
18:42:30.0776 6428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:42:30.0778 6428 vwififlt - ok
18:42:30.0856 6428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:42:30.0868 6428 W32Time - ok
18:42:30.0897 6428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:42:30.0899 6428 WacomPen - ok
18:42:30.0959 6428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:42:30.0961 6428 WANARP - ok
18:42:30.0980 6428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:42:30.0982 6428 Wanarpv6 - ok
18:42:31.0067 6428 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:42:31.0166 6428 WatAdminSvc - ok
18:42:31.0247 6428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:42:31.0346 6428 wbengine - ok
18:42:31.0376 6428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:42:31.0382 6428 WbioSrvc - ok
18:42:31.0435 6428 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:42:31.0445 6428 WcesComm - ok
18:42:31.0498 6428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:42:31.0507 6428 wcncsvc - ok
18:42:31.0536 6428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:42:31.0542 6428 WcsPlugInService - ok
18:42:31.0568 6428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:42:31.0570 6428 Wd - ok
18:42:31.0606 6428 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:42:31.0616 6428 Wdf01000 - ok
18:42:31.0637 6428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:42:31.0641 6428 WdiServiceHost - ok
18:42:31.0648 6428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:42:31.0653 6428 WdiSystemHost - ok
18:42:31.0696 6428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:42:31.0769 6428 WebClient - ok
18:42:31.0813 6428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:42:31.0821 6428 Wecsvc - ok
18:42:31.0843 6428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:42:31.0854 6428 wercplsupport - ok
18:42:31.0886 6428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:42:31.0890 6428 WerSvc - ok
18:42:31.0917 6428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:42:31.0919 6428 WfpLwf - ok
18:42:31.0934 6428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:42:31.0936 6428 WIMMount - ok
18:42:31.0972 6428 WinDefend - ok
18:42:31.0986 6428 WinHttpAutoProxySvc - ok
18:42:32.0052 6428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:42:32.0064 6428 Winmgmt - ok
18:42:32.0157 6428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:42:32.0231 6428 WinRM - ok
18:42:32.0317 6428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:42:32.0319 6428 WinUsb - ok
18:42:32.0360 6428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:42:32.0375 6428 Wlansvc - ok
18:42:32.0420 6428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:42:32.0423 6428 WmiAcpi - ok
18:42:32.0469 6428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:42:32.0473 6428 wmiApSrv - ok
18:42:32.0501 6428 WMPNetworkSvc - ok
18:42:32.0521 6428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:42:32.0529 6428 WPCSvc - ok
18:42:32.0579 6428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:42:32.0586 6428 WPDBusEnum - ok
18:42:32.0616 6428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:42:32.0618 6428 ws2ifsl - ok
18:42:32.0646 6428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:42:32.0654 6428 wscsvc - ok
18:42:32.0661 6428 WSearch - ok
18:42:32.0786 6428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:42:32.0822 6428 wuauserv - ok
18:42:32.0859 6428 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:42:32.0862 6428 WudfPf - ok
18:42:32.0890 6428 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:32.0894 6428 WUDFRd - ok
18:42:32.0931 6428 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:42:32.0989 6428 wudfsvc - ok
18:42:33.0020 6428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:42:33.0026 6428 WwanSvc - ok
18:42:33.0076 6428 ================ Scan global ===============================
18:42:33.0096 6428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:42:33.0135 6428 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:42:33.0147 6428 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:42:33.0181 6428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:42:33.0212 6428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:42:33.0219 6428 [Global] - ok
18:42:33.0220 6428 ================ Scan MBR ==================================
18:42:33.0235 6428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:42:33.0476 6428 \Device\Harddisk0\DR0 - ok
18:42:33.0477 6428 ================ Scan VBR ==================================
18:42:33.0485 6428 [ D5DD3C92351A934E6429E6570764DC4D ] \Device\Harddisk0\DR0\Partition1
18:42:33.0488 6428 \Device\Harddisk0\DR0\Partition1 - ok
18:42:33.0503 6428 [ 4FFA37EE2C3C75521B74A81E86430883 ] \Device\Harddisk0\DR0\Partition2
18:42:33.0506 6428 \Device\Harddisk0\DR0\Partition2 - ok
18:42:33.0507 6428 ============================================================
18:42:33.0507 6428 Scan finished
18:42:33.0507 6428 ============================================================
18:42:33.0521 3228 Detected object count: 0
18:42:33.0521 3228 Actual detected object count: 0

#7 Ifiok Jr.

Ifiok Jr.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 11 September 2012 - 02:12 PM

Okay that took slightly longer than expected. Here it is though.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-11 18:44:26
-----------------------------
18:44:26.268 OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:26.268 Number of processors: 2 586 0x170A
18:44:26.269 ComputerName: IFIOKJR-PC UserName: Ifiok Jr
18:44:26.938 Initialize success
18:51:03.782 AVAST engine defs: 12091100
18:51:21.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:51:21.327 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
18:51:21.351 Disk 0 MBR read successfully
18:51:21.357 Disk 0 MBR scan
18:51:21.368 Disk 0 Windows 7 default MBR code
18:51:21.386 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 16997 MB offset 2048
18:51:21.410 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 34812855
18:51:21.423 Disk 0 Partition - 00 0F Extended LBA 211935 MB offset 191093175
18:51:21.452 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 211935 MB offset 191093238
18:51:21.486 Disk 0 scanning C:\Windows\system32\drivers
18:51:37.692 Service scanning
18:52:25.965 Modules scanning
18:52:25.987 Disk 0 trace - called modules:
18:52:26.366 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:52:26.379 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fee060]
18:52:26.392 3 CLASSPNP.SYS[fffff8800194243f] -> nt!IofCallDriver -> [0xfffffa8002e105b0]
18:52:26.405 5 ACPI.sys[fffff88000f657a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8002e4e050]
18:52:27.318 AVAST engine scan C:\Windows
18:52:38.170 AVAST engine scan C:\Windows\system32
18:55:59.020 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:56:06.138 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:01:43.230 AVAST engine scan C:\Windows\system32\drivers
19:01:59.693 AVAST engine scan C:\Users\Ifiok Jr
19:05:55.244 Disk 0 MBR has been saved successfully to "C:\Users\Ifiok Jr\Desktop\MBR.dat"
19:05:55.272 The log file has been saved successfully to "C:\Users\Ifiok Jr\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-11 18:44:26
-----------------------------
18:44:26.268 OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:26.268 Number of processors: 2 586 0x170A
18:44:26.269 ComputerName: IFIOKJR-PC UserName: Ifiok Jr
18:44:26.938 Initialize success
18:51:03.782 AVAST engine defs: 12091100
18:51:21.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:51:21.327 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
18:51:21.351 Disk 0 MBR read successfully
18:51:21.357 Disk 0 MBR scan
18:51:21.368 Disk 0 Windows 7 default MBR code
18:51:21.386 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 16997 MB offset 2048
18:51:21.410 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 34812855
18:51:21.423 Disk 0 Partition - 00 0F Extended LBA 211935 MB offset 191093175
18:51:21.452 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 211935 MB offset 191093238
18:51:21.486 Disk 0 scanning C:\Windows\system32\drivers
18:51:37.692 Service scanning
18:52:25.965 Modules scanning
18:52:25.987 Disk 0 trace - called modules:
18:52:26.366 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:52:26.379 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fee060]
18:52:26.392 3 CLASSPNP.SYS[fffff8800194243f] -> nt!IofCallDriver -> [0xfffffa8002e105b0]
18:52:26.405 5 ACPI.sys[fffff88000f657a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8002e4e050]
18:52:27.318 AVAST engine scan C:\Windows
18:52:38.170 AVAST engine scan C:\Windows\system32
18:55:59.020 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:56:06.138 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:01:43.230 AVAST engine scan C:\Windows\system32\drivers
19:01:59.693 AVAST engine scan C:\Users\Ifiok Jr
19:05:55.244 Disk 0 MBR has been saved successfully to "C:\Users\Ifiok Jr\Desktop\MBR.dat"
19:05:55.272 The log file has been saved successfully to "C:\Users\Ifiok Jr\Desktop\aswMBR.txt"
19:10:21.813 File: C:\Users\Ifiok Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iner.exe **INFECTED** Win32:Malware-gen
19:17:59.046 AVAST engine scan C:\ProgramData
19:22:42.777 Scan finished successfully
20:12:39.731 Disk 0 MBR has been saved successfully to "C:\Users\Ifiok Jr\Desktop\MBR.dat"
20:12:39.768 The log file has been saved successfully to "C:\Users\Ifiok Jr\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 11 September 2012 - 03:19 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ifiok Jr.

Ifiok Jr.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 12 September 2012 - 01:13 AM

The computer is very slow at the moment - especially on loadup. The last combofix took a long time. Anyway here's the log.


ComboFix 12-09-11.01 - Ifiok Jr 11/09/2012 21:52:29.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1504 [GMT 1:00]
Running from: c:\users\Ifiok Jr\Desktop\ComboFix.exe
Command switches used :: c:\users\Ifiok Jr\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\_ctypes.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\_elementtree.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\_hashlib.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\_socket.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\_ssl.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\pyexpat.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\pysqlite2._sqlite.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\python26.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\pythoncom26.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\PyWinTypes26.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\select.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\unicodedata.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\win32api.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\win32com.shell.shell.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\win32crypt.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\win32event.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\win32file.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\win32inet.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\win32pdh.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\win32process.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\windows._cacheinvalidation.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wx._controls_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wx._core_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wx._gdi_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wx._html2.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wx._misc_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wx._windows_.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wx._wizard.pyd
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wxbase293u_net_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wxbase293u_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wxmsw293u_adv_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wxmsw293u_core_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wxmsw293u_html_vc.dll
c:\users\Ifiok Jr\AppData\Local\Temp\_MEI23842\wxmsw293u_webview_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\_ctypes.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\_elementtree.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\_hashlib.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\_socket.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\_ssl.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\pyexpat.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\pysqlite2._sqlite.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\python26.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\pythoncom26.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\PyWinTypes26.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\select.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\unicodedata.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\win32api.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\win32com.shell.shell.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\win32crypt.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\win32event.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\win32file.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\win32inet.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\win32pdh.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\win32process.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\windows._cacheinvalidation.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wx._controls_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wx._core_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wx._gdi_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wx._html2.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wx._misc_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wx._windows_.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wx._wizard.pyd
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wxbase293u_net_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wxbase293u_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wxmsw293u_adv_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wxmsw293u_core_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wxmsw293u_html_vc.dll
c:\users\IFIOKJ~1\AppData\Local\Temp\_MEI23842\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-12 05:41 . 2012-09-12 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 01:11 . 2012-02-22 12:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-09-09 01:11 . 2012-09-09 01:11 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-09-09 01:10 . 2012-02-22 12:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-09-09 01:10 . 2012-02-22 12:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-09-09 01:10 . 2012-02-22 12:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-09-09 01:10 . 2012-02-22 12:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-09-09 01:10 . 2012-02-22 12:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-09-09 01:10 . 2012-09-09 01:11 -------- d-----w- c:\program files\Common Files\McAfee
2012-09-09 01:10 . 2012-09-09 01:12 -------- d-----w- c:\program files\McAfee
2012-09-09 01:10 . 2012-09-09 17:51 -------- d-----w- c:\program files (x86)\McAfee
2012-09-09 00:26 . 2012-06-22 06:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-07 17:25 . 2012-09-07 17:25 668160 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iner.exe
2012-09-07 17:05 . 2012-09-07 17:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-07 14:46 . 2012-09-07 14:46 -------- d-----w- c:\users\Ifiok Jr\AppData\Local\{A4D5EDEE-F8FA-11E1-8270-B8AC6F996F26}
2012-08-31 13:47 . 2012-08-31 13:47 -------- d-----w- c:\users\Ifiok Jr\AppData\Local\Freecorder 6 Video
2012-08-31 13:45 . 2012-08-31 13:45 -------- d-----w- c:\users\Ifiok Jr\AppData\Roaming\Freecorder 6 Video
2012-08-31 13:45 . 2012-09-08 11:18 -------- d-----w- c:\users\Ifiok Jr\AppData\Local\Jaksta_Technologies_Pty_L
2012-08-31 12:29 . 2012-08-31 12:29 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2012-08-31 12:29 . 2012-09-08 21:53 -------- d-----r- c:\users\Ifiok Jr\SkyDrive
2012-08-31 12:28 . 2012-08-31 12:28 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-08-31 09:14 . 2012-08-31 09:15 -------- d-----w- c:\users\Ifiok Jr\kickjumpmerchandise
2012-08-27 02:33 . 2012-09-09 03:17 -------- d-----w- c:\users\Ifiok Jr\AppData\Roaming\Applian FLV and Media Player
2012-08-26 09:00 . 2012-08-27 02:29 -------- d-----w- c:\program files (x86)\Applian Technologies
2012-08-26 08:58 . 2012-08-28 15:51 -------- d-----w- c:\programdata\Tarma Installer
2012-08-21 20:35 . 2012-08-21 20:36 -------- d-----w- C:\Python25
2012-08-17 15:07 . 2012-08-17 15:07 -------- d-----w- c:\program files (x86)\Evernote
2012-08-16 06:28 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 17:10 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 17:10 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 17:10 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 17:10 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 17:10 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 17:10 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 17:09 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 17:09 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 17:09 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 17:09 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 17:09 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 17:08 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 12:35 . 2012-08-13 12:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 02:17 . 2012-01-31 09:24 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 16:01 . 2012-04-26 18:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 16:01 . 2011-12-06 04:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-22 06:38 . 2012-06-22 06:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-22 06:36 . 2010-05-18 16:53 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-22 06:34 . 2012-06-22 06:34 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-11_15.05.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-18 16:38 . 2012-09-11 15:54 61648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-12 06:00 39784 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-23 07:12 . 2012-09-12 06:00 13712 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1603772896-3166256720-2809648617-1000_UserData.bin
+ 2011-10-23 15:06 . 2012-09-12 05:44 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 15:06 . 2012-09-11 14:55 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 15:06 . 2012-09-11 14:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-23 15:06 . 2012-09-12 05:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-12 05:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-11 14:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-11 14:54 . 2012-09-11 14:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-12 05:43 . 2012-09-12 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-12 05:43 . 2012-09-12 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-11 14:54 . 2012-09-11 14:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-18 16:49 . 2012-09-11 15:49 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-05-18 16:49 . 2012-09-11 06:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-09-11 14:56 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-12 05:44 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-24 03:31 . 2012-09-12 02:39 396946 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-09-11 14:53 615056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-12 05:41 615056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-09-11 14:56 1540096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-12 05:44 1540096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-12 05:44 2818048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-11 14:56 2818048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-07 10:05 . 2012-09-12 05:42 18975620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1603772896-3166256720-2809648617-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2010-01-05 170624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"O2DA"="c:\program files (x86)\O2 Assistant\bin\sprtcmd.exe" [2010-02-05 206120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
.
c:\users\Ifiok Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2012-8-14 391520]
iner.exe [2012-9-7 668160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-26 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files (x86)\O2 Assistant\bin\sprtsvc.exe [2010-02-05 206120]
S2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files (x86)\O2 Assistant\bin\tgsrvc.exe [2010-02-05 185640]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 246224]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-13 144896]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 16:01]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 16:26]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 16:26]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603772896-3166256720-2809648617-1000Core.job
- c:\users\Ifiok Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 19:36]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603772896-3166256720-2809648617-1000UA.job
- c:\users\Ifiok Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ifiok Jr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 410136]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\windows\SysWOW64\rundll32.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Completion time: 2012-09-12 07:07:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-12 06:07
ComboFix2.txt 2012-09-11 15:14
.
Pre-Run: 14,361,763,840 bytes free
Post-Run: 14,385,967,104 bytes free
.
- - End Of File - - A25AC97CC64C61EA07E248B323476BED

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 12 September 2012 - 01:26 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ifiok Jr.

Ifiok Jr.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 12 September 2012 - 02:08 AM

FRST LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2012 01
Ran by SYSTEM at 12-09-2012 07:46:23
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [635784 2010-01-13] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA [206120 2010-02-04] (SupportSoft, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKU\Ifiok Jr\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12218904 2012-07-20] (Google)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Ifiok Jr\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Ifiok Jr\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Ifiok Jr\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\Ifiok Jr\Start Menu\Programs\Startup\iner.exe ()

==================== Services ====================

2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
2 FileZilla Server; "C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe" [630784 2011-10-23] (FileZilla Project)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199304 2012-05-25] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210616 2012-05-25] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-21] (McAfee, Inc.)
2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)
2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2011-10-27] ()
2 sprtsvc_O2DA; "C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe" /service /P O2DA [206120 2010-02-04] (SupportSoft, Inc.)
2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [383408 2010-02-04] (SupportSoft, Inc.)
2 tgsrvc_O2DA; "C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe" /p O2DA [185640 2010-02-04] (SupportSoft, Inc.)
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers =================================

2 ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-21] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-21] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-21] (McAfee, Inc.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1799680 2009-07-17] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 mfeavfk01; [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-11 22:39 - 2012-09-11 22:39 - 01453499 ____A (Farbar) C:\Users\Ifiok Jr\Downloads\FRST64.exe
2012-09-11 22:07 - 2012-09-11 22:07 - 00033589 ____A C:\ComboFix.txt
2012-09-11 10:05 - 2012-09-11 11:12 - 00004875 ____A C:\Users\Ifiok Jr\Desktop\aswMBR.txt
2012-09-11 10:05 - 2012-09-11 11:12 - 00000512 ____A C:\Users\Ifiok Jr\Desktop\MBR.dat
2012-09-11 09:41 - 2012-09-11 09:42 - 04731392 ____A (AVAST Software) C:\Users\Ifiok Jr\Downloads\aswMBR.exe
2012-09-11 09:41 - 2012-09-11 09:41 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Ifiok Jr\Downloads\tdsskiller.exe
2012-09-11 05:20 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-11 05:20 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-11 05:20 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-11 05:20 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-11 05:20 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-11 05:20 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-11 05:20 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-11 05:20 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-11 05:18 - 2012-09-11 22:07 - 00000000 ___AD C:\Qoobox
2012-09-11 05:18 - 2012-09-11 07:10 - 00000000 ____D C:\Windows\erdnt
2012-09-11 05:05 - 2012-09-11 05:06 - 04749701 ____R (Swearware) C:\Users\Ifiok Jr\Desktop\ComboFix.exe
2012-09-11 05:05 - 2012-09-11 05:05 - 00854156 ____A C:\Users\Ifiok Jr\Downloads\SecurityCheck.exe
2012-09-11 04:22 - 2012-09-11 04:22 - 00000478 ____A C:\Users\Ifiok Jr\Downloads\defogger_disable.log
2012-09-11 04:22 - 2012-09-11 04:22 - 00000000 ____A C:\Users\Ifiok Jr\defogger_reenable
2012-09-11 04:12 - 2012-09-11 04:12 - 00050477 ____A C:\Users\Ifiok Jr\Downloads\Defogger.exe
2012-09-11 02:04 - 2012-09-11 02:04 - 00024211 ____A C:\Users\Ifiok Jr\Desktop\DDS.txt
2012-09-11 02:04 - 2012-09-11 02:04 - 00012744 ____A C:\Users\Ifiok Jr\Desktop\Attach.txt
2012-09-11 01:52 - 2012-09-11 01:52 - 00607260 ____R (Swearware) C:\Users\Ifiok Jr\Downloads\dds.com
2012-09-10 03:05 - 2012-09-10 03:05 - 00013610 ____A C:\Users\Ifiok Jr\.recently-used.xbel
2012-09-10 00:52 - 2012-09-10 00:52 - 00000984 ____A C:\Users\Ifiok Jr\Desktop\hosts - Shortcut.lnk
2012-09-08 17:42 - 2012-09-08 17:42 - 00347424 ____A (Microsoft Corporation) C:\Users\Ifiok Jr\Downloads\MicrosoftFixit.WindowsFirewall.RNP.37270585639168195.1.1.Run.exe
2012-09-08 17:14 - 2012-09-11 22:16 - 00001830 ____A C:\Users\Public\Desktop\BT NetProtect Plus.lnk
2012-09-08 17:11 - 2012-09-08 17:11 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-09-08 17:11 - 2012-02-22 04:29 - 00010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-09-08 17:10 - 2012-09-09 09:51 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-09-08 17:10 - 2012-09-08 17:12 - 00000000 ____D C:\Program Files\McAfee
2012-09-08 17:10 - 2012-09-08 17:11 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-09-08 17:10 - 2012-09-08 17:10 - 00000000 ____D C:\Program Files\McAfee.com
2012-09-08 17:10 - 2012-02-22 04:29 - 00487296 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-09-08 17:10 - 2012-02-22 04:29 - 00229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-09-08 17:10 - 2012-02-22 04:29 - 00100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-09-08 17:10 - 2012-02-22 04:29 - 00075936 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-09-08 17:10 - 2012-02-22 04:29 - 00065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-09-08 16:26 - 2012-06-21 22:38 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-09-08 16:25 - 2012-09-08 16:26 - 04840424 ____A (McAfee, Inc.) C:\Users\Ifiok Jr\Downloads\McAfeeSetup-Serial.exe
2012-09-08 14:15 - 2012-09-08 14:15 - 00000000 ____D C:\Users\Ifiok Jr\AppData\Roaming\Google
2012-09-08 02:10 - 2012-09-08 02:10 - 03037936 ____A C:\Users\Ifiok Jr\Downloads\Lucid (1).zip
2012-09-07 09:05 - 2012-09-07 09:05 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-09-07 06:46 - 2012-09-11 06:50 - 00006529 ____A C:\Users\Ifiok Jr\AppData\Local\chromeupdate.crx
2012-09-07 06:46 - 2012-09-07 06:46 - 00000000 ____D C:\Users\Ifiok Jr\AppData\Local\{A4D5EDEE-F8FA-11E1-8270-B8AC6F996F26}
2012-09-06 09:48 - 2012-09-06 09:48 - 03260274 ____A C:\Users\Ifiok Jr\Downloads\ultimate-tinymce.zip
2012-09-05 05:35 - 2012-09-05 05:35 - 01070720 ____A C:\Users\Ifiok Jr\Downloads\hang-it-man.exe
2012-09-05 05:35 - 2012-09-05 05:35 - 01070720 ____A C:\Users\Ifiok Jr\Downloads\hang-it-man (3).exe
2012-09-05 05:35 - 2012-09-05 05:35 - 01070720 ____A C:\Users\Ifiok Jr\Downloads\hang-it-man (2).exe
2012-09-05 05:35 - 2012-09-05 05:35 - 01070720 ____A C:\Users\Ifiok Jr\Downloads\hang-it-man (1).exe
2012-09-04 09:52 - 2012-09-04 09:53 - 01040529 ____A C:\Users\Ifiok Jr\Downloads\rich-racer.dcr
2012-09-03 13:43 - 2012-09-03 13:44 - 01001264 ____A (Solid State Networks) C:\Users\Ifiok Jr\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe
2012-08-31 05:47 - 2012-08-31 05:47 - 00000000 ____D C:\Users\Ifiok Jr\AppData\Local\Freecorder 6 Video
2012-08-31 05:45 - 2012-09-08 03:18 - 00000000 ____D C:\Users\Ifiok Jr\AppData\Local\Jaksta_Technologies_Pty_L
2012-08-31 05:45 - 2012-08-31 05:45 - 00000000 ____D C:\Users\Ifiok Jr\AppData\Roaming\Freecorder 6 Video
2012-08-31 04:29 - 2012-09-08 13:53 - 00000000 ___RD C:\Users\Ifiok Jr\SkyDrive
2012-08-31 04:29 - 2012-08-31 04:29 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2012-08-31 04:29 - 2012-08-31 04:28 - 05563840 ____A (Microsoft Corporation) C:\Users\Ifiok Jr\Downloads\SkyDriveSetup (1).exe
2012-08-31 04:28 - 2012-08-31 04:28 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
2012-08-31 01:14 - 2012-08-31 01:15 - 00000000 ____D C:\Users\Ifiok Jr\kickjumpmerchandise
2012-08-27 11:16 - 2012-08-27 11:16 - 00095007 ____A C:\Users\Ifiok Jr\Downloads\bp-template-pack-Elegant-Themes_Chameleon1_5.zip
2012-08-26 18:33 - 2012-09-11 22:28 - 00000000 ____D C:\Users\Ifiok Jr\AppData\Roaming\Applian FLV and Media Player
2012-08-26 18:22 - 2012-08-26 18:22 - 01667264 ____A (W3i, LLC) C:\Users\Ifiok Jr\Downloads\applianflv_upgrade_1472.exe
2012-08-26 08:40 - 2012-08-26 08:40 - 01875955 ____A C:\Users\Ifiok Jr\Downloads\elegantthemes_icons.zip
2012-08-26 01:13 - 2012-08-26 01:17 - 31053033 ____A C:\Users\Ifiok Jr\Downloads\Hosanna-(Be-Lifted-Higher)-~Sidney-Mohede-(w-True-Worshippers)[www.savevid.com].flv
2012-08-26 01:00 - 2012-08-26 18:29 - 00000000 ____D C:\Program Files (x86)\Applian Technologies
2012-08-25 16:55 - 2012-08-25 16:56 - 03170494 ____A C:\Users\Ifiok Jr\Downloads\Lucid.zip
2012-08-25 16:06 - 2012-08-25 16:06 - 00516925 ____A C:\Users\Ifiok Jr\Downloads\elegantbuilder.zip
2012-08-23 04:03 - 2012-08-23 04:03 - 00087335 ____A C:\Users\Ifiok Jr\Downloads\0kSFjLoRv.20120823070103.sql.zip
2012-08-21 12:35 - 2012-08-21 12:36 - 00000000 ____D C:\Python25
2012-08-21 11:52 - 2012-08-21 11:54 - 11323392 ____A C:\Users\Ifiok Jr\Downloads\python-2.5.4.msi
2012-08-17 07:29 - 2012-08-17 07:29 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2012-08-17 07:07 - 2012-08-17 07:07 - 00000000 ____D C:\Program Files (x86)\Evernote
2012-08-15 22:28 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-15 18:27 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 18:27 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 18:27 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 18:27 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 18:27 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 18:27 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 18:27 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 18:27 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 18:27 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 18:27 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 18:27 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 18:27 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 18:27 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 18:27 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 18:27 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 18:27 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 18:27 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 18:27 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 18:27 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 18:27 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 18:27 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 18:27 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 18:27 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 18:27 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 18:27 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 18:27 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 18:27 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 18:27 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 09:10 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 09:10 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 09:10 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 09:10 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 09:10 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 09:10 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-15 09:09 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 09:09 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 09:09 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 09:09 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 09:09 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 09:09 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 09:08 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll


==================== 3 Months Modified Files ================================

2012-09-11 22:42 - 2010-05-18 07:58 - 02061467 ____A C:\Windows\WindowsUpdate.log
2012-09-11 22:39 - 2012-09-11 22:39 - 01453499 ____A (Farbar) C:\Users\Ifiok Jr\Downloads\FRST64.exe
2012-09-11 22:22 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-11 22:22 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-11 22:18 - 2010-05-18 08:26 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-11 22:16 - 2012-09-08 17:14 - 00001830 ____A C:\Users\Public\Desktop\BT NetProtect Plus.lnk
2012-09-11 22:09 - 2010-05-18 08:26 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-11 22:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-11 22:08 - 2009-07-13 20:51 - 00101327 ____A C:\Windows\setupact.log
2012-09-11 22:07 - 2012-09-11 22:07 - 00033589 ____A C:\ComboFix.txt
2012-09-11 22:01 - 2012-04-26 10:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-11 21:59 - 2012-01-09 05:42 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603772896-3166256720-2809648617-1000UA.job
2012-09-11 21:58 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-11 21:42 - 2010-05-18 08:36 - 00174340 ____A C:\Windows\PFRO.log
2012-09-11 11:12 - 2012-09-11 10:05 - 00004875 ____A C:\Users\Ifiok Jr\Desktop\aswMBR.txt
2012-09-11 11:12 - 2012-09-11 10:05 - 00000512 ____A C:\Users\Ifiok Jr\Desktop\MBR.dat
2012-09-11 09:42 - 2012-09-11 09:41 - 04731392 ____A (AVAST Software) C:\Users\Ifiok Jr\Downloads\aswMBR.exe
2012-09-11 09:41 - 2012-09-11 09:41 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Ifiok Jr\Downloads\tdsskiller.exe
2012-09-11 09:39 - 2012-01-09 05:42 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1603772896-3166256720-2809648617-1000Core.job
2012-09-11 06:50 - 2012-09-07 06:46 - 00006529 ____A C:\Users\Ifiok Jr\AppData\Local\chromeupdate.crx
2012-09-11 05:19 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-11 05:06 - 2012-09-11 05:05 - 04749701 ____R (Swearware) C:\Users\Ifiok Jr\Desktop\ComboFix.exe
2012-09-11 05:05 - 2012-09-11 05:05 - 00854156 ____A C:\Users\Ifiok Jr\Downloads\SecurityCheck.exe
2012-09-11 04:22 - 2012-09-11 04:22 - 00000478 ____A C:\Users\Ifiok Jr\Downloads\defogger_disable.log
2012-09-11 04:22 - 2012-09-11 04:22 - 00000000 ____A C:\Users\Ifiok Jr\defogger_reenable
2012-09-11 04:12 - 2012-09-11 04:12 - 00050477 ____A C:\Users\Ifiok Jr\Downloads\Defogger.exe
2012-09-11 02:04 - 2012-09-11 02:04 - 00024211 ____A C:\Users\Ifiok Jr\Desktop\DDS.txt
2012-09-11 02:04 - 2012-09-11 02:04 - 00012744 ____A C:\Users\Ifiok Jr\Desktop\Attach.txt
2012-09-11 01:52 - 2012-09-11 01:52 - 00607260 ____R (Swearware) C:\Users\Ifiok Jr\Downloads\dds.com
2012-09-10 12:49 - 2009-07-13 21:13 - 00871384 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-10 03:05 - 2012-09-10 03:05 - 00013610 ____A C:\Users\Ifiok Jr\.recently-used.xbel
2012-09-10 00:52 - 2012-09-10 00:52 - 00000984 ____A C:\Users\Ifiok Jr\Desktop\hosts - Shortcut.lnk
2012-09-09 09:53 - 2010-05-18 08:48 - 00001670 ____A C:\Windows\System32\ServiceFilter.ini
2012-09-09 00:10 - 2010-05-18 08:48 - 00002520 ____A C:\Windows\System32\AutoRunFilter.ini
2012-09-08 17:42 - 2012-09-08 17:42 - 00347424 ____A (Microsoft Corporation) C:\Users\Ifiok Jr\Downloads\MicrosoftFixit.WindowsFirewall.RNP.37270585639168195.1.1.Run.exe
2012-09-08 16:26 - 2012-09-08 16:25 - 04840424 ____A (McAfee, Inc.) C:\Users\Ifiok Jr\Downloads\McAfeeSetup-Serial.exe
2012-09-08 16:02 - 2011-10-30 22:54 - 00000600 ____A C:\Users\Ifiok Jr\AppData\Local\PUTTY.RND
2012-09-08 02:10 - 2012-09-08 02:10 - 03037936 ____A C:\Users\Ifiok Jr\Downloads\Lucid (1).zip
2012-09-06 09:48 - 2012-09-06 09:48 - 03260274 ____A C:\Users\Ifiok Jr\Downloads\ultimate-tinymce.zip
2012-09-05 05:35 - 2012-09-05 05:35 - 01070720 ____A C:\Users\Ifiok Jr\Downloads\hang-it-man.exe
2012-09-05 05:35 - 2012-09-05 05:35 - 01070720 ____A C:\Users\Ifiok Jr\Downloads\hang-it-man (3).exe
2012-09-05 05:35 - 2012-09-05 05:35 - 01070720 ____A C:\Users\Ifiok Jr\Downloads\hang-it-man (2).exe
2012-09-05 05:35 - 2012-09-05 05:35 - 01070720 ____A C:\Users\Ifiok Jr\Downloads\hang-it-man (1).exe
2012-09-04 09:53 - 2012-09-04 09:52 - 01040529 ____A C:\Users\Ifiok Jr\Downloads\rich-racer.dcr
2012-09-03 13:44 - 2012-09-03 13:43 - 01001264 ____A (Solid State Networks) C:\Users\Ifiok Jr\Downloads\install_flashplayer11x32ax_mssa_au_aih.exe
2012-08-31 04:28 - 2012-08-31 04:29 - 05563840 ____A (Microsoft Corporation) C:\Users\Ifiok Jr\Downloads\SkyDriveSetup (1).exe
2012-08-27 11:16 - 2012-08-27 11:16 - 00095007 ____A C:\Users\Ifiok Jr\Downloads\bp-template-pack-Elegant-Themes_Chameleon1_5.zip
2012-08-26 18:22 - 2012-08-26 18:22 - 01667264 ____A (W3i, LLC) C:\Users\Ifiok Jr\Downloads\applianflv_upgrade_1472.exe
2012-08-26 08:40 - 2012-08-26 08:40 - 01875955 ____A C:\Users\Ifiok Jr\Downloads\elegantthemes_icons.zip
2012-08-26 01:17 - 2012-08-26 01:13 - 31053033 ____A C:\Users\Ifiok Jr\Downloads\Hosanna-(Be-Lifted-Higher)-~Sidney-Mohede-(w-True-Worshippers)[www.savevid.com].flv
2012-08-25 16:56 - 2012-08-25 16:55 - 03170494 ____A C:\Users\Ifiok Jr\Downloads\Lucid.zip
2012-08-25 16:06 - 2012-08-25 16:06 - 00516925 ____A C:\Users\Ifiok Jr\Downloads\elegantbuilder.zip
2012-08-23 04:03 - 2012-08-23 04:03 - 00087335 ____A C:\Users\Ifiok Jr\Downloads\0kSFjLoRv.20120823070103.sql.zip
2012-08-21 11:54 - 2012-08-21 11:52 - 11323392 ____A C:\Users\Ifiok Jr\Downloads\python-2.5.4.msi
2012-08-17 07:29 - 2012-08-17 07:29 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2012-08-16 02:53 - 2009-07-13 20:45 - 05105560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 18:17 - 2012-01-31 01:24 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-15 08:01 - 2012-04-26 10:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 08:01 - 2011-12-05 20:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-30 23:36 - 2012-07-30 23:32 - 40010328 ____A C:\Users\Ifiok Jr\Downloads\20030511M3.zip
2012-07-24 12:06 - 2012-07-24 12:05 - 00000009 ____A C:\END
2012-07-24 12:02 - 2012-07-24 12:02 - 07106104 ____A (Applian Technologies Inc.) C:\Users\Ifiok Jr\Downloads\FCTBSetup(1).exe
2012-07-24 11:44 - 2012-07-24 11:43 - 16801656 ____A (Mozilla) C:\Users\Ifiok Jr\Downloads\Firefox Setup 14.0.1.exe
2012-07-18 10:15 - 2012-08-15 09:09 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 04:38 - 2012-07-16 04:38 - 00392447 ____A C:\Users\Ifiok Jr\Documents\ayi$ha doc.xxx £££££££££££££.pptx
2012-07-15 10:49 - 2012-07-15 10:49 - 00046419 ____A C:\Users\Ifiok Jr\Documents\Presentation1.pptx
2012-07-15 10:11 - 2012-05-19 07:46 - 00168930 ____A C:\Users\Ifiok Jr\Documents\ayisha doc.xlsx
2012-07-15 08:15 - 2012-07-15 07:30 - 00031729 ____A C:\Users\Ifiok Jr\Documents\pictures by ayisha doc.xxx.pptx
2012-07-10 18:41 - 2012-07-10 18:39 - 00267346 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-08 13:08 - 2012-07-08 13:08 - 05189344 ____A (Microsoft Corporation) C:\Users\Ifiok Jr\Downloads\SkyDriveSetup.exe
2012-07-06 12:07 - 2012-08-15 22:28 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-15 09:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 09:09 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 09:09 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 09:09 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 09:09 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 20:27 - 2012-07-02 12:07 - 00002365 ____A C:\Users\Ifiok Jr\.lmmsrc.xml
2012-07-03 20:20 - 2012-07-03 20:20 - 00035877 ____A C:\Users\Ifiok Jr\Downloads\xzibit-snoop.mid
2012-07-02 23:19 - 2012-07-02 23:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2012-07-01 14:48 - 2012-07-01 14:47 - 22653670 ____A C:\Users\Ifiok Jr\Downloads\lmms-0.4.13-win32.exe
2012-07-01 14:45 - 2012-07-01 14:44 - 23490227 ____A C:\Users\Ifiok Jr\Downloads\lmms-0.4.13-win64.exe
2012-06-30 00:03 - 2012-06-30 00:02 - 04919784 ____A C:\Users\Ifiok Jr\Downloads\wordpress-3.4.1.zip
2012-06-28 20:55 - 2012-08-15 18:27 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 18:27 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 18:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 18:27 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 18:27 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 18:27 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 18:27 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 18:27 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 18:27 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 18:27 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 18:27 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 18:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 18:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 18:27 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 18:27 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 18:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 18:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 18:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 18:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 18:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 18:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 18:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 18:27 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 18:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 18:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 18:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 18:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 18:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 11:26 - 2012-06-27 11:27 - 05956062 ____A C:\Users\Ifiok Jr\Documents\Pixlromatic.air
2012-06-25 07:04 - 2012-06-25 07:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-24 08:13 - 2012-06-24 08:13 - 01071115 ____A C:\Users\Ifiok Jr\Downloads\TheStyle.zip
2012-06-24 08:12 - 2012-06-24 08:12 - 01467324 ____A C:\Users\Ifiok Jr\Downloads\TheProfessional.zip
2012-06-24 08:09 - 2012-06-24 08:09 - 01456267 ____A C:\Users\Ifiok Jr\Downloads\Glow.zip
2012-06-24 08:08 - 2012-06-24 08:08 - 03009917 ____A C:\Users\Ifiok Jr\Downloads\eBusiness.zip
2012-06-24 07:04 - 2012-06-24 07:03 - 04920516 ____A C:\Users\Ifiok Jr\Downloads\wordpress-3.4.zip
2012-06-23 08:03 - 2012-06-23 08:03 - 01524527 ____A C:\Users\Ifiok Jr\Downloads\empireofgodbackup.sql
2012-06-23 07:22 - 2012-06-23 07:22 - 00005336 ____A C:\Users\Ifiok Jr\Downloads\empireofgod.org Secure WebDisk.vbs
2012-06-21 22:38 - 2012-09-08 16:26 - 00177144 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
2012-06-21 22:38 - 2012-06-21 22:38 - 00335784 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-06-21 22:36 - 2010-05-18 08:53 - 00752672 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-06-21 22:34 - 2012-06-21 22:34 - 00169320 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-06-21 12:07 - 2012-06-21 12:07 - 07821512 ____A (Skype Technologies S.A.) C:\Users\Ifiok Jr\Downloads\SkypeClicktoCall.exe
2012-06-21 11:56 - 2012-06-21 11:56 - 00005006 ____A C:\Users\Ifiok Jr\Downloads\call_history_2012-06.csv
2012-06-21 11:56 - 2012-06-21 11:56 - 00005006 ____A C:\Users\Ifiok Jr\Downloads\call_history_2012-06 (1).csv
2012-06-15 10:54 - 2012-06-15 10:54 - 03700466 ____A C:\Users\Ifiok Jr\Downloads\Trim.zip
2012-06-15 10:54 - 2012-06-15 10:54 - 03562307 ____A C:\Users\Ifiok Jr\Downloads\Flexible (2).zip
2012-06-15 10:44 - 2012-06-15 10:44 - 01629864 ____A C:\Users\Ifiok Jr\Downloads\Notebook.zip


ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3037.21 MB
Available physical RAM: 2456.77 MB
Total Pagefile: 3035.36 MB
Available Pagefile: 2455.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:13.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:206.97 GB) (Free:23.04 GB) NTFS
3 Drive e: (SD) (Removable) (Total:15.18 GB) (Free:5.38 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 16 GB 1024 KB
Partition 2 Primary 74 GB 16 GB
Partition 0 Extended 206 GB 91 GB
Partition 3 Logical 206 GB 91 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C OS NTFS Partition 74 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D DATA NTFS Partition 206 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 4096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E SD FAT32 Removable 15 GB Healthy

==================================================================================

Last Boot: 2012-04-09 15:57

==================== End Of Log =============================

SEARCH LOG
Farbar Recovery Scan Tool (x64) Version: 11-09-2012 01
Ran by SYSTEM at 2012-09-12 07:57:50
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-09-11 07:10] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 12 September 2012 - 02:24 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ifiok Jr.

Ifiok Jr.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 12 September 2012 - 02:49 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2012 01
Ran by SYSTEM at 2012-09-12 08:43:38 Run:1
Running from E:\

==============================================

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

#14 Ifiok Jr.

Ifiok Jr.
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:38 PM

Posted 12 September 2012 - 05:57 AM

Does that mean it's fixed?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:38 PM

Posted 12 September 2012 - 07:55 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.2 MUI
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users